Add backstage information

content/deploy/backstage/index.md

@@ -0,0 +1,97 @@
+---
+title: Red Hat Developer Hub
+linktitle: Red Hat Developer Hub
+description: Red Hat Developer Hub
+tags: ['backstage','Red Hat Developer Hub']
+---
+
+# Red Hat Developer Hub aka Backstage
+
+
+
+
+      - args:
+        - --provider=oidc
+        - --email-domain=*
+        - --upstream=http://localhost:7007
+        - --http-address=0.0.0.0:4180
+        - --skip-provider-button
+        - --insecure-oidc-allow-unverified-email=true
+        env:
+        - name: OAUTH2_PROXY_CLIENT_ID
+          valueFrom:
+            secretKeyRef:
+              key: CLIENT_ID
+              name: keycloak-client-secret-backstage
+        - name: OAUTH2_PROXY_CLIENT_SECRET
+          valueFrom:
+            secretKeyRef:
+              key: CLIENT_SECRET
+              name: keycloak-client-secret-backstage
+        - name: OAUTH2_PROXY_COOKIE_SECRET
+          value: bmpvaGV3cXBhbmVvYWJ1Z2ZiYWpoZXh3aWphYmR0b3g=
+        - name: OAUTH2_PROXY_OIDC_ISSUER_URL
+          value: https://sso.coe.muc.redhat.com/auth/realms/coe-sso
+        - name: OAUTH2_PROXY_SSL_INSECURE_SKIP_VERIFY
+          value: "true"
+
+
+
+![create-client-0.png](create-client-0.png)
+
+Client ID redhat-developer-hub
+
+![create-client-1.png](create-client-1.png)
+
+![create-client-2.png](create-client-2.png)
+
+Valid redirect URIs : https://developer-hub-redhat-developer-hub.apps.isar.coe.muc.redhat.com/oauth2/callback
+Web origins : https://developer-hub-redhat-developer-hub.apps.isar.coe.muc.redhat.com/
+
+-> Credentials
+    Client Secret: Xyt8GaEQwyudjfnJgdzJpSWT19whszHd
+
+
+oc create secret generic rh-developer-hub-sso \
+  --from-literal=CLIENT_ID=redhat-developer-hub \
+  --from-literal=CLIENT_SECRET=Xyt8GaEQwyudjfnJgdzJpSWT19whszHd
+
+
+    signInPage: oauth2Proxy
+    auth:
+      environment: production
+      providers:
+        oauth2Proxy: {}
+
+
+
+Prakisch:
+
+helm get values -a developer-hub | yq -o props
+https://www.baeldung.com/ops/kubernetes-update-helm-values
+
+# ToDo
+- [ ] Service anpassen
+cat values.yaml
+
+https://stackoverflow.com/questions/48927233/updating-kubernetes-helm-values
+
+https://github.com/rhdh-bot/openshift-helm-charts/tree/rhdh-1-rhel-9/charts/redhat/redhat/developer-hub/1.1-59-CI
+
+https://keycloak-backstage.apps.cluster-cqf2k.sandbox2351.opentlc.com/auth/realms/backstage/.well-known/openid-configuration
+
+
+
+
+oc create -f - <<EOF
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  labels:
+    config.openshift.io/inject-trusted-cabundle: "true"
+  name: trusted-ca
+EOF
+
+export NODE_EXTRA_CA_CERTS=/ca/ca-bundle.crt
+
+

content/deploy/backstage/node/ca.crt

@@ -0,0 +1,123 @@
+# https://source.redhat.com/groups/public/identity-access-management/identity__access_management_wiki/red_hat_root_cas_certificate_authorities
+# https://certs.corp.redhat.com/
+
+# subject=C = US, ST = North Carolina, L = Raleigh, O = "Red Hat, Inc.", OU = Red Hat IT, CN = Internal Root CA, emailAddress = infosec@redhat.com
+# issuer=C = US, ST = North Carolina, L = Raleigh, O = "Red Hat, Inc.", OU = Red Hat IT, CN = Internal Root CA, emailAddress = infosec@redhat.com
+# 2022-IT-Root-CA.pem
+-----BEGIN CERTIFICATE-----
+MIIGXjCCBEagAwIBAgIEeIXl3TANBgkqhkiG9w0BAQwFADCBozELMAkGA1UEBhMC
+VVMxFzAVBgNVBAgMDk5vcnRoIENhcm9saW5hMRAwDgYDVQQHDAdSYWxlaWdoMRYw
+FAYDVQQKDA1SZWQgSGF0LCBJbmMuMRMwEQYDVQQLDApSZWQgSGF0IElUMRkwFwYD
+VQQDDBBJbnRlcm5hbCBSb290IENBMSEwHwYJKoZIhvcNAQkBFhJpbmZvc2VjQHJl
+ZGhhdC5jb20wIBcNMjIwNDEwMTMxNzE4WhgPMjA1MjA0MDIxMzE3MThaMIGjMQsw
+CQYDVQQGEwJVUzEXMBUGA1UECAwOTm9ydGggQ2Fyb2xpbmExEDAOBgNVBAcMB1Jh
+bGVpZ2gxFjAUBgNVBAoMDVJlZCBIYXQsIEluYy4xEzARBgNVBAsMClJlZCBIYXQg
+SVQxGTAXBgNVBAMMEEludGVybmFsIFJvb3QgQ0ExITAfBgkqhkiG9w0BCQEWEmlu
+Zm9zZWNAcmVkaGF0LmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB
+ALG6WgRWCXNZdn0UUVQ5JV2lEgHaNblgGnCAx6bZ89l5Ygi+tVDo8v1c16cM5e4E
+dtKEP88CnGL+6NJnI4iMuw2HtYM77Q2qmR9PIH3BRgCHHcZMgZjvlFKjJnLXIptk
+NMq/6tJ+6L0iWy0AzPovc5AtkRL3MBgrwgKINTBN41nuq4Dqp/QpqbYvK4Fz9uUE
+jtYUs4YZZjXfk/U5RcmCclSwyGdgxOC9lDInY/t4tCmJHxM6vlkjoJhqmLIbrgue
+Sv+uwAuNLGhSjT1hqLUJU7rpUUn9eAw23ebNC0sMw9eIpS7CwGyC+jhC8uORdgiK
+L79hDJBrKmwpy0byZ58qRNPWREMqPgs11NFGB3m1yj5vj47/i6m3yYizHX61t0ws
+0YTPcmp3SyPwWXhHO6z5b56fNeYx9kfzpfptTm0y+564V3ktX4z1fOWKxxoRAwoR
+DsILvaV2s4rYrXYaNvtu7x0qr5pKU25Yr4bPU29vBiloIFinQmivK8cSrmOsIs+V
+OS4lDcdpoB/7gtoGbyej3ErZVsN/qX/se1vkjkucABmLT/lPMfTs2Eegh4xKZMQR
+rTuL+LmVuEzapvHql8u6SDbgcsIpN2LgWjr8mo9Yfr/d4jnk2yhZKagN1OIuDi/U
+b+uBRWvY3oXfoZNgwaqIhO+93hCbeL1c5NC+zHxEnHglAgMBAAGjgZUwgZIwHQYD
+VR0OBBYEFLX6jeUKeKEJldtNIYaVallPSciLMB8GA1UdIwQYMBaAFLX6jeUKeKEJ
+ldtNIYaVallPSciLMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMC8G
+A1UdHwQoMCYwJKAioCCGHmh0dHA6Ly9vc2NwLnJlZGhhdC5jb20vY3JsLnBlbTAN
+BgkqhkiG9w0BAQwFAAOCAgEAr4RGb1FvUb0kqCbwNlEUwC0vqcdG/uJA38UL4vNa
+RgrUZOz8LlE1UywZacvLxpYY5G6duJgB6X6NxN98PV8ei5eYRp5pEyUXIaAl0vvT
+WQ+mr+nizbGCeRjnk1rAI9s9P/ho/uRq06l9upEJvgIotOb9+KY1ljBxstl00Egb
+4B+gjR6wDHwaHb9wKgNB7xgSRBqwJ84eLtK1UoXtYpVTDe9nHiqzVb9JfYA8rscM
+quPqLXeqKDJ/SP72vlM3BocY6HqQ7l9kV8Bbk0BmnBwHTPe1uiuiW61oRYT0dv8L
+RLoswGZGSar14HId8tZ3EGTNfGvrTkhBI6bjjSGs+0MDcv6ARAZF0JSH6YWTRRGK
+oGV5x2vE6zPXvaejzNzN5aTK9qspOK4QM/bM+DFxl3HvKWsm5urJZnCCrf+pSRC2
+crzoBtmKR6TQIzYbMSu6jfc8xOKCR30LJ+wlZ/LuEZmroSp5xc6Ixeg5FV6w4h4m
+eNlQFU9n5AJyCG3ThQBhahfK4vtOtjYZXrtJ5VFaMlG26xzavVDRppYp3taLtiNi
+qChV/dbSdc7HqYQOnDglUF5mRiu78uZ9+fl5OgE4PjHVG/exyqi6OQZeujPzBXL7
+gZ1WEVt+fV8FWaH/NaEvVu5EFhISI/2dM+y/nuRQ4n2IwauEAWCQ+o6Qdq8TXytp
+70A=
+-----END CERTIFICATE-----
+
+# subject=C = US, ST = North Carolina, L = Raleigh, O = "Red Hat, Inc.", OU = Red Hat IT, CN = Red Hat IT Root CA, emailAddress = infosec@redhat.com
+# issuer=C = US, ST = North Carolina, L = Raleigh, O = "Red Hat, Inc.", OU = Red Hat IT, CN = Red Hat IT Root CA, emailAddress = infosec@redhat.com
+# 2015-IT-Root-CA.pem
+-----BEGIN CERTIFICATE-----
+MIIENDCCAxygAwIBAgIJANunI0D662cnMA0GCSqGSIb3DQEBCwUAMIGlMQswCQYD
+VQQGEwJVUzEXMBUGA1UECAwOTm9ydGggQ2Fyb2xpbmExEDAOBgNVBAcMB1JhbGVp
+Z2gxFjAUBgNVBAoMDVJlZCBIYXQsIEluYy4xEzARBgNVBAsMClJlZCBIYXQgSVQx
+GzAZBgNVBAMMElJlZCBIYXQgSVQgUm9vdCBDQTEhMB8GCSqGSIb3DQEJARYSaW5m
+b3NlY0ByZWRoYXQuY29tMCAXDTE1MDcwNjE3MzgxMVoYDzIwNTUwNjI2MTczODEx
+WjCBpTELMAkGA1UEBhMCVVMxFzAVBgNVBAgMDk5vcnRoIENhcm9saW5hMRAwDgYD
+VQQHDAdSYWxlaWdoMRYwFAYDVQQKDA1SZWQgSGF0LCBJbmMuMRMwEQYDVQQLDApS
+ZWQgSGF0IElUMRswGQYDVQQDDBJSZWQgSGF0IElUIFJvb3QgQ0ExITAfBgkqhkiG
+9w0BCQEWEmluZm9zZWNAcmVkaGF0LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBALQt9OJQh6GC5LT1g80qNh0u50BQ4sZ/yZ8aETxt+5lnPVX6MHKz
+bfwI6nO1aMG6j9bSw+6UUyPBHP796+FT/pTS+K0wsDV7c9XvHoxJBJJU38cdLkI2
+c/i7lDqTfTcfLL2nyUBd2fQDk1B0fxrskhGIIZ3ifP1Ps4ltTkv8hRSob3VtNqSo
+GxkKfvD2PKjTPxDPWYyruy9irLZioMffi3i/gCut0ZWtAyO3MVH5qWF/enKwgPES
+X9po+TdCvRB/RUObBaM761EcrLSM1GqHNueSfqnho3AjLQ6dBnPWlo638Zm1VebK
+BELyhkLWMSFkKwDmne0jQ02Y4g075vCKvCsCAwEAAaNjMGEwHQYDVR0OBBYEFH7R
+4yC+UehIIPeuL8Zqw3PzbgcZMB8GA1UdIwQYMBaAFH7R4yC+UehIIPeuL8Zqw3Pz
+bgcZMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEB
+CwUAA4IBAQBDNvD2Vm9sA5A9AlOJR8+en5Xz9hXcxJB5phxcZQ8jFoG04Vshvd0e
+LEnUrMcfFgIZ4njMKTQCM4ZFUPAieyLx4f52HuDopp3e5JyIMfW+KFcNIpKwCsak
+oSoKtIUOsUJK7qBVZxcrIyeQV2qcYOeZhtS5wBqIwOAhFwlCET7Ze58QHmS48slj
+S9K0JAcps2xdnGu0fkzhSQxY8GPQNFTlr6rYld5+ID/hHeS76gq0YG3q6RLWRkHf
+4eTkRjivAlExrFzKcljC4axKQlnOvVAzz+Gm32U0xPBF4ByePVxCJUHw1TsyTmel
+RxNEp7yHoXcwn+fXna+t5JWh1gxUZty3
+-----END CERTIFICATE-----
+
+# subject=O = Red Hat, OU = prod, CN = Intermediate Certificate Authority
+# issuer=C = US, ST = North Carolina, L = Raleigh, O = "Red Hat, Inc.", OU = Red Hat IT, CN = Red Hat IT Root CA, emailAddress = infosec@redhat.com
+-----BEGIN CERTIFICATE-----
+MIID6DCCAtCgAwIBAgIBFDANBgkqhkiG9w0BAQsFADCBpTELMAkGA1UEBhMCVVMx
+FzAVBgNVBAgMDk5vcnRoIENhcm9saW5hMRAwDgYDVQQHDAdSYWxlaWdoMRYwFAYD
+VQQKDA1SZWQgSGF0LCBJbmMuMRMwEQYDVQQLDApSZWQgSGF0IElUMRswGQYDVQQD
+DBJSZWQgSGF0IElUIFJvb3QgQ0ExITAfBgkqhkiG9w0BCQEWEmluZm9zZWNAcmVk
+aGF0LmNvbTAeFw0xNTEwMTQxNzI5MDdaFw00NTEwMDYxNzI5MDdaME4xEDAOBgNV
+BAoMB1JlZCBIYXQxDTALBgNVBAsMBHByb2QxKzApBgNVBAMMIkludGVybWVkaWF0
+ZSBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ggEKAoIBAQDYpVfg+jjQ3546GHF6sxwMOjIwpOmgAXiHS4pgaCmu+AQwBs4rwxvF
+S+SsDHDTVDvpxJYBwJ6h8S3LK9xk70yGsOAu30EqITj6T+ZPbJG6C/0I5ukEVIeA
+xkgPeCBYiiPwoNc/te6Ry2wlaeH9iTVX8fx32xroSkl65P59/dMttrQtSuQX8jLS
+5rBSjBfILSsaUywND319E/Gkqvh6lo3TEax9rhqbNh2s+26AfBJoukZstg3TWlI/
+pi8v/D3ZFDDEIOXrP0JEfe8ETmm87T1CPdPIZ9+/c4ADPHjdmeBAJddmT0IsH9e6
+Gea2R/fQaSrIQPVmm/0QX2wlY4JfxyLJAgMBAAGjeTB3MB0GA1UdDgQWBBQw3gRU
+oYYCnxH6UPkFcKcowMBP/DAfBgNVHSMEGDAWgBR+0eMgvlHoSCD3ri/GasNz824H
+GTASBgNVHRMBAf8ECDAGAQH/AgEBMA4GA1UdDwEB/wQEAwIBhjARBglghkgBhvhC
+AQEEBAMCAQYwDQYJKoZIhvcNAQELBQADggEBADwaXLIOqoyQoBVck8/52AjWw1Cv
+ath9NGUEFROYm15VbAaFmeY2oQ0EV3tQRm32C9qe9RxVU8DBDjBuNyYhLg3k6/1Z
+JXggtSMtffr5T83bxgfh+vNxF7o5oNxEgRUYTBi4aV7v9LiDd1b7YAsUwj4NPWYZ
+dbuypFSWCoV7ReNt+37muMEZwi+yGIU9ug8hLOrvriEdU3RXt5XNISMMuC8JULdE
+3GVzoNtkznqv5ySEj4M9WsdBiG6bm4aBYIOE0XKE6QYtlsjTMB9UTXxmlUvDE0wC
+z9YYKfC1vLxL2wAgMhOCdKZM+Qlu1stb0B/EF3oxc/iZrhDvJLjijbMpphw=
+-----END CERTIFICATE-----
+
+# subject=O = Red Hat, OU = prod, CN = Certificate Authority
+# issuer=O = Red Hat, OU = prod, CN = Intermediate Certificate Authority
+-----BEGIN CERTIFICATE-----
+MIIDsjCCApqgAwIBAgIBBjANBgkqhkiG9w0BAQsFADBOMRAwDgYDVQQKDAdSZWQg
+SGF0MQ0wCwYDVQQLDARwcm9kMSswKQYDVQQDDCJJbnRlcm1lZGlhdGUgQ2VydGlm
+aWNhdGUgQXV0aG9yaXR5MB4XDTE1MTAxNDE3NDc1NloXDTM1MTAwOTE3NDc1Nlow
+QTEQMA4GA1UECgwHUmVkIEhhdDENMAsGA1UECwwEcHJvZDEeMBwGA1UEAwwVQ2Vy
+dGlmaWNhdGUgQXV0aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
+AQEAzTein1EAuLAZFgvvfDL3okBqn/xg9RVGa7r3Kuw4pVPa9QnkCkFbnaipnyUd
+R331/A4RAHHZmVuddrbvh6C+YtDs+P8DLRC+YDE4VkW9ZRtNbt302z3jY4Y62W1w
+hmsl7IV57ISC8kUbtekLXTuVd3InEywAIc3fyiTi7FsldIngunuxuNjjQD04DGnr
+RmbBAmwfKxaXaT5qciq5kcFaYKQ3P0p6wT0gaDZ7C177W1uorIXCm9J6v8P7GLXD
+scAvN3pgZRJ6Ocj5Fpnkd0nP6kpWhlO8/5B1CUggKaZXdm0kR9J2KOX4wrcjh3xn
+6Rby/hijEwplkgUALIBgRTe3ewIDAQABo4GnMIGkMB8GA1UdIwQYMBaAFDDeBFSh
+hgKfEfpQ+QVwpyjAwE/8MBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQD
+AgHGMB0GA1UdDgQWBBR72gn1SV3Z11zJNvhV0huXnhEvfjA+BggrBgEFBQcBAQQy
+MDAwLgYIKwYBBQUHMAGGImh0dHA6Ly9vY3NwLnJlZGhhdC5jb20vY2EvaW50b2Nz
+cC8wDQYJKoZIhvcNAQELBQADggEBAJeV5FNFhLYc24NZBDTuMFGDLKuHwJmdF4uF
+8Tt5g/Mj4Mi3qSbu2Y+3gk4UQ45GD6HQf+JpA4hHsxJ2L0F39oVQ39QS3MgRoSk3
+LfpKYkzQntRFzSr1OHMA06tHNPlhylGRc/gdLkaLjeFYj/Fhz5Htg9vv9dF4h8bl
+X6KXw/3RH9f5YgKqydtEZtZ0isA4+55gf0m7I0O5lNK3mgY/uBmIk/jSI9WqczrD
+WGf78pvkTQ2PcYg/WiCv+AVsaSaiEDUf4rDj55wQ30h78Ox5J2izd4I6QylB9Lpu
+fQEw+cWRxwFPJujSOTSKRHZDo1UwOIQbxqkbznSHlLCICEXxuvQ=
+-----END CERTIFICATE-----

content/deploy/backstage/node/index.js

@@ -0,0 +1,14 @@
+#!/usr/bin/env node
+
+fetch('https://aap.coe.muc.redhat.com/api/v2/job_templates', {
+    headers: {
+      "Content-Type": "application/json",
+      Authorization: 'YVkm5yVJttlh6RDeW9zZvhCNy7CTrg'
+    },
+    method: "GET"
+  })
+    .then((response) => response.text())
+    .then((body) => {
+        console.log(body);
+    });
+

content/deploy/backstage/node/package.json

@@ -0,0 +1,11 @@
+{
+  "name": "node",
+  "version": "1.0.0",
+  "description": "",
+  "main": "index.js",
+  "scripts": {
+    "test": "echo \"Error: no test specified\" && exit 1"
+  },
+  "author": "",
+  "license": "ISC"
+}

content/deploy/backstage/svc

@@ -0,0 +1,30 @@
+apiVersion: v1
+kind: Service
+metadata:
+  annotations:
+    meta.helm.sh/release-name: developer-hub
+    meta.helm.sh/release-namespace: redhat-developer-hub
+  labels:
+    app.kubernetes.io/component: backstage
+    app.kubernetes.io/instance: developer-hub
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: developer-hub
+    helm.sh/chart: upstream-1.8.0
+  name: developer-hub-a
+  namespace: redhat-developer-hub
+spec:
+  internalTrafficPolicy: Cluster
+  ipFamilies:
+  - IPv4
+  ipFamilyPolicy: SingleStack
+  ports:
+  - name: oauth2-proxy
+    port: 4180
+    protocol: TCP
+    targetPort: oauth2-proxy
+  selector:
+    app.kubernetes.io/component: backstage
+    app.kubernetes.io/instance: developer-hub
+    app.kubernetes.io/name: developer-hub
+  sessionAffinity: None
+  type: ClusterIP

content/deploy/backstage/values.yaml

@@ -0,0 +1,51 @@
+global:
+  auth:
+    backend:
+      enabled: true
+  clusterRouterBase: apps.isar.coe.muc.redhat.com
+  dynamic:
+    includes:
+    - dynamic-plugins.default.yaml
+
+upstream:
+  appConfig:
+    auth:
+      environment: production
+      providers:
+        oauth2Proxy: {}
+  backstage:
+    extraContainers:
+      - args:
+        - --provider=oidc
+        - --email-domain=*
+        - --upstream=http://localhost:7007
+        - --http-address=0.0.0.0:4180
+        - --skip-provider-button
+        - --insecure-oidc-allow-unverified-email=true
+        env:
+        - name: OAUTH2_PROXY_CLIENT_ID
+          valueFrom:
+            secretKeyRef:
+              key: CLIENT_ID
+              name: rh-developer-hub-sso
+        - name: OAUTH2_PROXY_CLIENT_SECRET
+          valueFrom:
+            secretKeyRef:
+              key: CLIENT_SECRET
+              name: rh-developer-hub-sso
+        - name: OAUTH2_PROXY_COOKIE_SECRET
+          value: f1Xw225KFsCK90Wwf8fDyQ==
+        - name: OAUTH2_PROXY_OIDC_ISSUER_URL
+          value: https://sso.coe.muc.redhat.com/realms/coe-sso
+        - name: OAUTH2_PROXY_SSL_INSECURE_SKIP_VERIFY
+          value: "true"
+        image: quay.io/oauth2-proxy/oauth2-proxy:latest
+        imagePullPolicy: IfNotPresent
+        name: oauth2-proxy
+        ports:
+        - containerPort: 4180
+          name: oauth2-proxy
+          protocol: TCP
+        resources: {}
+        terminationMessagePath: /dev/termination-log
+        terminationMessagePolicy: File