Red Hat Developer Hub 1.4

Installing Red Hat Developer Hub on Microsoft Azure Kubernetes Service

Red Hat Customer Content Services

Abstract

Red Hat Developer Hub is an enterprise-grade platform for building developer portals. Administrative users can configure roles, permissions, and other settings to enable other authorized users to deploy a Developer Hub instance on Microsoft Azure Kubernetes Service (AKS) using either the Operator or Helm chart.

Preface
1. Deploying Developer Hub on AKS with the Operator
2. Deploying Developer Hub on AKS with the Helm chart

Preface

You can install Red Hat Developer Hub on Microsoft Azure Kubernetes Service (AKS) using one of the following methods:

The Red Hat Developer Hub Operator
The Red Hat Developer Hub Helm chart

Chapter 1. Deploying Developer Hub on AKS with the Operator

You can deploy your Developer Hub on AKS using the Red Hat Developer Hub Operator.

Procedure

Obtain the Red Hat Developer Hub Operator manifest file, named rhdh-operator-<VERSION>.yaml, and modify the default configuration of db-statefulset.yaml and deployment.yaml by adding the following fragment:
```
securityContext:
  fsGroup: 300
```
Following is the specified locations in the manifests:
```
db-statefulset.yaml: | spec.template.spec
deployment.yaml: | spec.template.spec
```
Apply the modified Operator manifest to your Kubernetes cluster:
```
kubectl apply -f rhdh-operator-<VERSION>.yaml
```
Note
Execution of the previous command is cluster-scoped and requires appropriate cluster privileges.

Create an ImagePull Secret named rhdh-pull-secret using your Red Hat credentials to access images from the protected registry.redhat.io as shown in the following example:

kubectl -n <your_namespace> create secret docker-registry rhdh-pull-secret \
    --docker-server=registry.redhat.io \
    --docker-username=<redhat_user_name> \
    --docker-password=<redhat_password> \
    --docker-email=<email>

Create an Ingress manifest file, named rhdh-ingress.yaml, specifying your Developer Hub service name as follows:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: rhdh-ingress
  namespace: <your_namespace>
spec:
  ingressClassName: webapprouting.kubernetes.azure.com
  rules:
    - http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: backstage-<your-CR-name>
                port:
                  name: http-backend

To deploy the created Ingress, run the following command:
```
kubectl -n <your_namespace> apply -f rhdh-ingress.yaml
```

Create a ConfigMap named app-config-rhdh containing the Developer Hub configuration using the following example:

apiVersion: v1
kind: ConfigMap
metadata:
  name: app-config-rhdh
data:
  "app-config-rhdh.yaml": |
    app:
      title: Red Hat Developer Hub
      baseUrl: https://<app_address>
    backend:
      auth:
        externalAccess:
            - type: legacy
              options:
                subject: legacy-default-config
                secret: "${BACKEND_SECRET}"
      baseUrl: https://<app_address>
      cors:
        origin: https://<app_address>

Create a Secret named secrets-rhdh and add a key named BACKEND_SECRET with a Base64-encoded string value as shown in the following example:
```
apiVersion: v1
kind: Secret
metadata:
  name: secrets-rhdh
stringData:
  BACKEND_SECRET: "xxx"
```

Create a Custom Resource (CR) manifest file named rhdh.yaml and include the previously created rhdh-pull-secret as follows:

apiVersion: rhdh.redhat.com/v1alpha1
kind: Backstage
metadata:
  name: <your-rhdh-cr>
spec:
  application:
    imagePullSecrets:
      - rhdh-pull-secret
    appConfig:
      configMaps:
        - name: "app-config-rhdh"
    extraEnvs:
      secrets:
        - name: "secrets-rhdh"

Apply the CR manifest to your namespace:

kubectl -n <your_namespace> apply -f rhdh.yaml

Access the deployed Developer Hub using the URL: https://<app_address>, where <app_address> is the Ingress address obtained earlier (for example, https://108.141.70.228).
Optional: To delete the CR, run the following command:
```
kubectl -n <your_namespace> delete -f rhdh.yaml
```

Chapter 2. Deploying Developer Hub on AKS with the Helm chart

You can deploy your Developer Hub application on Azure Kubernetes Service (AKS) to access a comprehensive solution for building, testing, and deploying applications.

Prerequisites

You have a Microsoft Azure account with active subscription.
You have installed the Azure CLI.
You have installed the kubectl CLI.
You are logged into your cluster using kubectl, and have developer or admin permissions.
You have installed Helm 3 or the latest.

Comparison of AKS specifics with the base Developer Hub deployment

Permissions issue: Developer Hub containers might encounter permission-related errors, such as Permission denied when attempting certain operations. This error can be addresssed by adjusting the fsGroup in the PodSpec.securityContext.
Ingress configuration: In AKS, configuring ingress is essential for accessing the installed Developer Hub instance. Accessing the Developer Hub instance requires enabling the Routing add-on, an NGINX-based Ingress Controller, using the following command:
```
az aks approuting enable --resource-group <your_ResourceGroup> --name <your_ClusterName>
```
Tip
You might need to install the Azure CLI extension aks-preview. If the extension is not installed automatically, you might need to install it manually using the following command:
```
az extension add --upgrade -n aks-preview --allow-preview true
```
Note
After you install the Ingress Controller, the app-routing-system namespace with the Ingress Controller will be deployed in your cluster. Note the address of your Developer Hub application from the installed Ingress Controller (for example, 108.141.70.228) for later access to the Developer Hub application, later referenced as <app_address>.
```
kubectl get svc nginx --namespace app-routing-system -o jsonpath='{.status.loadBalancer.ingress[0].ip}'
```
Namespace management: You can create a dedicated namespace for Developer Hub deployment in AKS using the following command:
```
kubectl create namespace <your_namespace>
```

Procedure

Log in to AKS by running the following command:
```
az login [--tenant=<optional_directory_name>]
```
Create a resource group by running the following command:
```
az group create --name <resource_group_name> --location <location>
```
Tip
You can list available regions by running the following command:
```
az account list-locations -o table
```

Create an AKS cluster by running the following command:

az aks create \
--resource-group <resource_group_name> \
--name <cluster_name> \
--enable-managed-identity \
--generate-ssh-keys

You can refer to --help for additional options.

Connect to your cluster by running the following command:
```
az aks get-credentials --resource-group <resource_group_name> --name <cluster_name>
```
The previous command configures the Kubernetes client and sets the current context in the kubeconfig to point to your AKS cluster.
Open terminal and run the following command to add the Helm chart repository:
```
helm repo add openshift-helm-charts https://charts.openshift.io/
```

Create and activate the <rhdh> namespace:

DEPLOYMENT_NAME=<redhat-developer-hub>
NAMESPACE=<rhdh>
kubectl create namespace ${NAMESPACE}
kubectl config set-context --current --namespace=${NAMESPACE}

Create a pull secret, which is used to pull the Developer Hub images from the Red Hat Ecosystem, by running the following command:

kubectl -n $NAMESPACE create secret docker-registry rhdh-pull-secret \
    --docker-server=registry.redhat.io \
    --docker-username=<redhat_user_name> \
    --docker-password=<redhat_password> \
    --docker-email=<email>

Create a file named values.yaml using the following template:

global:
  host: <app_address>
route:
  enabled: false
upstream:
  ingress:
    enabled: true
    className: webapprouting.kubernetes.azure.com
    host:
  backstage:
    image:
      pullSecrets:
        - rhdh-pull-secret
    podSecurityContext:
      fsGroup: 3000
  postgresql:
    image:
      pullSecrets:
        - rhdh-pull-secret
    primary:
      podSecurityContext:
        enabled: true
        fsGroup: 3000
  volumePermissions:
    enabled: true

To install Developer Hub by using the Helm chart, run the following command:

helm -n $NAMESPACE install -f values.yaml $DEPLOYMENT_NAME openshift-helm-charts/redhat-developer-hub --version 1.4.0

Verify the deployment status:

kubectl get deploy $DEPLOYMENT_NAME -n $NAMESPACE

Configure your Developer Hub Helm chart instance with the Developer Hub database password and router base URL values from your cluster:

PASSWORD=$(kubectl get secret redhat-developer-hub-postgresql -o jsonpath="{.data.password}" | base64 -d)
CLUSTER_ROUTER_BASE=$(kubectl get route console -n openshift-console -o=jsonpath='{.spec.host}' | sed 's/^[^.]*\.//')
helm upgrade $DEPLOYMENT_NAME -i "https://github.com/openshift-helm-charts/charts/releases/download/redhat-redhat-developer-hub-1.4.0/redhat-developer-hub-1.4.0.tgz" \
    --set global.clusterRouterBase="$CLUSTER_ROUTER_BASE" \
    --set global.postgresql.auth.password="$PASSWORD"

Display the running Developer Hub instance URL, by running the following command:
```
echo "https://$DEPLOYMENT_NAME-$NAMESPACE.$CLUSTER_ROUTER_BASE"
```

Verification

Open the running Developer Hub instance URL in your browser to use Developer Hub.

Upgrade

To upgrade the deployment, run the following command:

helm upgrade $DEPLOYMENT_NAME -i https://github.com/openshift-helm-charts/charts/releases/download/redhat-redhat-developer-hub-1.4.0/redhat-developer-hub-1.4.0.tgz

Delete

To delete the deployment, run the following command:
```
helm -n $NAMESPACE delete $DEPLOYMENT_NAME
```

Legal Notice

The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available at http://creativecommons.org/licenses/by-sa/3.0/. In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you must provide the URL for the original version.

Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law.

Red Hat, Red Hat Enterprise Linux, the Shadowman logo, the Red Hat logo, JBoss, OpenShift, Fedora, the Infinity logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries.

Linux® is the registered trademark of Linus Torvalds in the United States and other countries.

Java® is a registered trademark of Oracle and/or its affiliates.

XFS® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United States and/or other countries.

MySQL® is a registered trademark of MySQL AB in the United States, the European Union and other countries.

Node.js® is an official trademark of Joyent. Red Hat is not formally related to or endorsed by the official Joyent Node.js open source or commercial project.

The OpenStack® Word Mark and OpenStack logo are either registered trademarks/service marks or trademarks/service marks of the OpenStack Foundation, in the United States and other countries and are used with the OpenStack Foundation's permission. We are not affiliated with, endorsed or sponsored by the OpenStack Foundation, or the OpenStack community.

All other trademarks are the property of their respective owners.