diff --git a/content/deploy/backstage/create-client-0.png b/content/deploy/backstage/create-client-0.png new file mode 100644 index 00000000..030a6016 Binary files /dev/null and b/content/deploy/backstage/create-client-0.png differ diff --git a/content/deploy/backstage/create-client-1.png b/content/deploy/backstage/create-client-1.png new file mode 100644 index 00000000..11f15e95 Binary files /dev/null and b/content/deploy/backstage/create-client-1.png differ diff --git a/content/deploy/backstage/create-client-2.png b/content/deploy/backstage/create-client-2.png new file mode 100644 index 00000000..633d764f Binary files /dev/null and b/content/deploy/backstage/create-client-2.png differ diff --git a/content/deploy/backstage/index.md b/content/deploy/backstage/index.md new file mode 100644 index 00000000..59d741e1 --- /dev/null +++ b/content/deploy/backstage/index.md @@ -0,0 +1,97 @@ +--- +title: Red Hat Developer Hub +linktitle: Red Hat Developer Hub +description: Red Hat Developer Hub +tags: ['backstage','Red Hat Developer Hub'] +--- + +# Red Hat Developer Hub aka Backstage + + + + + - args: + - --provider=oidc + - --email-domain=* + - --upstream=http://localhost:7007 + - --http-address=0.0.0.0:4180 + - --skip-provider-button + - --insecure-oidc-allow-unverified-email=true + env: + - name: OAUTH2_PROXY_CLIENT_ID + valueFrom: + secretKeyRef: + key: CLIENT_ID + name: keycloak-client-secret-backstage + - name: OAUTH2_PROXY_CLIENT_SECRET + valueFrom: + secretKeyRef: + key: CLIENT_SECRET + name: keycloak-client-secret-backstage + - name: OAUTH2_PROXY_COOKIE_SECRET + value: bmpvaGV3cXBhbmVvYWJ1Z2ZiYWpoZXh3aWphYmR0b3g= + - name: OAUTH2_PROXY_OIDC_ISSUER_URL + value: https://sso.coe.muc.redhat.com/auth/realms/coe-sso + - name: OAUTH2_PROXY_SSL_INSECURE_SKIP_VERIFY + value: "true" + + + +![create-client-0.png](create-client-0.png) + +Client ID redhat-developer-hub + +![create-client-1.png](create-client-1.png) + +![create-client-2.png](create-client-2.png) + +Valid redirect URIs : https://developer-hub-redhat-developer-hub.apps.isar.coe.muc.redhat.com/oauth2/callback +Web origins : https://developer-hub-redhat-developer-hub.apps.isar.coe.muc.redhat.com/ + +-> Credentials + Client Secret: Xyt8GaEQwyudjfnJgdzJpSWT19whszHd + + +oc create secret generic rh-developer-hub-sso \ + --from-literal=CLIENT_ID=redhat-developer-hub \ + --from-literal=CLIENT_SECRET=Xyt8GaEQwyudjfnJgdzJpSWT19whszHd + + + signInPage: oauth2Proxy + auth: + environment: production + providers: + oauth2Proxy: {} + + + +Prakisch: + +helm get values -a developer-hub | yq -o props +https://www.baeldung.com/ops/kubernetes-update-helm-values + +# ToDo +- [ ] Service anpassen +cat values.yaml + +https://stackoverflow.com/questions/48927233/updating-kubernetes-helm-values + +https://github.com/rhdh-bot/openshift-helm-charts/tree/rhdh-1-rhel-9/charts/redhat/redhat/developer-hub/1.1-59-CI + +https://keycloak-backstage.apps.cluster-cqf2k.sandbox2351.opentlc.com/auth/realms/backstage/.well-known/openid-configuration + + + + +oc create -f - < response.text()) + .then((body) => { + console.log(body); + }); + diff --git a/content/deploy/backstage/node/package.json b/content/deploy/backstage/node/package.json new file mode 100644 index 00000000..a7668a48 --- /dev/null +++ b/content/deploy/backstage/node/package.json @@ -0,0 +1,11 @@ +{ + "name": "node", + "version": "1.0.0", + "description": "", + "main": "index.js", + "scripts": { + "test": "echo \"Error: no test specified\" && exit 1" + }, + "author": "", + "license": "ISC" +} diff --git a/content/deploy/backstage/svc b/content/deploy/backstage/svc new file mode 100644 index 00000000..7b61c46b --- /dev/null +++ b/content/deploy/backstage/svc @@ -0,0 +1,30 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: + meta.helm.sh/release-name: developer-hub + meta.helm.sh/release-namespace: redhat-developer-hub + labels: + app.kubernetes.io/component: backstage + app.kubernetes.io/instance: developer-hub + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: developer-hub + helm.sh/chart: upstream-1.8.0 + name: developer-hub-a + namespace: redhat-developer-hub +spec: + internalTrafficPolicy: Cluster + ipFamilies: + - IPv4 + ipFamilyPolicy: SingleStack + ports: + - name: oauth2-proxy + port: 4180 + protocol: TCP + targetPort: oauth2-proxy + selector: + app.kubernetes.io/component: backstage + app.kubernetes.io/instance: developer-hub + app.kubernetes.io/name: developer-hub + sessionAffinity: None + type: ClusterIP diff --git a/content/deploy/backstage/values.yaml b/content/deploy/backstage/values.yaml new file mode 100644 index 00000000..e311b085 --- /dev/null +++ b/content/deploy/backstage/values.yaml @@ -0,0 +1,51 @@ +global: + auth: + backend: + enabled: true + clusterRouterBase: apps.isar.coe.muc.redhat.com + dynamic: + includes: + - dynamic-plugins.default.yaml + +upstream: + appConfig: + auth: + environment: production + providers: + oauth2Proxy: {} + backstage: + extraContainers: + - args: + - --provider=oidc + - --email-domain=* + - --upstream=http://localhost:7007 + - --http-address=0.0.0.0:4180 + - --skip-provider-button + - --insecure-oidc-allow-unverified-email=true + env: + - name: OAUTH2_PROXY_CLIENT_ID + valueFrom: + secretKeyRef: + key: CLIENT_ID + name: rh-developer-hub-sso + - name: OAUTH2_PROXY_CLIENT_SECRET + valueFrom: + secretKeyRef: + key: CLIENT_SECRET + name: rh-developer-hub-sso + - name: OAUTH2_PROXY_COOKIE_SECRET + value: f1Xw225KFsCK90Wwf8fDyQ== + - name: OAUTH2_PROXY_OIDC_ISSUER_URL + value: https://sso.coe.muc.redhat.com/realms/coe-sso + - name: OAUTH2_PROXY_SSL_INSECURE_SKIP_VERIFY + value: "true" + image: quay.io/oauth2-proxy/oauth2-proxy:latest + imagePullPolicy: IfNotPresent + name: oauth2-proxy + ports: + - containerPort: 4180 + name: oauth2-proxy + protocol: TCP + resources: {} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File