3.2. 使用 Operator 在 Elastic Kubernetes Service (EKS)上部署 Red Hat Developer Hub

流程

1. 在终端中运行以下命令，以创建安装 Operator 的 rhdh-operator 命名空间：

   kubectl create namespace rhdh-operator

2. 使用以下命令创建 pull secret：

   kubectl -n rhdh-operator create secret docker-registry rhdh-pull-secret \
       --docker-server=registry.redhat.io \
       --docker-username=<user_name> \ 

   1

   
       --docker-password=<password> \ 

   2

   
       --docker-email=<email> 

   3

   1

   在命令中输入您的用户名。

   2

   在命令中输入您的密码。

   3

   在命令中输入您的电子邮件地址。

   创建的 pull secret 用于从红帽生态系统中拉取 Developer Hub 镜像。

3. 创建一个 CatalogSource 资源，其中包含来自红帽生态系统的 Operator：

   cat <<EOF | kubectl -n rhdh-operator apply -f -
   apiVersion: operators.coreos.com/v1alpha1
   kind: CatalogSource
   metadata:
     name: redhat-catalog
   spec:
     sourceType: grpc
     image: registry.redhat.io/redhat/redhat-operator-index:v4.15
     secrets:
     - "rhdh-pull-secret"
     displayName: Red Hat Operators
   EOF

4. 按如下方式创建 OperatorGroup 资源：

   cat <<EOF | kubectl apply -n rhdh-operator -f -
   apiVersion: operators.coreos.com/v1
   kind: OperatorGroup
   metadata:
     name: rhdh-operator-group
   EOF

5. 使用以下代码创建 Subscription 资源：

   cat <<EOF | kubectl apply -n rhdh-operator -f -
   apiVersion: operators.coreos.com/v1alpha1
   kind: Subscription
   metadata:
     name: rhdh
     namespace: rhdh-operator
   spec:
     channel: fast
     installPlanApproval: Automatic
     name: rhdh
     source: redhat-catalog
     sourceNamespace: rhdh-operator
     startingCSV: rhdh-operator.v1.1.2
   EOF

6. 运行以下命令验证创建的 Operator 是否正在运行：

   kubectl -n rhdh-operator get pods -w

   如果 Operator pod 显示 ImagePullBackOff 状态，则您可能需要直接在 Operator 部署清单中拉取镜像。

   提示

   您可以在 deployment.spec.template.spec.imagePullSecrets 列表中包含所需的 secret 名称，并使用 kubectl get deployment -n rhdh-operator 命令验证部署名称：

   kubectl -n rhdh-operator patch deployment \
       rhdh.fast --patch '{"spec":{"template":{"spec":{"imagePullSecrets":[{"name":"rhdh-pull-secret"}]}}}}' \
       --type=merge

7. 更新 Operator 的默认配置，以确保 Developer Hub 资源可以按照以下流程在 EKS 中正确启动：

   1. 使用以下命令，编辑 rhdh-operator 命名空间中的 backstage-default-config ConfigMap：

      kubectl -n rhdh-operator edit configmap backstage-default-config

   2. 找到 db-statefulset.yaml 字符串，并将 fsGroup 添加到其 spec.template.spec.securityContext 中，如下例所示：

        db-statefulset.yaml: |
          apiVersion: apps/v1
          kind: StatefulSet
      --- TRUNCATED ---
          spec:
          --- TRUNCATED ---
            restartPolicy: Always
            securityContext:
            # You can assign any random value as fsGroup
              fsGroup: 2000
            serviceAccount: default
            serviceAccountName: default
      --- TRUNCATED ---

   3. 找到 deployment.yaml 字符串，并将 fsGroup 添加到规格中，如下例所示：

        deployment.yaml: |
          apiVersion: apps/v1
          kind: Deployment
      --- TRUNCATED ---
          spec:
            securityContext:
              # You can assign any random value as fsGroup
              fsGroup: 3000
            automountServiceAccountToken: false
      --- TRUNCATED ---

   4. 找到 service.yaml 字符串，并将 类型改为 NodePort，如下所示：

        service.yaml: |
          apiVersion: v1
          kind: Service
          spec:
           # NodePort is required for the ALB to route to the Service
            type: NodePort
      --- TRUNCATED ---

   5. 保存并退出。

      等待几分钟，直到更改自动应用到 Operator pod。

流程

1. 使用以下命令将 Operator 存储库克隆到本地机器中：

   git clone --depth=1 https://github.com/janus-idp/operator.git rhdh-operator && cd rhdh-operator

2. 运行以下命令并生成部署清单：

   make deployment-manifest

   以上命令生成一个名为 rhdh-operator-<VERSION>.yaml 的文件，该文件会被手动更新。

3. 运行以下命令在生成的部署清单中应用替换：

   sed -i "s/backstage-operator/rhdh-operator/g" rhdh-operator-*.yaml
   sed -i "s/backstage-system/rhdh-operator/g" rhdh-operator-*.yaml
   sed -i "s/backstage-controller-manager/rhdh-controller-manager/g" rhdh-operator-*.yaml

4. 在编辑器中打开生成的部署清单文件并执行以下步骤：

   1. 找到 db-statefulset.yaml 字符串，并将 fsGroup 添加到其 spec.template.spec.securityContext 中，如下例所示：

         db-statefulset.yaml: |
          apiVersion: apps/v1
          kind: StatefulSet
      --- TRUNCATED ---
          spec:
          --- TRUNCATED ---
            restartPolicy: Always
            securityContext:
              # You can assign any random value as fsGroup
              fsGroup: 2000
            serviceAccount: default
            serviceAccountName: default
      --- TRUNCATED ---

   2. 找到 deployment.yaml 字符串，并将 fsGroup 添加到规格中，如下例所示：

        deployment.yaml: |
          apiVersion: apps/v1
          kind: Deployment
      --- TRUNCATED ---
          spec:
            securityContext:
              # You can assign any random value as fsGroup
              fsGroup: 3000
            automountServiceAccountToken: false
      --- TRUNCATED ---

   3. 找到 service.yaml 字符串，并将 类型改为 NodePort，如下所示：

        service.yaml: |
          apiVersion: v1
          kind: Service
          spec:
            # NodePort is required for the ALB to route to the Service
            type: NodePort
      --- TRUNCATED ---

   4. 将默认镜像替换为红帽生态系统中拉取的镜像：

      sed -i "s#gcr.io/kubebuilder/kube-rbac-proxy:.*#registry.redhat.io/openshift4/ose-kube-rbac-proxy:v4.15#g" rhdh-operator-*.yaml
      
      sed -i "s#quay.io/janus-idp/operator:.*#registry.redhat.io/rhdh/rhdh-rhel9-operator:1.1#g" rhdh-operator-*.yaml
      
      sed -i "s#quay.io/janus-idp/backstage-showcase:.*#registry.redhat.io/rhdh/rhdh-hub-rhel9:1.1#g" rhdh-operator-*.yaml
      
      sed -i "s#quay.io/fedora/postgresql-15:.*#registry.redhat.io/rhel9/postgresql-15:latest#g" rhdh-operator-*.yaml

5. 将镜像 pull secret 添加到 Deployment 资源中的清单中，如下所示：

   --- TRUNCATED ---
   
   apiVersion: apps/v1
   kind: Deployment
   metadata:
     labels:
       app.kubernetes.io/component: manager
       app.kubernetes.io/created-by: rhdh-operator
       app.kubernetes.io/instance: controller-manager
       app.kubernetes.io/managed-by: kustomize
       app.kubernetes.io/name: deployment
       app.kubernetes.io/part-of: rhdh-operator
       control-plane: controller-manager
     name: rhdh-controller-manager
     namespace: rhdh-operator
   spec:
     replicas: 1
     selector:
       matchLabels:
         control-plane: controller-manager
     template:
       metadata:
         annotations:
           kubectl.kubernetes.io/default-container: manager
         labels:
           control-plane: controller-manager
       spec:
         imagePullSecrets:
           - name: rhdh-pull-secret
   --- TRUNCATED ---

6. 使用以下命令应用清单来部署 Operator：

   kubectl apply -f rhdh-operator-VERSION.yaml

7. 运行以下命令验证 Operator 是否正在运行：

   kubectl -n rhdh-operator get pods -w

流程

1. 使用以下模板，创建一个名为 app-config-rhdh 的 ConfigMap，其中包含 Developer Hub 配置：

   apiVersion: v1
   kind: ConfigMap
   metadata:
     name: app-config-rhdh
   data:
     "app-config-rhdh.yaml": |
       app:
         title: Red Hat Developer Hub
         baseUrl: https://<rhdh_dns_name>
       backend:
         auth:
           keys:
             - secret: "${BACKEND_SECRET}"
         baseUrl: https://<rhdh_dns_name>
         cors:
           origin: https://<rhdh_dns_name>

2. 创建名为 secrets-rhdh 的 Secret，并添加名为 BACKEND_SECRET 的键，其值为 Base64 编码的字符串 ：

   apiVersion: v1
   kind: Secret
   metadata:
     name: secrets-rhdh
   stringData:
     # TODO: See https://backstage.io/docs/auth/service-to-service-auth/#setup
     BACKEND_SECRET: "xxx"

   重要

   确保您为每个 Developer Hub 实例使用 BACKEND_SECRET 的唯一值。

   您可以使用以下命令生成密钥：

   node-p'require("crypto").randomBytes(24).toString("base64")'

3. 要启用从红帽生态系统目录中拉取 PostgreSQL 镜像，请在部署 Developer Hub 实例的命名空间中将镜像 pull secret 添加到 default 服务帐户中：

   kubectl patch serviceaccount default \
       -p '{"imagePullSecrets": [{"name": "rhdh-pull-secret"}]}' \
       -n <your_namespace>

4. 使用以下模板创建自定义资源文件：

   apiVersion: rhdh.redhat.com/v1alpha1
   kind: Backstage
   metadata:
    # TODO: this the name of your Developer Hub instance
     name: my-rhdh
   spec:
     application:
       imagePullSecrets:
       - "rhdh-pull-secret"
       route:
         enabled: false
       appConfig:
         configMaps:
           - name: "app-config-rhdh"
       extraEnvs:
         secrets:
           - name: "secrets-rhdh"

5. 使用以下模板创建 Ingress 资源，确保根据需要自定义名称：

   apiVersion: networking.k8s.io/v1
   kind: Ingress
   metadata:
     # TODO: this the name of your Developer Hub Ingress
     name: my-rhdh
     annotations:
       alb.ingress.kubernetes.io/scheme: internet-facing
   
       alb.ingress.kubernetes.io/target-type: ip
   
       # TODO: Using an ALB HTTPS Listener requires a certificate for your own domain. Fill in the ARN of your certificate, e.g.:
       alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-xxx:xxxx:certificate/xxxxxx
   
        alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS":443}]'
   
       alb.ingress.kubernetes.io/ssl-redirect: '443'
   
       # TODO: Set your application domain name.
       external-dns.alpha.kubernetes.io/hostname: <rhdh_dns_name>
   
   spec:
     ingressClassName: alb
     rules:
       # TODO: Set your application domain name.
       - host: <rhdh_dns_name>
         http:
           paths:
           - path: /
             pathType: Prefix
             backend:
               service:
                 # TODO: my-rhdh is the name of your Backstage Custom Resource.
                 # Adjust if you changed it!
                 name: backstage-my-rhdh
                 port:
                   name: http-backend

   在前面的模板中，将 ' <rhdh_dns_name>' 替换为您的 Developer Hub 域名，并将 alb.ingress.kubernetes.io/certificate-arn 的值更新为您的证书 ARN。