Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add backstage information #49

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Binary file added content/deploy/backstage/create-client-0.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added content/deploy/backstage/create-client-1.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added content/deploy/backstage/create-client-2.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
97 changes: 97 additions & 0 deletions content/deploy/backstage/index.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,97 @@
---
title: Red Hat Developer Hub
linktitle: Red Hat Developer Hub
description: Red Hat Developer Hub
tags: ['backstage','Red Hat Developer Hub']
---

# Red Hat Developer Hub aka Backstage




- args:
- --provider=oidc
- --email-domain=*
- --upstream=http://localhost:7007
- --http-address=0.0.0.0:4180
- --skip-provider-button
- --insecure-oidc-allow-unverified-email=true
env:
- name: OAUTH2_PROXY_CLIENT_ID
valueFrom:
secretKeyRef:
key: CLIENT_ID
name: keycloak-client-secret-backstage
- name: OAUTH2_PROXY_CLIENT_SECRET
valueFrom:
secretKeyRef:
key: CLIENT_SECRET
name: keycloak-client-secret-backstage
- name: OAUTH2_PROXY_COOKIE_SECRET
value: bmpvaGV3cXBhbmVvYWJ1Z2ZiYWpoZXh3aWphYmR0b3g=
- name: OAUTH2_PROXY_OIDC_ISSUER_URL
value: https://sso.coe.muc.redhat.com/auth/realms/coe-sso
- name: OAUTH2_PROXY_SSL_INSECURE_SKIP_VERIFY
value: "true"



![create-client-0.png](create-client-0.png)

Client ID redhat-developer-hub

![create-client-1.png](create-client-1.png)

![create-client-2.png](create-client-2.png)

Valid redirect URIs : https://developer-hub-redhat-developer-hub.apps.isar.coe.muc.redhat.com/oauth2/callback
Web origins : https://developer-hub-redhat-developer-hub.apps.isar.coe.muc.redhat.com/

-> Credentials
Client Secret: Xyt8GaEQwyudjfnJgdzJpSWT19whszHd


oc create secret generic rh-developer-hub-sso \
--from-literal=CLIENT_ID=redhat-developer-hub \
--from-literal=CLIENT_SECRET=Xyt8GaEQwyudjfnJgdzJpSWT19whszHd


signInPage: oauth2Proxy
auth:
environment: production
providers:
oauth2Proxy: {}



Prakisch:

helm get values -a developer-hub | yq -o props
https://www.baeldung.com/ops/kubernetes-update-helm-values

# ToDo
- [ ] Service anpassen
cat values.yaml

https://stackoverflow.com/questions/48927233/updating-kubernetes-helm-values

https://github.com/rhdh-bot/openshift-helm-charts/tree/rhdh-1-rhel-9/charts/redhat/redhat/developer-hub/1.1-59-CI

https://keycloak-backstage.apps.cluster-cqf2k.sandbox2351.opentlc.com/auth/realms/backstage/.well-known/openid-configuration




oc create -f - <<EOF
apiVersion: v1
kind: ConfigMap
metadata:
labels:
config.openshift.io/inject-trusted-cabundle: "true"
name: trusted-ca
EOF

export NODE_EXTRA_CA_CERTS=/ca/ca-bundle.crt


123 changes: 123 additions & 0 deletions content/deploy/backstage/node/ca.crt
Original file line number Diff line number Diff line change
@@ -0,0 +1,123 @@
# https://source.redhat.com/groups/public/identity-access-management/identity__access_management_wiki/red_hat_root_cas_certificate_authorities
# https://certs.corp.redhat.com/

# subject=C = US, ST = North Carolina, L = Raleigh, O = "Red Hat, Inc.", OU = Red Hat IT, CN = Internal Root CA, emailAddress = infosec@redhat.com
# issuer=C = US, ST = North Carolina, L = Raleigh, O = "Red Hat, Inc.", OU = Red Hat IT, CN = Internal Root CA, emailAddress = infosec@redhat.com
# 2022-IT-Root-CA.pem
-----BEGIN CERTIFICATE-----
MIIGXjCCBEagAwIBAgIEeIXl3TANBgkqhkiG9w0BAQwFADCBozELMAkGA1UEBhMC
VVMxFzAVBgNVBAgMDk5vcnRoIENhcm9saW5hMRAwDgYDVQQHDAdSYWxlaWdoMRYw
FAYDVQQKDA1SZWQgSGF0LCBJbmMuMRMwEQYDVQQLDApSZWQgSGF0IElUMRkwFwYD
VQQDDBBJbnRlcm5hbCBSb290IENBMSEwHwYJKoZIhvcNAQkBFhJpbmZvc2VjQHJl
ZGhhdC5jb20wIBcNMjIwNDEwMTMxNzE4WhgPMjA1MjA0MDIxMzE3MThaMIGjMQsw
CQYDVQQGEwJVUzEXMBUGA1UECAwOTm9ydGggQ2Fyb2xpbmExEDAOBgNVBAcMB1Jh
bGVpZ2gxFjAUBgNVBAoMDVJlZCBIYXQsIEluYy4xEzARBgNVBAsMClJlZCBIYXQg
SVQxGTAXBgNVBAMMEEludGVybmFsIFJvb3QgQ0ExITAfBgkqhkiG9w0BCQEWEmlu
Zm9zZWNAcmVkaGF0LmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB
ALG6WgRWCXNZdn0UUVQ5JV2lEgHaNblgGnCAx6bZ89l5Ygi+tVDo8v1c16cM5e4E
dtKEP88CnGL+6NJnI4iMuw2HtYM77Q2qmR9PIH3BRgCHHcZMgZjvlFKjJnLXIptk
NMq/6tJ+6L0iWy0AzPovc5AtkRL3MBgrwgKINTBN41nuq4Dqp/QpqbYvK4Fz9uUE
jtYUs4YZZjXfk/U5RcmCclSwyGdgxOC9lDInY/t4tCmJHxM6vlkjoJhqmLIbrgue
Sv+uwAuNLGhSjT1hqLUJU7rpUUn9eAw23ebNC0sMw9eIpS7CwGyC+jhC8uORdgiK
L79hDJBrKmwpy0byZ58qRNPWREMqPgs11NFGB3m1yj5vj47/i6m3yYizHX61t0ws
0YTPcmp3SyPwWXhHO6z5b56fNeYx9kfzpfptTm0y+564V3ktX4z1fOWKxxoRAwoR
DsILvaV2s4rYrXYaNvtu7x0qr5pKU25Yr4bPU29vBiloIFinQmivK8cSrmOsIs+V
OS4lDcdpoB/7gtoGbyej3ErZVsN/qX/se1vkjkucABmLT/lPMfTs2Eegh4xKZMQR
rTuL+LmVuEzapvHql8u6SDbgcsIpN2LgWjr8mo9Yfr/d4jnk2yhZKagN1OIuDi/U
b+uBRWvY3oXfoZNgwaqIhO+93hCbeL1c5NC+zHxEnHglAgMBAAGjgZUwgZIwHQYD
VR0OBBYEFLX6jeUKeKEJldtNIYaVallPSciLMB8GA1UdIwQYMBaAFLX6jeUKeKEJ
ldtNIYaVallPSciLMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMC8G
A1UdHwQoMCYwJKAioCCGHmh0dHA6Ly9vc2NwLnJlZGhhdC5jb20vY3JsLnBlbTAN
BgkqhkiG9w0BAQwFAAOCAgEAr4RGb1FvUb0kqCbwNlEUwC0vqcdG/uJA38UL4vNa
RgrUZOz8LlE1UywZacvLxpYY5G6duJgB6X6NxN98PV8ei5eYRp5pEyUXIaAl0vvT
WQ+mr+nizbGCeRjnk1rAI9s9P/ho/uRq06l9upEJvgIotOb9+KY1ljBxstl00Egb
4B+gjR6wDHwaHb9wKgNB7xgSRBqwJ84eLtK1UoXtYpVTDe9nHiqzVb9JfYA8rscM
quPqLXeqKDJ/SP72vlM3BocY6HqQ7l9kV8Bbk0BmnBwHTPe1uiuiW61oRYT0dv8L
RLoswGZGSar14HId8tZ3EGTNfGvrTkhBI6bjjSGs+0MDcv6ARAZF0JSH6YWTRRGK
oGV5x2vE6zPXvaejzNzN5aTK9qspOK4QM/bM+DFxl3HvKWsm5urJZnCCrf+pSRC2
crzoBtmKR6TQIzYbMSu6jfc8xOKCR30LJ+wlZ/LuEZmroSp5xc6Ixeg5FV6w4h4m
eNlQFU9n5AJyCG3ThQBhahfK4vtOtjYZXrtJ5VFaMlG26xzavVDRppYp3taLtiNi
qChV/dbSdc7HqYQOnDglUF5mRiu78uZ9+fl5OgE4PjHVG/exyqi6OQZeujPzBXL7
gZ1WEVt+fV8FWaH/NaEvVu5EFhISI/2dM+y/nuRQ4n2IwauEAWCQ+o6Qdq8TXytp
70A=
-----END CERTIFICATE-----

# subject=C = US, ST = North Carolina, L = Raleigh, O = "Red Hat, Inc.", OU = Red Hat IT, CN = Red Hat IT Root CA, emailAddress = infosec@redhat.com
# issuer=C = US, ST = North Carolina, L = Raleigh, O = "Red Hat, Inc.", OU = Red Hat IT, CN = Red Hat IT Root CA, emailAddress = infosec@redhat.com
# 2015-IT-Root-CA.pem
-----BEGIN CERTIFICATE-----
MIIENDCCAxygAwIBAgIJANunI0D662cnMA0GCSqGSIb3DQEBCwUAMIGlMQswCQYD
VQQGEwJVUzEXMBUGA1UECAwOTm9ydGggQ2Fyb2xpbmExEDAOBgNVBAcMB1JhbGVp
Z2gxFjAUBgNVBAoMDVJlZCBIYXQsIEluYy4xEzARBgNVBAsMClJlZCBIYXQgSVQx
GzAZBgNVBAMMElJlZCBIYXQgSVQgUm9vdCBDQTEhMB8GCSqGSIb3DQEJARYSaW5m
b3NlY0ByZWRoYXQuY29tMCAXDTE1MDcwNjE3MzgxMVoYDzIwNTUwNjI2MTczODEx
WjCBpTELMAkGA1UEBhMCVVMxFzAVBgNVBAgMDk5vcnRoIENhcm9saW5hMRAwDgYD
VQQHDAdSYWxlaWdoMRYwFAYDVQQKDA1SZWQgSGF0LCBJbmMuMRMwEQYDVQQLDApS
ZWQgSGF0IElUMRswGQYDVQQDDBJSZWQgSGF0IElUIFJvb3QgQ0ExITAfBgkqhkiG
9w0BCQEWEmluZm9zZWNAcmVkaGF0LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBALQt9OJQh6GC5LT1g80qNh0u50BQ4sZ/yZ8aETxt+5lnPVX6MHKz
bfwI6nO1aMG6j9bSw+6UUyPBHP796+FT/pTS+K0wsDV7c9XvHoxJBJJU38cdLkI2
c/i7lDqTfTcfLL2nyUBd2fQDk1B0fxrskhGIIZ3ifP1Ps4ltTkv8hRSob3VtNqSo
GxkKfvD2PKjTPxDPWYyruy9irLZioMffi3i/gCut0ZWtAyO3MVH5qWF/enKwgPES
X9po+TdCvRB/RUObBaM761EcrLSM1GqHNueSfqnho3AjLQ6dBnPWlo638Zm1VebK
BELyhkLWMSFkKwDmne0jQ02Y4g075vCKvCsCAwEAAaNjMGEwHQYDVR0OBBYEFH7R
4yC+UehIIPeuL8Zqw3PzbgcZMB8GA1UdIwQYMBaAFH7R4yC+UehIIPeuL8Zqw3Pz
bgcZMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEB
CwUAA4IBAQBDNvD2Vm9sA5A9AlOJR8+en5Xz9hXcxJB5phxcZQ8jFoG04Vshvd0e
LEnUrMcfFgIZ4njMKTQCM4ZFUPAieyLx4f52HuDopp3e5JyIMfW+KFcNIpKwCsak
oSoKtIUOsUJK7qBVZxcrIyeQV2qcYOeZhtS5wBqIwOAhFwlCET7Ze58QHmS48slj
S9K0JAcps2xdnGu0fkzhSQxY8GPQNFTlr6rYld5+ID/hHeS76gq0YG3q6RLWRkHf
4eTkRjivAlExrFzKcljC4axKQlnOvVAzz+Gm32U0xPBF4ByePVxCJUHw1TsyTmel
RxNEp7yHoXcwn+fXna+t5JWh1gxUZty3
-----END CERTIFICATE-----

# subject=O = Red Hat, OU = prod, CN = Intermediate Certificate Authority
# issuer=C = US, ST = North Carolina, L = Raleigh, O = "Red Hat, Inc.", OU = Red Hat IT, CN = Red Hat IT Root CA, emailAddress = infosec@redhat.com
-----BEGIN CERTIFICATE-----
MIID6DCCAtCgAwIBAgIBFDANBgkqhkiG9w0BAQsFADCBpTELMAkGA1UEBhMCVVMx
FzAVBgNVBAgMDk5vcnRoIENhcm9saW5hMRAwDgYDVQQHDAdSYWxlaWdoMRYwFAYD
VQQKDA1SZWQgSGF0LCBJbmMuMRMwEQYDVQQLDApSZWQgSGF0IElUMRswGQYDVQQD
DBJSZWQgSGF0IElUIFJvb3QgQ0ExITAfBgkqhkiG9w0BCQEWEmluZm9zZWNAcmVk
aGF0LmNvbTAeFw0xNTEwMTQxNzI5MDdaFw00NTEwMDYxNzI5MDdaME4xEDAOBgNV
BAoMB1JlZCBIYXQxDTALBgNVBAsMBHByb2QxKzApBgNVBAMMIkludGVybWVkaWF0
ZSBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
ggEKAoIBAQDYpVfg+jjQ3546GHF6sxwMOjIwpOmgAXiHS4pgaCmu+AQwBs4rwxvF
S+SsDHDTVDvpxJYBwJ6h8S3LK9xk70yGsOAu30EqITj6T+ZPbJG6C/0I5ukEVIeA
xkgPeCBYiiPwoNc/te6Ry2wlaeH9iTVX8fx32xroSkl65P59/dMttrQtSuQX8jLS
5rBSjBfILSsaUywND319E/Gkqvh6lo3TEax9rhqbNh2s+26AfBJoukZstg3TWlI/
pi8v/D3ZFDDEIOXrP0JEfe8ETmm87T1CPdPIZ9+/c4ADPHjdmeBAJddmT0IsH9e6
Gea2R/fQaSrIQPVmm/0QX2wlY4JfxyLJAgMBAAGjeTB3MB0GA1UdDgQWBBQw3gRU
oYYCnxH6UPkFcKcowMBP/DAfBgNVHSMEGDAWgBR+0eMgvlHoSCD3ri/GasNz824H
GTASBgNVHRMBAf8ECDAGAQH/AgEBMA4GA1UdDwEB/wQEAwIBhjARBglghkgBhvhC
AQEEBAMCAQYwDQYJKoZIhvcNAQELBQADggEBADwaXLIOqoyQoBVck8/52AjWw1Cv
ath9NGUEFROYm15VbAaFmeY2oQ0EV3tQRm32C9qe9RxVU8DBDjBuNyYhLg3k6/1Z
JXggtSMtffr5T83bxgfh+vNxF7o5oNxEgRUYTBi4aV7v9LiDd1b7YAsUwj4NPWYZ
dbuypFSWCoV7ReNt+37muMEZwi+yGIU9ug8hLOrvriEdU3RXt5XNISMMuC8JULdE
3GVzoNtkznqv5ySEj4M9WsdBiG6bm4aBYIOE0XKE6QYtlsjTMB9UTXxmlUvDE0wC
z9YYKfC1vLxL2wAgMhOCdKZM+Qlu1stb0B/EF3oxc/iZrhDvJLjijbMpphw=
-----END CERTIFICATE-----

# subject=O = Red Hat, OU = prod, CN = Certificate Authority
# issuer=O = Red Hat, OU = prod, CN = Intermediate Certificate Authority
-----BEGIN CERTIFICATE-----
MIIDsjCCApqgAwIBAgIBBjANBgkqhkiG9w0BAQsFADBOMRAwDgYDVQQKDAdSZWQg
SGF0MQ0wCwYDVQQLDARwcm9kMSswKQYDVQQDDCJJbnRlcm1lZGlhdGUgQ2VydGlm
aWNhdGUgQXV0aG9yaXR5MB4XDTE1MTAxNDE3NDc1NloXDTM1MTAwOTE3NDc1Nlow
QTEQMA4GA1UECgwHUmVkIEhhdDENMAsGA1UECwwEcHJvZDEeMBwGA1UEAwwVQ2Vy
dGlmaWNhdGUgQXV0aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAzTein1EAuLAZFgvvfDL3okBqn/xg9RVGa7r3Kuw4pVPa9QnkCkFbnaipnyUd
R331/A4RAHHZmVuddrbvh6C+YtDs+P8DLRC+YDE4VkW9ZRtNbt302z3jY4Y62W1w
hmsl7IV57ISC8kUbtekLXTuVd3InEywAIc3fyiTi7FsldIngunuxuNjjQD04DGnr
RmbBAmwfKxaXaT5qciq5kcFaYKQ3P0p6wT0gaDZ7C177W1uorIXCm9J6v8P7GLXD
scAvN3pgZRJ6Ocj5Fpnkd0nP6kpWhlO8/5B1CUggKaZXdm0kR9J2KOX4wrcjh3xn
6Rby/hijEwplkgUALIBgRTe3ewIDAQABo4GnMIGkMB8GA1UdIwQYMBaAFDDeBFSh
hgKfEfpQ+QVwpyjAwE/8MBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQD
AgHGMB0GA1UdDgQWBBR72gn1SV3Z11zJNvhV0huXnhEvfjA+BggrBgEFBQcBAQQy
MDAwLgYIKwYBBQUHMAGGImh0dHA6Ly9vY3NwLnJlZGhhdC5jb20vY2EvaW50b2Nz
cC8wDQYJKoZIhvcNAQELBQADggEBAJeV5FNFhLYc24NZBDTuMFGDLKuHwJmdF4uF
8Tt5g/Mj4Mi3qSbu2Y+3gk4UQ45GD6HQf+JpA4hHsxJ2L0F39oVQ39QS3MgRoSk3
LfpKYkzQntRFzSr1OHMA06tHNPlhylGRc/gdLkaLjeFYj/Fhz5Htg9vv9dF4h8bl
X6KXw/3RH9f5YgKqydtEZtZ0isA4+55gf0m7I0O5lNK3mgY/uBmIk/jSI9WqczrD
WGf78pvkTQ2PcYg/WiCv+AVsaSaiEDUf4rDj55wQ30h78Ox5J2izd4I6QylB9Lpu
fQEw+cWRxwFPJujSOTSKRHZDo1UwOIQbxqkbznSHlLCICEXxuvQ=
-----END CERTIFICATE-----
14 changes: 14 additions & 0 deletions content/deploy/backstage/node/index.js
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
#!/usr/bin/env node

fetch('https://aap.coe.muc.redhat.com/api/v2/job_templates', {
headers: {
"Content-Type": "application/json",
Authorization: 'YVkm5yVJttlh6RDeW9zZvhCNy7CTrg'
},
method: "GET"
})
.then((response) => response.text())
.then((body) => {
console.log(body);
});

11 changes: 11 additions & 0 deletions content/deploy/backstage/node/package.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
{
"name": "node",
"version": "1.0.0",
"description": "",
"main": "index.js",
"scripts": {
"test": "echo \"Error: no test specified\" && exit 1"
},
"author": "",
"license": "ISC"
}
30 changes: 30 additions & 0 deletions content/deploy/backstage/svc
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
apiVersion: v1
kind: Service
metadata:
annotations:
meta.helm.sh/release-name: developer-hub
meta.helm.sh/release-namespace: redhat-developer-hub
labels:
app.kubernetes.io/component: backstage
app.kubernetes.io/instance: developer-hub
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: developer-hub
helm.sh/chart: upstream-1.8.0
name: developer-hub-a
namespace: redhat-developer-hub
spec:
internalTrafficPolicy: Cluster
ipFamilies:
- IPv4
ipFamilyPolicy: SingleStack
ports:
- name: oauth2-proxy
port: 4180
protocol: TCP
targetPort: oauth2-proxy
selector:
app.kubernetes.io/component: backstage
app.kubernetes.io/instance: developer-hub
app.kubernetes.io/name: developer-hub
sessionAffinity: None
type: ClusterIP
51 changes: 51 additions & 0 deletions content/deploy/backstage/values.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,51 @@
global:
auth:
backend:
enabled: true
clusterRouterBase: apps.isar.coe.muc.redhat.com
dynamic:
includes:
- dynamic-plugins.default.yaml

upstream:
appConfig:
auth:
environment: production
providers:
oauth2Proxy: {}
backstage:
extraContainers:
- args:
- --provider=oidc
- --email-domain=*
- --upstream=http://localhost:7007
- --http-address=0.0.0.0:4180
- --skip-provider-button
- --insecure-oidc-allow-unverified-email=true
env:
- name: OAUTH2_PROXY_CLIENT_ID
valueFrom:
secretKeyRef:
key: CLIENT_ID
name: rh-developer-hub-sso
- name: OAUTH2_PROXY_CLIENT_SECRET
valueFrom:
secretKeyRef:
key: CLIENT_SECRET
name: rh-developer-hub-sso
- name: OAUTH2_PROXY_COOKIE_SECRET
value: f1Xw225KFsCK90Wwf8fDyQ==
- name: OAUTH2_PROXY_OIDC_ISSUER_URL
value: https://sso.coe.muc.redhat.com/realms/coe-sso
- name: OAUTH2_PROXY_SSL_INSECURE_SKIP_VERIFY
value: "true"
image: quay.io/oauth2-proxy/oauth2-proxy:latest
imagePullPolicy: IfNotPresent
name: oauth2-proxy
ports:
- containerPort: 4180
name: oauth2-proxy
protocol: TCP
resources: {}
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File