Installing Red Hat Developer Hub on Amazon Elastic Kubernetes Service
Running Red Hat Developer Hub on Amazon Elastic Kubernetes Service (EKS) by using either the Operator or Helm chart
Abstract
You can install Red Hat Developer Hub on Amazon Elastic Kubernetes Service (EKS) using one of the following methods:
- The Red Hat Developer Hub Operator
- The Red Hat Developer Hub Helm chart
1. Installing Developer Hub on EKS with the Operator
The Red Hat Developer Hub Operator installation requires the Operator Lifecycle Manager (OLM) framework.
Additional resources
- For information about the OLM, see Operator Lifecycle Manager(OLM) documentation.
1.1. Installing the Developer Hub Operator with the OLM framework
You can install the Developer Hub Operator on EKS using the Operator Lifecycle Manager (OLM) framework. Following that, you can proceed to deploy your Developer Hub instance in EKS.
Prerequisites
-
You have set the context to the EKS cluster in your current
kubeconfig. For more information, see Creating or updating a kubeconfig file for an Amazon EKS cluster. -
You have installed
kubectl. For more information, see Installing or updating kubectl. -
You have subscribed to
registry.redhat.io. For more information, see Red Hat Container Registry Authentication. - You have installed the Operator Lifecycle Manager (OLM). For more information about installation and troubleshooting, see OLM QuickStart or How do I get Operator Lifecycle Manager?
Procedure
Run the following command in your terminal to create the
rhdh-operatornamespace where the Operator is installed:kubectl create namespace rhdh-operator
Create a pull secret using the following command:
kubectl -n rhdh-operator create secret docker-registry rhdh-pull-secret \ --docker-server=registry.redhat.io \ --docker-username=<user_name> \ 1 --docker-password=<password> \ 2 --docker-email=<email> 3The created pull secret is used to pull the Developer Hub images from the Red Hat Ecosystem.
Create a
CatalogSourceresource that contains the Operators from the Red Hat Ecosystem:cat <<EOF | kubectl -n rhdh-operator apply -f - apiVersion: operators.coreos.com/v1alpha1 kind: CatalogSource metadata: name: redhat-catalog spec: sourceType: grpc image: registry.redhat.io/redhat/redhat-operator-index:v4.18 secrets: - "rhdh-pull-secret" displayName: Red Hat Operators EOF
Create an
OperatorGroupresource as follows:cat <<EOF | kubectl apply -n rhdh-operator -f - apiVersion: operators.coreos.com/v1 kind: OperatorGroup metadata: name: rhdh-operator-group EOF
Create a
Subscriptionresource using the following code:cat <<EOF | kubectl apply -n rhdh-operator -f - apiVersion: operators.coreos.com/v1alpha1 kind: Subscription metadata: name: rhdh namespace: rhdh-operator spec: channel: fast installPlanApproval: Automatic name: rhdh source: redhat-catalog sourceNamespace: rhdh-operator startingCSV: rhdh-operator.v1.7.0 EOF
Run the following command to verify that the created Operator is running:
kubectl -n rhdh-operator get pods -w
If the operator pod shows
ImagePullBackOffstatus, then you might need permissions to pull the image directly within the Operator deployment’s manifest.TipYou can include the required secret name in the
deployment.spec.template.spec.imagePullSecretslist and verify the deployment name usingkubectl get deployment -n rhdh-operatorcommand:kubectl -n rhdh-operator patch deployment \ rhdh.fast --patch '{"spec":{"template":{"spec":{"imagePullSecrets":[{"name":"rhdh-pull-secret"}]}}}}' \ --type=merge
1.2. Deploying the Developer Hub instance on EKS with the Operator
Prerequisites
- A cluster administrator has installed the Red Hat Developer Hub Operator.
- You have an EKS cluster with AWS Application Load Balancer (ALB) add-on installed. For more information, see Application load balancing on Amazon Elastic Kubernetes Service and Installing the AWS Load Balancer Controller add-on.
- You have configured a domain name for your Developer Hub instance. The domain name can be a hosted zone entry on Route 53 or managed outside of AWS. For more information, see Configuring Amazon Route 53 as your DNS service documentation.
- You have an entry in the AWS Certificate Manager (ACM) for your preferred domain name. Make sure to keep a record of your Certificate ARN.
-
You have subscribed to
registry.redhat.io. For more information, see Red Hat Container Registry Authentication. -
You have set the context to the EKS cluster in your current
kubeconfig. For more information, see Creating or updating a kubeconfig file for an Amazon EKS cluster. -
You have installed
kubectl. For more information, see Installing or updating kubectl.
Procedure
Create a
my-rhdh-app-configconfig map containing theapp-config.yamlDeveloper Hub configuration file by using the following template:apiVersion: v1 kind: ConfigMap metadata: name: my-rhdh-app-config data: "app-config.yaml": | app: title: Red Hat Developer Hub baseUrl: https://<rhdh_dns_name> backend: auth: externalAccess: - type: legacy options: subject: legacy-default-config secret: "${BACKEND_SECRET}" baseUrl: https://<rhdh_dns_name> cors: origin: https://<rhdh_dns_name>Create a Red Hat Developer Hub secret and add a key named
BACKEND_SECRETwith aBase64-encodedstring as value:apiVersion: v1 kind: Secret metadata: name:
<my_product_secrets>1 stringData: # TODO: See https://backstage.io/docs/auth/service-to-service-auth/#setup BACKEND_SECRET: "xxx"- 1
<my_product_secrets>is your preferred Developer Hub secret name, where<my_product_secrets>specifies the unique identifier for your secret configuration within Developer Hub.
ImportantEnsure that you use a unique value of
BACKEND_SECRETfor each Developer Hub instance.You can use the following command to generate a key:
node-p'require("crypto").randomBytes(24).toString("base64")'To enable pulling the PostgreSQL image from the Red Hat Ecosystem Catalog, add the image pull secret in the default service account within the namespace where the Developer Hub instance is being deployed:
kubectl patch serviceaccount default \ -p '{"imagePullSecrets": [{"name": "rhdh-pull-secret"}]}' \ -n <your_namespace>Create your
Backstagecustom resource using the following template:apiVersion: rhdh.redhat.com/v1alpha3 kind: Backstage metadata: # TODO: this the name of your Developer Hub instance name: my-rhdh spec: application: imagePullSecrets: - "rhdh-pull-secret" route: enabled: false appConfig: configMaps: - name: my-rhdh-app-config extraEnvs: secrets: - name:<my_product_secrets>1- 1
<my_product_secrets>is your preferred Developer Hub secret name, where<my_product_secrets>specifies the identifier for your secret configuration within Developer Hub.
Create an Ingress resource using the following template, ensuring to customize the names as needed:
apiVersion: networking.k8s.io/v1 kind: Ingress metadata: # TODO: this the name of your Developer Hub Ingress name: my-rhdh annotations: alb.ingress.kubernetes.io/scheme: internet-facing alb.ingress.kubernetes.io/target-type: ip # TODO: Using an ALB HTTPS Listener requires a certificate for your own domain. Fill in the ARN of your certificate, e.g.: alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-xxx:xxxx:certificate/xxxxxx alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS":443}]' alb.ingress.kubernetes.io/ssl-redirect: '443' # TODO: Set your application domain name. external-dns.alpha.kubernetes.io/hostname: <rhdh_dns_name> spec: ingressClassName: alb rules: # TODO: Set your application domain name. - host: <rhdh_dns_name> http: paths: - path: / pathType: Prefix backend: service: # TODO: my-rhdh is the name of your `Backstage` custom resource. # Adjust if you changed it! name: backstage-my-rhdh port: name: http-backendIn the previous template, replace ` <rhdh_dns_name>` with your Developer Hub domain name and update the value of
alb.ingress.kubernetes.io/certificate-arnwith your certificate ARN.
Verification
Wait until the DNS name is responsive, indicating that your Developer Hub instance is ready for use.
2. Installing Developer Hub on EKS with the Helm chart
When you install the Developer Hub Helm chart in Elastic Kubernetes Service (EKS), it orchestrates the deployment of a Developer Hub instance, which provides a robust developer platform within the AWS ecosystem.
Prerequisites
- You have an EKS cluster with AWS Application Load Balancer (ALB) add-on installed. For more information, see Application load balancing on Amazon Developer Hub and Installing the AWS Load Balancer Controller add-on.
- You have configured a domain name for your Developer Hub instance. The domain name can be a hosted zone entry on Route 53 or managed outside of AWS. For more information, see Configuring Amazon Route 53 as your DNS service documentation.
- You have an entry in the AWS Certificate Manager (ACM) for your preferred domain name. Make sure to keep a record of your Certificate ARN.
-
You have subscribed to
registry.redhat.io. For more information, see Red Hat Container Registry Authentication. -
You have set the context to the EKS cluster in your current
kubeconfig. For more information, see Creating or updating a kubeconfig file for an Amazon EKS cluster. -
You have installed
kubectl. For more information, see Installing or updating kubectl. - You have installed Helm 3 or the latest. For more information, see Using Helm with Amazon EKS.
Procedure
Go to your terminal and run the following command to add the Helm chart repository containing the Developer Hub chart to your local Helm registry:
helm repo add openshift-helm-charts https://charts.openshift.io/
Create a pull secret using the following command:
kubectl create secret docker-registry rhdh-pull-secret \ --docker-server=registry.redhat.io \ --docker-username=<user_name> \ 1 --docker-password=<password> \ 2 --docker-email=<email> 3The created pull secret is used to pull the Developer Hub images from the Red Hat Ecosystem.
Create a file named
values.yamlusing the following template:global: # TODO: Set your application domain name. host: <your Developer Hub domain name> route: enabled: false upstream: service: # NodePort is required for the ALB to route to the Service type: NodePort ingress: enabled: true annotations: kubernetes.io/ingress.class: alb alb.ingress.kubernetes.io/scheme: internet-facing # TODO: Using an ALB HTTPS Listener requires a certificate for your own domain. Fill in the ARN of your certificate, e.g.: alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:xxx:xxxx:certificate/xxxxxx alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS":443}]' alb.ingress.kubernetes.io/ssl-redirect: '443' # TODO: Set your application domain name. external-dns.alpha.kubernetes.io/hostname: <your rhdh domain name> backstage: image: pullSecrets: - rhdh-pull-secret podSecurityContext: # you can assign any random value as fsGroup fsGroup: 2000 postgresql: image: pullSecrets: - rhdh-pull-secret primary: podSecurityContext: enabled: true # you can assign any random value as fsGroup fsGroup: 3000 volumePermissions: enabled: trueRun the following command in your terminal to deploy Developer Hub using the latest version of Helm Chart and using the values.yaml file created in the previous step:
helm install rhdh \ openshift-helm-charts/redhat-developer-hub \ [--version 1.7.0] \ --values /path/to/values.yaml
For the latest chart version, see https://github.com/openshift-helm-charts/charts/tree/main/charts/redhat/redhat/redhat-developer-hub
Verification
Wait until the DNS name is responsive, indicating that your Developer Hub instance is ready for use.