红帽全球峰会在 Amazon Elastic Kubernetes Service 上安装 Red Hat Developer Hub
Red Hat Developer Hub 1.5
使用 Operator 或 Helm chart 在 Amazon Elastic Kubernetes Service (EKS)上运行 Red Hat Developer Hub
摘要
平台管理员可以配置角色、权限和其他设置,以使其他授权用户能够使用 Operator 或 Helm Chart 在 Amazon Elastic Kubernetes Service (EKS)上部署 Developer Hub 实例。
前言
您可以使用以下方法之一在 Amazon Elastic Kubernetes Service (EKS)上安装 Red Hat Developer Hub:
- Red Hat Developer Hub Operator
- Red Hat Developer Hub Helm chart
第 1 章 使用 Operator 在 EKS 上安装 Developer Hub
Red Hat Developer Hub Operator 安装需要 Operator Lifecycle Manager (OLM)框架。
其他资源
- 有关 OLM 的详情,请参考 Operator Lifecycle Manager (OLM) 文档。
1.1. 使用 OLM 框架安装 Developer Hub Operator
您可以使用 Operator Lifecycle Manager (OLM)框架在 EKS 上安装 Developer Hub Operator。之后,您可以继续在 EKS 中部署 Developer Hub 实例。
先决条件
-
在当前
kubeconfig中将上下文设置为 EKS 集群。如需更多信息,请参阅为 Amazon EKS 集群创建或更新 kubeconfig 文件。 -
已安装
kubectl。如需更多信息,请参阅 安装或更新 kubectl。 -
您已订阅了
registry.redhat.io。如需更多信息,请参阅 Red Hat Container Registry 身份验证。 - 已安装 Operator Lifecycle Manager (OLM)。有关安装和故障排除的更多信息,请参阅 OLM QuickStart 或 How do I get Operator Lifecycle Manager?
流程
在终端中运行以下命令,以创建安装 Operator 的
rhdh-operator命名空间:kubectl create namespace rhdh-operator
kubectl create namespace rhdh-operatorCopy to Clipboard Copied! 使用以下命令创建 pull secret:
kubectl -n rhdh-operator create secret docker-registry rhdh-pull-secret \ --docker-server=registry.redhat.io \ --docker-username=<user_name> \ --docker-password=<password> \ --docker-email=<email>kubectl -n rhdh-operator create secret docker-registry rhdh-pull-secret \ --docker-server=registry.redhat.io \ --docker-username=<user_name> \1 --docker-password=<password> \2 --docker-email=<email>3 Copy to Clipboard Copied! 创建的 pull secret 用于从红帽生态系统中拉取 Developer Hub 镜像。
创建一个包含红帽生态系统中的 Operator 的
CatalogSource资源:cat <<EOF | kubectl -n rhdh-operator apply -f - apiVersion: operators.coreos.com/v1alpha1 kind: CatalogSource metadata: name: redhat-catalog spec: sourceType: grpc image: registry.redhat.io/redhat/redhat-operator-index:v4.18 secrets: - "rhdh-pull-secret" displayName: Red Hat Operators EOF
cat <<EOF | kubectl -n rhdh-operator apply -f - apiVersion: operators.coreos.com/v1alpha1 kind: CatalogSource metadata: name: redhat-catalog spec: sourceType: grpc image: registry.redhat.io/redhat/redhat-operator-index:v4.18 secrets: - "rhdh-pull-secret" displayName: Red Hat Operators EOFCopy to Clipboard Copied! 按如下所示创建
OperatorGroup资源:cat <<EOF | kubectl apply -n rhdh-operator -f - apiVersion: operators.coreos.com/v1 kind: OperatorGroup metadata: name: rhdh-operator-group EOF
cat <<EOF | kubectl apply -n rhdh-operator -f - apiVersion: operators.coreos.com/v1 kind: OperatorGroup metadata: name: rhdh-operator-group EOFCopy to Clipboard Copied! 使用以下代码创建
Subscription资源:cat <<EOF | kubectl apply -n rhdh-operator -f - apiVersion: operators.coreos.com/v1alpha1 kind: Subscription metadata: name: rhdh namespace: rhdh-operator spec: channel: fast installPlanApproval: Automatic name: rhdh source: redhat-catalog sourceNamespace: rhdh-operator startingCSV: rhdh-operator.v1.5.2 EOF
cat <<EOF | kubectl apply -n rhdh-operator -f - apiVersion: operators.coreos.com/v1alpha1 kind: Subscription metadata: name: rhdh namespace: rhdh-operator spec: channel: fast installPlanApproval: Automatic name: rhdh source: redhat-catalog sourceNamespace: rhdh-operator startingCSV: rhdh-operator.v1.5.2 EOFCopy to Clipboard Copied! 运行以下命令,以验证创建的 Operator 是否正在运行:
kubectl -n rhdh-operator get pods -w
kubectl -n rhdh-operator get pods -wCopy to Clipboard Copied! 如果 Operator pod 显示
ImagePullBackOff状态,则可能需要权限直接在 Operator 部署清单中拉取镜像。提示您可以在
deployment.spec.template.spec.imagePullSecrets列表中包括所需的 secret 名称,并使用kubectl get deployment -n rhdh-operator命令验证部署名称:kubectl -n rhdh-operator patch deployment \ rhdh.fast --patch '{"spec":{"template":{"spec":{"imagePullSecrets":[{"name":"rhdh-pull-secret"}]}}}}' \ --type=mergekubectl -n rhdh-operator patch deployment \ rhdh.fast --patch '{"spec":{"template":{"spec":{"imagePullSecrets":[{"name":"rhdh-pull-secret"}]}}}}' \ --type=mergeCopy to Clipboard Copied!
1.2. 使用 Operator 在 EKS 上部署 Developer Hub 实例
先决条件
- 集群管理员已安装了 Red Hat Developer Hub Operator。
- 已安装带有 AWS Application Load Balancer (ALB)附加组件的 EKS 集群。如需更多信息,请参阅 Amazon Elastic Kubernetes Service 上的应用程序负载均衡 和 安装 AWS Load Balancer Controller 附加组件。
- 您已为 Developer Hub 实例配置了域名。域名可以是 Route 53 上的托管区条目,也可以在 AWS 之外管理。如需更多信息,请参阅 将 Amazon Route 53 配置为您的 DNS 服务 文档。
- 您在 AWS 证书管理器(ACM)中有一个条目,用于您首选的域名。确保保留证书 ARN 的记录。
-
您已订阅了
registry.redhat.io。如需更多信息,请参阅 Red Hat Container Registry 身份验证。 -
在当前
kubeconfig中将上下文设置为 EKS 集群。如需更多信息,请参阅为 Amazon EKS 集群创建或更新 kubeconfig 文件。 -
已安装
kubectl。如需更多信息,请参阅 安装或更新 kubectl。
流程
使用以下模板创建一个包含
app-config.yamlDeveloper Hub 配置文件的my-rhdh-app-config配置映射:apiVersion: v1 kind: ConfigMap metadata: name: my-rhdh-app-config data: "app-config.yaml": | app: title: Red Hat Developer Hub baseUrl: https://<rhdh_dns_name> backend: auth: externalAccess: - type: legacy options: subject: legacy-default-config secret: "${BACKEND_SECRET}" baseUrl: https://<rhdh_dns_name> cors: origin: https://<rhdh_dns_name>apiVersion: v1 kind: ConfigMap metadata: name: my-rhdh-app-config data: "app-config.yaml": | app: title: Red Hat Developer Hub baseUrl: https://<rhdh_dns_name> backend: auth: externalAccess: - type: legacy options: subject: legacy-default-config secret: "${BACKEND_SECRET}" baseUrl: https://<rhdh_dns_name> cors: origin: https://<rhdh_dns_name>Copy to Clipboard Copied! 创建一个 Red Hat Developer Hub secret,并添加名为
BACKEND_SECRET的键,其带有Base64 编码的字符串作为值:apiVersion: v1 kind: Secret metadata: name: <my_product_secrets> stringData: # TODO: See https://backstage.io/docs/auth/service-to-service-auth/#setup BACKEND_SECRET: "xxx"
apiVersion: v1 kind: Secret metadata: name: <my_product_secrets>1 stringData: # TODO: See https://backstage.io/docs/auth/service-to-service-auth/#setup BACKEND_SECRET: "xxx"Copy to Clipboard Copied! - 1
<my_product_secrets> 是您首选的 Developer Hub secret 名称,其中 <my_product_secrets> 指定 Developer Hub 中 secret 配置的唯一标识符。
重要确保为每个 Developer Hub 实例使用唯一的
BACKEND_SECRET值。您可以使用以下命令生成密钥:
node-p'require("crypto").randomBytes(24).toString("base64")'node-p'require("crypto").randomBytes(24).toString("base64")'Copy to Clipboard Copied! 要启用从 Red Hat Ecosystem Catalog 拉取 PostgreSQL 镜像,请在部署 Developer Hub 实例的命名空间中的 default 服务帐户中添加镜像 pull secret:
kubectl patch serviceaccount default \ -p '{"imagePullSecrets": [{"name": "rhdh-pull-secret"}]}' \ -n <your_namespace>kubectl patch serviceaccount default \ -p '{"imagePullSecrets": [{"name": "rhdh-pull-secret"}]}' \ -n <your_namespace>Copy to Clipboard Copied! 使用以下模板创建
Backstage自定义资源:apiVersion: rhdh.redhat.com/v1alpha3 kind: Backstage metadata: # TODO: this the name of your Developer Hub instance name: my-rhdh spec: application: imagePullSecrets: - "rhdh-pull-secret" route: enabled: false appConfig: configMaps: - name: my-rhdh-app-config extraEnvs: secrets: - name: <my_product_secrets>apiVersion: rhdh.redhat.com/v1alpha3 kind: Backstage metadata: # TODO: this the name of your Developer Hub instance name: my-rhdh spec: application: imagePullSecrets: - "rhdh-pull-secret" route: enabled: false appConfig: configMaps: - name: my-rhdh-app-config extraEnvs: secrets: - name: <my_product_secrets>1 Copy to Clipboard Copied! - 1
<my_product_secrets> 是您首选的 Developer Hub secret 名称,其中 <my_product_secrets> 指定 Developer Hub 中 secret 配置的标识符。
使用以下模板创建 Ingress 资源,确保根据需要自定义名称:
apiVersion: networking.k8s.io/v1 kind: Ingress metadata: # TODO: this the name of your Developer Hub Ingress name: my-rhdh annotations: alb.ingress.kubernetes.io/scheme: internet-facing alb.ingress.kubernetes.io/target-type: ip # TODO: Using an ALB HTTPS Listener requires a certificate for your own domain. Fill in the ARN of your certificate, e.g.: alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-xxx:xxxx:certificate/xxxxxx alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS":443}]' alb.ingress.kubernetes.io/ssl-redirect: '443' # TODO: Set your application domain name. external-dns.alpha.kubernetes.io/hostname: <rhdh_dns_name> spec: ingressClassName: alb rules: # TODO: Set your application domain name. - host: <rhdh_dns_name> http: paths: - path: / pathType: Prefix backend: service: # TODO: my-rhdh is the name of your `Backstage` custom resource. # Adjust if you changed it! name: backstage-my-rhdh port: name: http-backendapiVersion: networking.k8s.io/v1 kind: Ingress metadata: # TODO: this the name of your Developer Hub Ingress name: my-rhdh annotations: alb.ingress.kubernetes.io/scheme: internet-facing alb.ingress.kubernetes.io/target-type: ip # TODO: Using an ALB HTTPS Listener requires a certificate for your own domain. Fill in the ARN of your certificate, e.g.: alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-xxx:xxxx:certificate/xxxxxx alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS":443}]' alb.ingress.kubernetes.io/ssl-redirect: '443' # TODO: Set your application domain name. external-dns.alpha.kubernetes.io/hostname: <rhdh_dns_name> spec: ingressClassName: alb rules: # TODO: Set your application domain name. - host: <rhdh_dns_name> http: paths: - path: / pathType: Prefix backend: service: # TODO: my-rhdh is the name of your `Backstage` custom resource. # Adjust if you changed it! name: backstage-my-rhdh port: name: http-backendCopy to Clipboard Copied! 在前面的模板中,将 ' <rhdh_dns_name>' 替换为您的 Developer Hub 域名,并将
alb.ingress.kubernetes.io/certificate-arn的值替换为您的证书 ARN。
验证
等待 DNS 名称响应,这表示您的 Developer Hub 实例已准备就绪。
第 2 章 使用 Helm Chart 在 EKS 上安装 Developer Hub
当您在 Elastic Kubernetes Service (EKS)中安装 Developer Hub Helm Chart 时,它会编配 Developer Hub 实例的部署,它在 AWS 生态系统中提供了强大的开发人员平台。
先决条件
- 已安装带有 AWS Application Load Balancer (ALB)附加组件的 EKS 集群。如需更多信息,请参阅 Amazon Developer Hub 上的应用程序负载均衡 和 安装 AWS Load Balancer Controller 附加组件。
- 您已为 Developer Hub 实例配置了域名。域名可以是 Route 53 上的托管区条目,也可以在 AWS 之外管理。如需更多信息,请参阅 将 Amazon Route 53 配置为您的 DNS 服务 文档。
- 您在 AWS 证书管理器(ACM)中有一个条目,用于您首选的域名。确保保留证书 ARN 的记录。
-
您已订阅了
registry.redhat.io。如需更多信息,请参阅 Red Hat Container Registry 身份验证。 -
在当前
kubeconfig中将上下文设置为 EKS 集群。如需更多信息,请参阅为 Amazon EKS 集群创建或更新 kubeconfig 文件。 -
已安装
kubectl。如需更多信息,请参阅 安装或更新 kubectl。 - 已安装 Helm 3 或最新的。如需更多信息,请参阅在 Amazon EKS 中使用 Helm。
流程
进入终端并运行以下命令,将包含 Developer Hub chart 的 Helm Chart 仓库添加到本地 Helm registry 中:
helm repo add openshift-helm-charts https://charts.openshift.io/
helm repo add openshift-helm-charts https://charts.openshift.io/Copy to Clipboard Copied! 使用以下命令创建 pull secret:
kubectl create secret docker-registry rhdh-pull-secret \ --docker-server=registry.redhat.io \ --docker-username=<user_name> \ --docker-password=<password> \ --docker-email=<email>kubectl create secret docker-registry rhdh-pull-secret \ --docker-server=registry.redhat.io \ --docker-username=<user_name> \1 --docker-password=<password> \2 --docker-email=<email>3 Copy to Clipboard Copied! 创建的 pull secret 用于从红帽生态系统中拉取 Developer Hub 镜像。
使用以下模板创建一个名为
values.yaml的文件:global: # TODO: Set your application domain name. host: <your Developer Hub domain name> route: enabled: false upstream: service: # NodePort is required for the ALB to route to the Service type: NodePort ingress: enabled: true annotations: kubernetes.io/ingress.class: alb alb.ingress.kubernetes.io/scheme: internet-facing # TODO: Using an ALB HTTPS Listener requires a certificate for your own domain. Fill in the ARN of your certificate, e.g.: alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:xxx:xxxx:certificate/xxxxxx alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS":443}]' alb.ingress.kubernetes.io/ssl-redirect: '443' # TODO: Set your application domain name. external-dns.alpha.kubernetes.io/hostname: <your rhdh domain name> backstage: image: pullSecrets: - rhdh-pull-secret podSecurityContext: # you can assign any random value as fsGroup fsGroup: 2000 postgresql: image: pullSecrets: - rhdh-pull-secret primary: podSecurityContext: enabled: true # you can assign any random value as fsGroup fsGroup: 3000 volumePermissions: enabled: trueglobal: # TODO: Set your application domain name. host: <your Developer Hub domain name> route: enabled: false upstream: service: # NodePort is required for the ALB to route to the Service type: NodePort ingress: enabled: true annotations: kubernetes.io/ingress.class: alb alb.ingress.kubernetes.io/scheme: internet-facing # TODO: Using an ALB HTTPS Listener requires a certificate for your own domain. Fill in the ARN of your certificate, e.g.: alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:xxx:xxxx:certificate/xxxxxx alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS":443}]' alb.ingress.kubernetes.io/ssl-redirect: '443' # TODO: Set your application domain name. external-dns.alpha.kubernetes.io/hostname: <your rhdh domain name> backstage: image: pullSecrets: - rhdh-pull-secret podSecurityContext: # you can assign any random value as fsGroup fsGroup: 2000 postgresql: image: pullSecrets: - rhdh-pull-secret primary: podSecurityContext: enabled: true # you can assign any random value as fsGroup fsGroup: 3000 volumePermissions: enabled: trueCopy to Clipboard Copied! 在终端中运行以下命令,以使用最新版本的 Helm Chart 并使用上一步中创建的 values.yaml 文件部署 Developer Hub:
helm install rhdh \ openshift-helm-charts/redhat-developer-hub \ [--version 1.5.2] \ --values /path/to/values.yaml
helm install rhdh \ openshift-helm-charts/redhat-developer-hub \ [--version 1.5.2] \ --values /path/to/values.yamlCopy to Clipboard Copied!
注意
验证
等待 DNS 名称响应,这表示您的 Developer Hub 实例已准备就绪。
法律通告
Copyright © 2025 Red Hat, Inc.
The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available at http://creativecommons.org/licenses/by-sa/3.0/. In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you must provide the URL for the original version.
Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law.
Red Hat, Red Hat Enterprise Linux, the Shadowman logo, the Red Hat logo, JBoss, OpenShift, Fedora, the Infinity logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries.
Linux® is the registered trademark of Linus Torvalds in the United States and other countries.
Java® is a registered trademark of Oracle and/or its affiliates.
XFS® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United States and/or other countries.
MySQL® is a registered trademark of MySQL AB in the United States, the European Union and other countries.
Node.js® is an official trademark of Joyent. Red Hat is not formally related to or endorsed by the official Joyent Node.js open source or commercial project.
The OpenStack® Word Mark and OpenStack logo are either registered trademarks/service marks or trademarks/service marks of the OpenStack Foundation, in the United States and other countries and are used with the OpenStack Foundation's permission. We are not affiliated with, endorsed or sponsored by the OpenStack Foundation, or the OpenStack community.
All other trademarks are the property of their respective owners.
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}