Software Tempalte for Backstage: Issue #3

README.md

@@ -17,3 +17,4 @@ helm install my-gitops -f my-values.yaml charts/gitops-operator
 For more info on each chart checkout these!
 * [gitops-operator](/charts/gitops-operator)
 * [pipelines-operator](/charts/pipelines-operator)
+* [assemble-backstage](/charts/assemble-backstage)

charts/assemble-backstage/Chart.yaml

@@ -0,0 +1,9 @@
+apiVersion: v2
+appVersion: v2.4.11
+description: A Helm chart for customising the deployment of the Red Hat Pipelines Operator
+name: assemble-backstage
+version: 0.1.0
+home: https://github.com/halkyonio/assemble-platforms/charts
+maintainers:
+- name: eformat
+- name: springdo

charts/assemble-backstage/README.md

@@ -0,0 +1,98 @@
+# ⚓️ Assemble Backstage Helm Deploy
+
+The Assemble Backstage Helm Chart customizes and deploys the backstage backend application  written by Red Hat.
+
+## Installing the chart
+
+To install the chart from source:
+```bash
+# within this directory 
+oc new-project assemble
+helm upgrade --install assemble-dev . -f values.yaml 
+```
+To install using oc apply
+```bash
+# within this directory
+helm template assemble-dev . | oc apply -f- 
+```
+
+## Configuration
+
+The [values.yml](values.yaml) file contains instructions for common chart overrides.
+
+The operator version can be configuring by modifying the operator configuration values. The startingCSV could be different based on the openshift cluster version.  The channel can be latest, stable or a specific version.
+
+### Postgres Database Configuration
+
+A container version of postgresql will be deployed along with the assamble-backstage application when the external flag is 'false'.  You can
+ suppply a database password or a random value can be used and stored in the postgres secret.  
+
+```yaml
+postgres:
+  external: false
+  database_user: postgres
+  ## Password will be autogenerated if left empty
+  ## If using extrnal instance supply the password
+  #database_password: "somepassword"
+  port: 5432
+  image: registry.redhat.io/rhel9/postgresql-13:1-73
+  resources:
+    limits:
+      cpu: 400m
+      memory: 596Mi
+    requests:
+      cpu: 100m
+      memory: 128Mi
+```
+### Backstage Configuration
+
+There is a secret which containts the backstage app-config.yaml which can be modified using the following sample.   
+
+The 'catalog:' section will define the soures for configuring the catalog section of the app-config.yaml. This content will replace the yaml of that section of the configuraiton.  Refer to [Backstage Catalog Configuration](https://backstage.io/docs/features/software-catalog/configuration) for more details.  
+
+Note: The baseUrl must match the exposed route to ensure communication betweeen the UI and backend services.
+
+```yaml
+# backstage configuration
+backstage:
+  companyname: "My Company"
+  baseUrl: 'https://assemble-dev-assemble.apps-crc.testing'
+
+  ## Override Catalog with here
+  catalog:
+    #import:
+    #  entityFilename: /examples/catalog-info.yaml
+    #  pullRequestBranchName: backstage-integration
+    rules:
+      - allow: [Component, System, API, Resource, Location]
+    locations:
+      # Local example data, file locations are relative to the backend process, typically `packages/backend`
+      #- type: file
+      #  target: /examples/entities.yaml
+
+      # Local example template
+      #- type: file
+      #  target: /examples/template/template.yaml
+      #  rules:
+      #    - allow: [Template]
+
+      # Local example organizational data
+      #- type: file
+      #  target: /examples/org.yaml
+      #  rules:
+      #    - allow: [User, Group]
+```
+
+
+## Removing
+
+To delete the chart:
+```bash
+helm uninstall assemble-dev --namespace assemble
+```
+
+To delete when not using helm
+```
+helm template assemble-dev | oc delete -f-
+```
+

charts/assemble-backstage/templates/_helpers.tpl

@@ -0,0 +1,87 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "assemble-backstage.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "assemble-backstage.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s" .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "assemble-backstage.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "assemble-backstage.labels" -}}
+helm.sh/chart: {{ include "assemble-backstage.chart" . }}
+{{ include "assemble-backstage.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "assemble-backstage.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "assemble-backstage.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "assemble-backstage.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "assemble-backstage.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}
+
+{{/*
+Check for existing secret
+*/}}
+{{- define "gen.postgres-password" -}}
+{{- if .Values.postgres.database_password }}
+databasePassword: {{ .Values.postgres.database_password | quote }}
+{{- else -}}
+{{- $secret := lookup "v1" "Secret" .Release.Namespace  (include "assemble-backstage.fullname" . ) -}}
+{{- if $secret -}}
+{{/*
+   Reusing existing secret data
+databasePassword: {{ $secret.data.databasePassword | quote }}
+*/}}
+databasePassword: {{ $secret.data.databasePassword | b64dec | quote }}
+{{- else -}}
+{{/*
+    Generate new data
+*/}}
+databasePassword: "{{ randAlphaNum 20 }}"
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+

charts/assemble-backstage/templates/assemble-config-secret.yaml

@@ -0,0 +1,89 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: assemble-config
+stringData:
+  app-config.yaml: |- 
+    app:
+      # Should be the same as backend.baseUrl when using the `app-backend` plugin.
+      #baseUrl: http://{{ .Release.Name }}:7007
+      baseUrl: {{ .Values.backstage.baseUrl }}
+
+    organization:
+      name: "{{ .Values.backstage.companyname }}"
+
+    backend:
+      # Note that the baseUrl should be the URL that the browser and other clients
+      # should use when communicating with the backend, i.e. it needs to be
+      # reachable not just from within the backend host, but from all of your
+      # callers. When its value is "http://localhost:7007", it's strictly private
+      # and can't be reached by others.
+      #baseUrl: http://{{ .Release.Name }}:7007
+      baseUrl: {{ .Values.backstage.baseUrl }}
+      listen:
+        port: 7007
+        # The following host directive binds to all IPv4 interfaces when its value
+        # is "0.0.0.0". This is the most permissive setting. The right value depends
+        # on your specific deployment. If you remove the host line entirely, the
+        # backend will bind on the interface that corresponds to the backend.baseUrl
+        # hostname.
+        host: 0.0.0.0
+      csp:
+        connect-src: ["'self'", 'http:', 'https:']
+        # Content-Security-Policy directives follow the Helmet format: https://helmetjs.github.io/#reference
+        # Default Helmet Content-Security-Policy values can be removed by setting the key to false
+      cors:
+        origin: http://{{ .Release.Name }}:3000
+        methods: [GET, POST, PUT, DELETE]
+        credentials: true
+
+      # config options: https://node-postgres.com/api/client
+      database:
+        client: pg
+        connection:
+          host:  {{ include "assemble-backstage.fullname" . }}-postgres.{{ .Release.Namespace }}.svc
+          port: "{{ .Values.postgres.port }}"
+          user: "{{ .Values.postgres.database_user }}"
+          #password: "{{ .Values.postgres.database_password }}"
+          password: "${POSTGRES_ADMIN_PASSWORD}"
+
+      cache:
+        store: memory
+
+    integrations: {}
+      #github:
+        #- host: github.com
+        #  # This is a Personal Access Token or PAT from GitHub. You can find out how to generate this token, and more information
+          # about setting up the GitHub integration here: https://backstage.io/docs/getting-started/configuration#setting-up-a-github-integration
+       #   token: ${GITHUB_TOKEN}
+
+    proxy:
+      '/test':
+        target: 'https://example.com'
+        changeOrigin: true
+
+    # Reference documentation http://backstage.io/docs/features/techdocs/configuration
+    # Note: After experimenting with basic setup, use CI/CD to generate docs
+    # and an external cloud storage when deploying TechDocs for production use-case.
+    # https://backstage.io/docs/features/techdocs/how-to-guides#how-to-migrate-from-techdocs-basic-to-recommended-deployment-approach
+    techdocs:
+      builder: 'local' # Alternatives - 'external'
+      generator:
+        runIn: 'docker' # Alternatives - 'local'
+      publisher:
+        type: 'local' # Alternatives - 'googleGcs' or 'awsS3'. Read documentation for using alternatives.
+
+    auth:
+      # see https://backstage.io/docs/auth/ to learn about auth providers
+      providers: {}
+
+    scaffolder:
+      # see https://backstage.io/docs/features/software-templates/configuration for software template options
+
+    catalog:
+      # Overrides the default list locations from app-config.yaml as these contain example data.
+      # See https://backstage.io/docs/features/software-catalog/software-catalog-overview#adding-components-to-the-catalog for more details
+      # on how to get entities into the catalog.
+      {{- with .Values.backstage.catalog }}
+        {{- toYaml . | nindent 6 }}
+      {{- end }}

charts/assemble-backstage/templates/deployment.yaml

@@ -0,0 +1,64 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "assemble-backstage.fullname" . }}
+  labels:
+    {{- include "assemble-backstage.labels" . | nindent 4 }}
+spec:
+  replicas: {{ .Values.replicaCount }}
+  selector:
+    matchLabels:
+      {{- include "assemble-backstage.selectorLabels" . | nindent 6 }}
+  template:
+    metadata:
+    {{- with .Values.podAnnotations }}
+      annotations:
+        {{- toYaml . | nindent 8 }}
+    {{- end }}
+      labels:
+        {{- include "assemble-backstage.selectorLabels" . | nindent 8 }}
+    spec:
+      {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      serviceAccountName: {{ include "assemble-backstage.serviceAccountName" . }}
+      securityContext:
+        {{- toYaml .Values.podSecurityContext | nindent 8 }}
+      containers:
+        - name: {{ .Chart.Name }}
+          securityContext:
+            {{- toYaml .Values.securityContext | nindent 12 }}
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          command: ['node', 'packages/backend', '--config', '/config/app-config.yaml']   
+          env:
+          - name: POSTGRES_ADMIN_PASSWORD  
+            valueFrom:
+              secretKeyRef:
+                name: {{ include "assemble-backstage.fullname" . }}-postgresql
+                key: databasePassword 
+          ports:
+            - name: http
+              containerPort: {{ .Values.service.targetPort }}
+              protocol: TCP
+          livenessProbe:
+            httpGet:
+              path: /
+              port: http
+          readinessProbe:
+            httpGet:
+              path: /
+              port: http
+          resources:
+            {{- toYaml .Values.resources | nindent 12 }}
+          volumeMounts:
+            - name: assemble-config
+              readOnly: true
+              mountPath: /config
+      volumes:
+        - name: assemble-config
+          secret:
+            secretName: assemble-config
+            defaultMode: 420
+

charts/assemble-backstage/templates/postgres-config.yaml

@@ -0,0 +1,25 @@
+{{- if not .Values.postgres.external }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "assemble-backstage.fullname" . }}-postgresql-config
+  labels:
+    {{- include "assemble-backstage.labels" . | nindent 4 }}
+data:
+  postgresql.conf: |
+    # LOGGING
+    log_min_error_statement = fatal
+
+    # CONNECTION
+    listen_addresses = '*'
+
+    # MODULES
+    shared_preload_libraries = 'decoderbufs'
+
+    # REPLICATION
+    wal_level = logical             # minimal, archive, hot_standby, or logical (change requires restart)
+    max_wal_senders = 1             # max number of walsender processes (change requires restart)
+    #wal_keep_segments = 4          # in logfile segments, 16MB each; 0 disables
+    #wal_sender_timeout = 60s       # in milliseconds; 0 disables
+    max_replication_slots = 1       # max number of replication slots (change requires restart)
+{{ end }}