Red Hat Developer Hub 1.4

Installing Red Hat Developer Hub on Microsoft Azure Kubernetes Service

Red Hat Customer Content Services

Legal Notice

Abstract

Red Hat Developer Hub is an enterprise-grade platform for building developer portals. Administrative users can configure roles, permissions, and other settings to enable other authorized users to deploy a Developer Hub instance on Microsoft Azure Kubernetes Service (AKS) using either the Operator or Helm chart.

1. Deploying Developer Hub on AKS with the Operator
1.1. Installing the Developer Hub Operator
1.2. Deploying the Developer Hub instance on AKS with the Operator
2. Deploying Developer Hub on AKS with the Helm chart

You can install Red Hat Developer Hub on Microsoft Azure Kubernetes Service (AKS) using one of the following methods:

The Red Hat Developer Hub Operator
The Red Hat Developer Hub Helm chart

1. Deploying Developer Hub on AKS with the Operator

You can install the Developer Hub Operator on AKS using the Operator Lifecycle Manager (OLM) framework. Following that, you can proceed to deploy your Developer Hub instance in AKS.

1.1. Installing the Developer Hub Operator

Prerequisites

You have cluster-scoped privileges.
You have set the context to the AKS cluster in your current kubeconfig. For more information, see Connect to the cluster.
You have installed kubectl. For more information, see az aks install-cli.
You have subscribed to registry.redhat.io. For more information, see Red Hat Container Registry Authentication.
You installed the Operator Lifecycle Manager (OLM) framework. See Operator Lifecycle Manager(OLM).

Procedure

Create a pull secret in the olm namespace using the following command:
```
kubectl -n olm create secret docker-registry rhdh-pull-secret \
    --docker-server=registry.redhat.io \
    --docker-username=<user_name> \ 1
    --docker-password=<password> \ 2
    --docker-email=<email> 3
```
1
Enter your username in the command.
2
Enter your password in the command.
3
Enter your email address in the command.
The created pull secret is used to pull the Operator images from the Red Hat Ecosystem.

Create a CatalogSource resource in the olm namespace that contains the Operators from the Red Hat Ecosystem:

cat <<EOF | kubectl -n olm apply -f -
apiVersion: operators.coreos.com/v1alpha1
kind: CatalogSource
metadata:
  name: redhat-catalog
spec:
  sourceType: grpc
  image: registry.redhat.io/redhat/redhat-operator-index:v4.17
  secrets:
  - "rhdh-pull-secret"
  displayName: Red Hat Operators
EOF

Wait a few minutes until the Catalog Source is up and run the following command to list the available operators from the Red Hat ecosystem and confirm that the rhdh operator is listed:
```
kubectl -n olm get packagemanifests
```
Create the rhdh-operator namespace aimed at containing the Operator:
```
kubectl create namespace rhdh-operator
```
Create a pull secret in the rhdh-operator namespace:
```
kubectl -n rhdh-operator create secret docker-registry rhdh-pull-secret \
    --docker-server=registry.redhat.io \
    --docker-username=<user_name> \ 1
    --docker-password=<password> \ 2
    --docker-email=<email> 3
```
1
Enter your username in the command.
2
Enter your password in the command.
3
Enter your email address in the command.
The created pull secret is used to pull the Developer Hub images from the Red Hat Ecosystem.

Create an OperatorGroup resource as follows:

cat <<EOF | kubectl apply -n rhdh-operator -f -
apiVersion: operators.coreos.com/v1
kind: OperatorGroup
metadata:
  name: rhdh-operator-group
EOF

Create a Subscription resource:

cat <<EOF | kubectl apply -n rhdh-operator -f -
apiVersion: operators.coreos.com/v1alpha1
kind: Subscription
metadata:
  name: rhdh
  namespace: rhdh-operator
spec:
  channel: fast
  installPlanApproval: Automatic
  name: rhdh
  source: redhat-catalog
  sourceNamespace: olm
  startingCSV: rhdh-operator.v1.4.0
EOF

Verify that the created Operator is running:
```
kubectl -n rhdh-operator get pods -w
```
If the operator pod shows ImagePullBackOff status, then you might need permissions to pull the image directly within the Operator deployment’s manifest.
Tip
You can include the required secret name in the deployment.spec.template.spec.imagePullSecrets list and verify the deployment name using kubectl get deployment -n rhdh-operator command:
```
kubectl -n rhdh-operator patch deployment \
    rhdh-operator --patch '{"spec":{"template":{"spec":{"imagePullSecrets":[{"name":"rhdh-pull-secret"}]}}}}' \
    --type=merge
```
Update the default configuration of the operator to ensure that Developer Hub resources can start correctly using the following steps:
1. Edit the backstage-default-config ConfigMap in the rhdh-operator namespace using the following command:
```
kubectl -n rhdh-operator edit configmap backstage-default-config
```
Modify the default configuration of db-statefulset.yaml and deployment.yaml by adding the following fragment:
```
securityContext:
  fsGroup: 300
```
Following is the specified locations in the manifests:
```
db-statefulset.yaml: | spec.template.spec
deployment.yaml: | spec.template.spec
```
1. Save and exit.
  Wait for a few minutes until the changes are automatically applied to the operator pods.

1.2. Deploying the Developer Hub instance on AKS with the Operator

Prerequisites

A cluster administrator has installed the Red Hat Developer Hub Operator.
You have subscribed to registry.redhat.io. For more information, see Red Hat Container Registry Authentication.
You have set the context to the AKS cluster in your current kubeconfig. For more information, see Connect to the cluster.
You have installed kubectl. For more information, see az aks install-cli.

Procedure

Create an Image Pull Secret named rhdh-pull-secret using your Red Hat credentials to access images from the protected registry.redhat.io as shown in the following example:

kubectl -n <your_namespace> create secret docker-registry rhdh-pull-secret \
    --docker-server=registry.redhat.io \
    --docker-username=<redhat_user_name> \
    --docker-password=<redhat_password> \
    --docker-email=<email>

Create an Ingress manifest file, named rhdh-ingress.yaml, specifying your Developer Hub service name as follows:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: rhdh-ingress
  namespace: <your_namespace>
spec:
  ingressClassName: webapprouting.kubernetes.azure.com
  rules:
    - http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: backstage-<your-CR-name>
                port:
                  name: http-backend

To deploy the created Ingress, run the following command:
```
kubectl -n <your_namespace> apply -f rhdh-ingress.yaml
```

Create a ConfigMap named app-config-rhdh containing the Developer Hub configuration using the following example:

apiVersion: v1
kind: ConfigMap
metadata:
  name: app-config-rhdh
data:
  "app-config-rhdh.yaml": |
    app:
      title: Red Hat Developer Hub
      baseUrl: https://<app_address>
    backend:
      auth:
        externalAccess:
            - type: legacy
              options:
                subject: legacy-default-config
                secret: "${BACKEND_SECRET}"
      baseUrl: https://<app_address>
      cors:
        origin: https://<app_address>

Create a Secret named my-rhdh-secrets and add a key named BACKEND_SECRET with a Base64-encoded string value as shown in the following example:
```
apiVersion: v1
kind: Secret
metadata:
  name: {my-product-secrets}
stringData:
  BACKEND_SECRET: "xxx"
```

Create a Custom Resource (CR) manifest file named rhdh.yaml and include the previously created rhdh-pull-secret as follows:

apiVersion: rhdh.redhat.com/v1alpha3
kind: Backstage
metadata:
  name: <your-rhdh-cr>
spec:
  application:
    imagePullSecrets:
      - rhdh-pull-secret
    appConfig:
      configMaps:
        - name: "app-config-rhdh"
    extraEnvs:
      secrets:
        - name: "{my-product-secrets}"

Apply the CR manifest to your namespace:

kubectl -n <your_namespace> apply -f rhdh.yaml

Verification

Access the deployed Developer Hub using the URL: https://<my_developer_hub_url>, where <app_address> is the Ingress address obtained earlier, such as https://108.141.70.228.

2. Deploying Developer Hub on AKS with the Helm chart

You can deploy your Developer Hub application on Azure Kubernetes Service (AKS) to access a comprehensive solution for building, testing, and deploying applications.

Prerequisites

You have a Microsoft Azure account with active subscription.
You have installed the Azure CLI.
You have installed the kubectl CLI.
You are logged into your cluster using kubectl, and have developer or admin permissions.
You have installed Helm 3 or the latest.

Comparison of AKS specifics with the base Developer Hub deployment

Permissions issue: Developer Hub containers might encounter permission-related errors, such as Permission denied when attempting certain operations. This error can be addresssed by adjusting the fsGroup in the PodSpec.securityContext.
Ingress configuration: In AKS, configuring ingress is essential for accessing the installed Developer Hub instance. Accessing the Developer Hub instance requires enabling the Routing add-on, an NGINX-based Ingress Controller, using the following command:
```
az aks approuting enable --resource-group <your_ResourceGroup> --name <your_ClusterName>
```
Tip
You might need to install the Azure CLI extension aks-preview. If the extension is not installed automatically, you might need to install it manually using the following command:
```
az extension add --upgrade -n aks-preview --allow-preview true
```
Note
After you install the Ingress Controller, the app-routing-system namespace with the Ingress Controller will be deployed in your cluster. Note the address of your Developer Hub application from the installed Ingress Controller (for example, 108.141.70.228) for later access to the Developer Hub application, later referenced as <app_address>.
```
kubectl get svc nginx --namespace app-routing-system -o jsonpath='{.status.loadBalancer.ingress[0].ip}'
```
Namespace management: You can create a dedicated namespace for Developer Hub deployment in AKS using the following command:
```
kubectl create namespace <your_namespace>
```

Procedure

Log in to AKS by running the following command:
```
az login [--tenant=<optional_directory_name>]
```
Create a resource group by running the following command:
```
az group create --name <resource_group_name> --location <location>
```
Tip
You can list available regions by running the following command:
```
az account list-locations -o table
```

Create an AKS cluster by running the following command:

az aks create \
--resource-group <resource_group_name> \
--name <cluster_name> \
--enable-managed-identity \
--generate-ssh-keys

You can refer to --help for additional options.

Connect to your cluster by running the following command:
```
az aks get-credentials --resource-group <resource_group_name> --name <cluster_name>
```
The previous command configures the Kubernetes client and sets the current context in the kubeconfig to point to your AKS cluster.
Open terminal and run the following command to add the Helm chart repository:
```
helm repo add openshift-helm-charts https://charts.openshift.io/
```

Create and activate the <rhdh> namespace:

DEPLOYMENT_NAME=<redhat-developer-hub>
NAMESPACE=<rhdh>
kubectl create namespace ${NAMESPACE}
kubectl config set-context --current --namespace=${NAMESPACE}

Create a pull secret, which is used to pull the Developer Hub images from the Red Hat Ecosystem, by running the following command:

kubectl -n $NAMESPACE create secret docker-registry rhdh-pull-secret \
    --docker-server=registry.redhat.io \
    --docker-username=<redhat_user_name> \
    --docker-password=<redhat_password> \
    --docker-email=<email>

Create a file named values.yaml using the following template:

global:
  host: <app_address>
route:
  enabled: false
upstream:
  ingress:
    enabled: true
    className: webapprouting.kubernetes.azure.com
    host:
  backstage:
    image:
      pullSecrets:
        - rhdh-pull-secret
    podSecurityContext:
      fsGroup: 3000
  postgresql:
    image:
      pullSecrets:
        - rhdh-pull-secret
    primary:
      podSecurityContext:
        enabled: true
        fsGroup: 3000
  volumePermissions:
    enabled: true

To install Developer Hub by using the Helm chart, run the following command:

helm -n $NAMESPACE install -f values.yaml $DEPLOYMENT_NAME openshift-helm-charts/redhat-developer-hub --version 1.4.0

Verify the deployment status:

kubectl get deploy $DEPLOYMENT_NAME -n $NAMESPACE

Configure your Developer Hub Helm chart instance with the Developer Hub database password and router base URL values from your cluster:

PASSWORD=$(kubectl get secret redhat-developer-hub-postgresql -o jsonpath="{.data.password}" | base64 -d)
CLUSTER_ROUTER_BASE=$(kubectl get route console -n openshift-console -o=jsonpath='{.spec.host}' | sed 's/^[^.]*\.//')
helm upgrade $DEPLOYMENT_NAME -i "https://github.com/openshift-helm-charts/charts/releases/download/redhat-redhat-developer-hub-1.4.0/redhat-developer-hub-1.4.0.tgz" \
    --set global.clusterRouterBase="$CLUSTER_ROUTER_BASE" \
    --set global.postgresql.auth.password="$PASSWORD"

Display the running Developer Hub instance URL, by running the following command:
```
echo "https://$DEPLOYMENT_NAME-$NAMESPACE.$CLUSTER_ROUTER_BASE"
```

Verification

Open the running Developer Hub instance URL in your browser to use Developer Hub.

Upgrade

To upgrade the deployment, run the following command:

helm upgrade $DEPLOYMENT_NAME -i https://github.com/openshift-helm-charts/charts/releases/download/redhat-redhat-developer-hub-1.4.0/redhat-developer-hub-1.4.0.tgz

Delete

To delete the deployment, run the following command:
```
helm -n $NAMESPACE delete $DEPLOYMENT_NAME
```

Legal Notice

The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available at http://creativecommons.org/licenses/by-sa/3.0/. In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you must provide the URL for the original version.

Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law.

Red Hat, Red Hat Enterprise Linux, the Shadowman logo, the Red Hat logo, JBoss, OpenShift, Fedora, the Infinity logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries.

Linux® is the registered trademark of Linus Torvalds in the United States and other countries.

Java® is a registered trademark of Oracle and/or its affiliates.

XFS® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United States and/or other countries.

MySQL® is a registered trademark of MySQL AB in the United States, the European Union and other countries.

Node.js® is an official trademark of Joyent. Red Hat is not formally related to or endorsed by the official Joyent Node.js open source or commercial project.

The OpenStack® Word Mark and OpenStack logo are either registered trademarks/service marks or trademarks/service marks of the OpenStack Foundation, in the United States and other countries and are used with the OpenStack Foundation's permission. We are not affiliated with, endorsed or sponsored by the OpenStack Foundation, or the OpenStack community.

All other trademarks are the property of their respective owners.