├── .github ├── CODEOWNERS ├── ISSUE_TEMPLATE │ ├── blank.md │ ├── bug_report.md │ ├── chore.md │ ├── config.yml │ ├── documentation.md │ ├── enhancement.md │ └── epic.md ├── pull_request_template.md ├── renovate.json └── workflows │ ├── bump-version.yml │ ├── on-new-issue.yaml │ ├── release.yml │ └── test.yml ├── .gitignore ├── .helmignore ├── .pre-commit-config.yaml ├── .pre-commit └── jsonschema-dereference.py ├── LICENSE ├── OWNERS ├── README.md ├── charts ├── _templates.gotmpl └── backstage │ ├── .helmignore │ ├── Chart.lock │ ├── Chart.yaml │ ├── README.md │ ├── README.md.gotmpl │ ├── artifacthub-repo.yml │ ├── chart_schema.yaml │ ├── ci │ └── default-values.yaml │ ├── templates │ ├── _helpers.tpl │ ├── dynamic-plugins-configmap.yaml │ ├── route.yaml │ ├── secrets.yaml │ └── tests │ │ └── test-connection.yaml │ ├── values.schema.json │ ├── values.schema.tmpl.json │ └── values.yaml ├── cr.yaml ├── ct-install.yaml └── ct.yaml /.github/CODEOWNERS: -------------------------------------------------------------------------------- 1 | # Lines starting with '#' are comments. 2 | # Each line is a file pattern followed by one or more owners. 3 | 4 | # More details are here: https://help.github.com/articles/about-codeowners/ 5 | 6 | # The '*' pattern is global owners. 7 | 8 | # Order is important. The last matching pattern has the most precedence. 9 | # The folders are ordered as follows: 10 | 11 | # In each subsection folders are ordered first by depth, then alphabetically. 12 | # This should make it easy to add new rules without breaking existing ones. 13 | 14 | # Global rule: 15 | * @janus-idp/maintainers-helm 16 | 17 | # Documentation: 18 | *.md.gotmpl @janus-idp/maintainers-docs 19 | /README.md @janus-idp/maintainers-docs 20 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/blank.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Blank Template 3 | about: Create a blank issue 4 | labels: [status/triage] 5 | --- 6 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/bug_report.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Bug Report 3 | about: If something isn't working 4 | labels: ["kind/bug", "status/triage"] 5 | --- 6 | 7 | ### Describe the bug 8 | 9 | A clear and concise description of what the bug is. (provide screenshots if applicable) 10 | 11 | ### Expected Behavior 12 | 13 | ### What are the steps to reproduce this bug? 14 | 15 | 1. … 16 | 2. … 17 | 3. … 18 | 19 | ### Versions of software used and environment 20 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/chore.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Chore 3 | about: Internal things, technical debt, and to-do tasks to be performed. 4 | labels: ['kind/chore', 'status/triage'] 5 | --- 6 | 7 | ### What needs to be done? 8 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/config.yml: -------------------------------------------------------------------------------- 1 | blank_issues_enabled: false 2 | contact_links: 3 | - name: ❓ Janus IDP Community Slack 4 | url: https://join.slack.com/t/janus-idp/shared_invite/zt-1pxtehxom-fCFtF9rRe3vFqUiFFeAkmg 5 | about: Please ask and answer questions here. 6 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/documentation.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Documentation 3 | about: Improve an existing feature or workflow 4 | labels: ['kind/documentation', 'status/triage'] 5 | --- 6 | 7 | ### What do you want to improve? 8 | 9 | ### What is the current documentation? 10 | 11 | ### What is the new documentation? 12 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/enhancement.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Enhancement 3 | about: Improve an existing feature or workflow 4 | labels: ["kind/enhancement", "status/triage"] 5 | --- 6 | 7 | ### What do you want to improve? 8 | 9 | ### What is the current behavior? 10 | 11 | ### What is the new behavior? 12 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/epic.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Epic 3 | about: A long-lived, PM-driven feature request. Must include a checklist of items that must be completed 4 | labels: ["kind/epic", "status/triage"] 5 | --- 6 | 7 | ## Goal 8 | 9 | ## Acceptance criteria 10 | 11 | - [ ] tdb 12 | 13 | ## Requirements 14 | 15 | - [ ] Test plan 16 | - [ ] Documentation 17 | 18 | ## Issues in Epic 19 | 20 | - [ ] tbd 21 | 22 | ## Notes 23 | 24 | **Additional context** 25 | Add any other context or screenshots about the epic here. 26 | -------------------------------------------------------------------------------- /.github/pull_request_template.md: -------------------------------------------------------------------------------- 1 | 10 | 11 | ## Description of the change 12 | 13 | 14 | 15 | ## Existing or Associated Issue(s) 16 | 17 | 18 | 19 | ## Additional Information 20 | 21 | 22 | 23 | ## Checklist 24 | 25 | - [ ] Chart version bumped in `Chart.yaml` according to [semver](http://semver.org/). 26 | - [ ] Variables are documented in the `values.yaml` and added to the README.md. The [pre-commit](https://pre-commit.com/) utility can be used to generate the necessary content. Use `pre-commit run -a` to apply changes. 27 | - [ ] JSON Schema template updated and re-generated the raw schema via `pre-commit` hook. 28 | - [ ] List tests pass for Chart using the [Chart Testing](https://github.com/helm/chart-testing) tool and the `ct lint` command. 29 | -------------------------------------------------------------------------------- /.github/renovate.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "https://docs.renovatebot.com/renovate-schema.json", 3 | "extends": [ 4 | "config:base", 5 | "helpers:pinGitHubActionDigests" 6 | ] 7 | } 8 | -------------------------------------------------------------------------------- /.github/workflows/bump-version.yml: -------------------------------------------------------------------------------- 1 | name: Bump 2 | 3 | on: issue_comment 4 | 5 | jobs: 6 | chart-version: 7 | name: Chart Version 8 | runs-on: ubuntu-latest 9 | 10 | permissions: 11 | contents: write 12 | id-token: write 13 | issues: write 14 | 15 | steps: 16 | - name: Check for command 17 | id: command 18 | continue-on-error: true 19 | uses: xt0rted/slash-command-action@bf51f8f5f4ea3d58abc7eca58f77104182b23e88 # v2 20 | with: 21 | command: bump 22 | reaction: "true" 23 | reaction-type: "eyes" 24 | allow-edits: "false" 25 | permission-level: write 26 | 27 | - uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5 28 | if: steps.command.outputs.command-name 29 | with: 30 | python-version: 3.7 31 | 32 | - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5 33 | if: steps.command.outputs.command-name 34 | with: 35 | go-version: ^1 36 | 37 | - name: Setup helm-docs 38 | if: steps.command.outputs.command-name 39 | run: go install github.com/norwoodj/helm-docs/cmd/helm-docs@latest 40 | 41 | - name: Generate token 42 | if: steps.command.outputs.command-name 43 | id: generate_token 44 | uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a # v2 45 | with: 46 | app_id: ${{ vars.JANUS_IDP_GITHUB_APP_ID }} 47 | private_key: ${{ secrets.JANUS_IDP_GITHUB_APP_PRIVATE_KEY }} 48 | 49 | - name: Checkout Repository 50 | if: steps.command.outputs.command-name 51 | uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 52 | with: 53 | token: ${{ steps.generate_token.outputs.token }} 54 | 55 | - name: Checkout Pull Request 56 | if: steps.command.outputs.command-name 57 | run: gh pr checkout ${{ github.event.issue.number }} 58 | env: 59 | GITHUB_TOKEN: ${{ steps.generate_token.outputs.token }} 60 | 61 | - name: Get version 62 | if: steps.command.outputs.command-name 63 | id: get_version 64 | uses: mikefarah/yq@dd648994340a5d03225d97abf19c9bf1086c3f07 # v4.40.5 65 | with: 66 | cmd: yq ".version" charts/backstage/Chart.yaml 67 | 68 | - uses: actions-ecosystem/action-bump-semver@34e334551143a5301f38c830e44a22273c6ff5c5 # v1 69 | if: steps.command.outputs.command-name 70 | id: semver 71 | with: 72 | current_version: ${{ steps.get_version.outputs.result }} 73 | level: ${{ steps.command.outputs.command-arguments }} 74 | 75 | - name: Bump the version 76 | if: steps.command.outputs.command-name 77 | uses: mikefarah/yq@dd648994340a5d03225d97abf19c9bf1086c3f07 # v4.40.5 78 | with: 79 | cmd: yq -i '.version = "${{ steps.semver.outputs.new_version }}"' charts/backstage/Chart.yaml 80 | 81 | - name: Run pre-commit 82 | if: steps.command.outputs.command-name 83 | uses: pre-commit/action@646c83fcd040023954eafda54b4db0192ce70507 # renovate: tag=v3.0.0 84 | continue-on-error: true 85 | 86 | - name: Setup Gitsign 87 | if: steps.command.outputs.command-name 88 | uses: chainguard-dev/actions/setup-gitsign@main 89 | 90 | - name: Commit pre-commit changes 91 | if: steps.command.outputs.command-name 92 | uses: stefanzweifel/git-auto-commit-action@8756aa072ef5b4a080af5dc8fef36c5d586e521d # v5 93 | with: 94 | commit_message: Bump version to ${{ steps.semver.outputs.new_version }} 95 | commit_options: '-s' 96 | commit_user_name: Janus IDP 97 | commit_user_email: 139477802+janus-idp[bot]@users.noreply.github.com 98 | commit_author: Janus IDP <139477802+janus-idp[bot]@users.noreply.github.com> 99 | 100 | -------------------------------------------------------------------------------- /.github/workflows/on-new-issue.yaml: -------------------------------------------------------------------------------- 1 | on: 2 | issues: 3 | types: 4 | - opened 5 | 6 | jobs: 7 | add-to-project: 8 | # https://github.com/janus-idp/.github/blob/main/.github/workflows/add-to-project.yaml 9 | uses: janus-idp/.github/.github/workflows/add-to-project.yaml@main 10 | with: 11 | project_id: 2 12 | secrets: inherit 13 | 14 | add-jira-label: 15 | runs-on: ubuntu-latest 16 | permissions: 17 | issues: write 18 | steps: 19 | - run: | 20 | gh issue --repo ${{github.repository}} edit ${{github.event.issue.number}} --add-label "jira" 21 | env: 22 | GH_TOKEN: ${{ github.token }} 23 | -------------------------------------------------------------------------------- /.github/workflows/release.yml: -------------------------------------------------------------------------------- 1 | name: Release Charts 2 | 3 | on: 4 | push: 5 | branches: 6 | - main 7 | paths: 8 | - "charts/**" 9 | 10 | jobs: 11 | release: 12 | runs-on: ubuntu-latest 13 | 14 | permissions: 15 | contents: write 16 | packages: write 17 | id-token: write 18 | 19 | steps: 20 | - name: Checkout 21 | uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 22 | with: 23 | fetch-depth: 0 24 | 25 | - name: Configure Git 26 | run: | 27 | git config user.name "$GITHUB_ACTOR" 28 | git config user.email "$GITHUB_ACTOR@users.noreply.github.com" 29 | 30 | - name: Add dependencies 31 | run: | 32 | helm repo add bitnami https://charts.bitnami.com/bitnami 33 | helm repo add backstage https://backstage.github.io/charts 34 | 35 | - name: Run chart-releaser 36 | uses: helm/chart-releaser-action@a917fd15b20e8b64b94d9158ad54cd6345335584 # v1.6.0 37 | with: 38 | config: cr.yaml 39 | env: 40 | CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" 41 | 42 | - name: Login to GitHub Container Registry 43 | uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 44 | with: 45 | registry: ghcr.io 46 | username: ${{ github.actor }} 47 | password: ${{ secrets.GITHUB_TOKEN }} 48 | 49 | - name: Install Cosign 50 | uses: sigstore/cosign-installer@e1523de7571e31dbe865fd2e80c5c7c23ae71eb4 # v3.4.0 51 | 52 | - name: Install Oras 53 | uses: oras-project/setup-oras@ee7dbe1144cb00080a89497f937dae78f85fce29 # v1.1.0 54 | 55 | - name: Publish and Sign OCI Charts 56 | run: | 57 | for chart in `find .cr-release-packages -name '*.tgz' -print`; do 58 | helm push ${chart} oci://ghcr.io/${GITHUB_REPOSITORY} |& tee helm-push-output.log 59 | file_name=${chart##*/} 60 | chart_name=${file_name%-*} 61 | digest=$(awk -F "[, ]+" '/Digest/{print $NF}' < helm-push-output.log) 62 | cosign sign -y "ghcr.io/${GITHUB_REPOSITORY}/${chart_name}@${digest}" 63 | 64 | oras push "ghcr.io/${GITHUB_REPOSITORY}/${chart_name}:artifacthub.io" "./charts/${chart_name}/artifacthub-repo.yml:application/vnd.cncf.artifacthub.repository-metadata.layer.v1.yaml" 65 | done 66 | env: 67 | COSIGN_EXPERIMENTAL: 1 68 | -------------------------------------------------------------------------------- /.github/workflows/test.yml: -------------------------------------------------------------------------------- 1 | name: Test Charts 2 | 3 | on: 4 | pull_request: 5 | paths: 6 | - "charts/**" 7 | - ".github/**" 8 | 9 | jobs: 10 | check-metadata: 11 | name: Lint Metadata 12 | runs-on: ubuntu-latest 13 | env: 14 | GO111MODULE: on 15 | steps: 16 | - name: Checkout 17 | uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 18 | 19 | - uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5 20 | with: 21 | python-version: 3.7 22 | 23 | - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5 24 | with: 25 | go-version: ^1 26 | 27 | - name: Setup helm-docs 28 | run: go install github.com/norwoodj/helm-docs/cmd/helm-docs@latest 29 | 30 | - name: Run pre-commit 31 | uses: pre-commit/action@646c83fcd040023954eafda54b4db0192ce70507 # renovate: tag=v3.0.0 32 | with: 33 | extra_args: --show-diff-on-failure 34 | test-latest: 35 | name: Test Latest Release 36 | runs-on: ubuntu-latest 37 | steps: 38 | - name: Checkout 39 | uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 40 | with: 41 | fetch-depth: 0 42 | 43 | - name: Set up Helm 44 | uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # renovate: tag=v3.5 45 | with: 46 | version: v3.10.0 47 | 48 | - uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5 49 | with: 50 | python-version: 3.7 51 | 52 | - name: Set up chart-testing 53 | uses: helm/chart-testing-action@e6669bcd63d7cb57cb4380c33043eebe5d111992 # v2.6.1 54 | 55 | - name: "Add NGINX Ingress and Bitnami Repository" 56 | run: | 57 | helm repo add ingress-nginx "https://kubernetes.github.io/ingress-nginx" 58 | helm repo add bitnami "https://charts.bitnami.com/bitnami" 59 | helm repo add backstage https://backstage.github.io/charts 60 | helm repo update 61 | 62 | - name: Run chart-testing (lint) 63 | run: ct lint --config ct.yaml --helm-extra-args="--set upstream.backstage.image.tag=latest --set global.clusterRouterBase=app.example.yaml" 64 | 65 | - name: Create KIND Cluster 66 | uses: helm/kind-action@dda0770415bac9fc20092cacbc54aa298604d140 # v1.8.0 67 | 68 | - name: Install Ingress Controller 69 | run: "helm install ingress-nginx/ingress-nginx --generate-name --set controller.service.type='NodePort' --set controller.admissionWebhooks.enabled=false" 70 | 71 | - name: Run chart-testing (latest) 72 | # test with latest stable backstage-showcase release 73 | run: ct install --config ct-install.yaml --helm-extra-set-args="--set=upstream.backstage.image.tag=latest --set=global.clusterRouterBase=app.example.com" 74 | test-next: 75 | name: Test Next Release 76 | runs-on: ubuntu-latest 77 | steps: 78 | - name: Checkout 79 | uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 80 | with: 81 | fetch-depth: 0 82 | 83 | - name: Set up Helm 84 | uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # renovate: tag=v3.5 85 | with: 86 | version: v3.10.0 87 | 88 | - uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5 89 | with: 90 | python-version: 3.7 91 | 92 | - name: Set up chart-testing 93 | uses: helm/chart-testing-action@e6669bcd63d7cb57cb4380c33043eebe5d111992 # v2.6.1 94 | 95 | - name: "Add NGINX Ingress and Bitnami Repository" 96 | run: | 97 | helm repo add ingress-nginx "https://kubernetes.github.io/ingress-nginx" 98 | helm repo add bitnami "https://charts.bitnami.com/bitnami" 99 | helm repo add backstage https://backstage.github.io/charts 100 | helm repo update 101 | 102 | - name: Run chart-testing (lint) 103 | run: ct lint --config ct.yaml --helm-extra-args="--set upstream.backstage.image.tag=next --set global.clusterRouterBase=app.example.yaml" 104 | 105 | - name: Create KIND Cluster 106 | uses: helm/kind-action@dda0770415bac9fc20092cacbc54aa298604d140 # v1.8.0 107 | 108 | - name: Install Ingress Controller 109 | run: "helm install ingress-nginx/ingress-nginx --generate-name --set controller.service.type='NodePort' --set controller.admissionWebhooks.enabled=false" 110 | 111 | - name: Run chart-testing (next) 112 | # test with the next backstage-showcase version (main branch) 113 | run: ct install --config ct-install.yaml --helm-extra-set-args="--set=upstream.backstage.image.tag=next --set=global.clusterRouterBase=app.example.com" 114 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | ### macOS ### 2 | .DS_Store 3 | .AppleDouble 4 | .LSOverride 5 | .idea 6 | 7 | # helm chart dependencies 8 | charts/*/charts/ 9 | **/charts/*.tgz 10 | -------------------------------------------------------------------------------- /.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /.pre-commit-config.yaml: -------------------------------------------------------------------------------- 1 | repos: 2 | - repo: https://github.com/norwoodj/helm-docs 3 | rev: v1.2.0 4 | hooks: 5 | - id: helm-docs 6 | files: (README\.md(\.gotmpl)?|(Chart|requirements|values)\.ya?ml)$ 7 | args: 8 | # Make the tool search for charts only under the ``charts` directory 9 | - --chart-search-root=charts 10 | # The `./` makes it relative to the chart-search-root set above 11 | - --template-files=./_templates.gotmpl 12 | # A base filename makes it relative to each chart directory found 13 | - --template-files=README.md.gotmpl 14 | - repo: local 15 | hooks: 16 | - id: jsonschema-dereference 17 | name: jsonschema-dereference 18 | entry: python .pre-commit/jsonschema-dereference.py 19 | additional_dependencies: [jsonref, Jinja2, pyyaml] 20 | language: python 21 | types_or: [yaml, json] 22 | -------------------------------------------------------------------------------- /.pre-commit/jsonschema-dereference.py: -------------------------------------------------------------------------------- 1 | import json 2 | from typing import List, Dict, Any 3 | from pathlib import Path 4 | 5 | import jsonref 6 | import yaml 7 | try: 8 | from yaml import CLoader as Loader, CDumper as Dumper 9 | except ImportError: 10 | from yaml import Loader, Dumper 11 | from jinja2 import Template 12 | 13 | JSONSCHEMA_TEMPLATE_NAME = "values.schema.tmpl.json" 14 | JSONSCHEMA_NAME = "values.schema.json" 15 | VALUES_FILE = "values.yaml" 16 | CHART_LOCK = "Chart.lock" 17 | 18 | def read_yaml(file_path: Path): 19 | """Open and load Chart.yaml file.""" 20 | with open(file_path, "r") as f: 21 | return yaml.load(f, Loader=Loader) 22 | 23 | def template_schema(chart_dir: Path, lock: Dict[str, Any]): 24 | """Load values.schema.tmpl.json and template it via Jinja2.""" 25 | with open(chart_dir / JSONSCHEMA_TEMPLATE_NAME, "r") as f: 26 | schema_template = Template(f.read()) 27 | 28 | return json.loads(schema_template.render(lock)) 29 | 30 | def tidy_schema(schema: Any, values: Any): 31 | """Hack to support OCP Form view. 32 | 33 | https://issues.redhat.com/browse/OCPBUGS-14874 34 | https://issues.redhat.com/browse/OCPBUGS-14875 35 | """ 36 | if isinstance(schema, dict): 37 | try: 38 | del schema["$schema"] 39 | except: 40 | pass 41 | try: 42 | del schema["format"] 43 | except: 44 | pass 45 | 46 | # Override existing defaults so OCP form view 47 | # doesn't try to override our defaults 48 | if schema.get("default") is not None and values is not None: 49 | schema["default"] = values 50 | 51 | # Tidy up properties for type: object 52 | properties: Dict[str, Any] = schema.get("properties", {}) 53 | for k, v in properties.items(): 54 | if isinstance(values, dict): 55 | new_values = values.get(k, None) 56 | else: 57 | new_values = None 58 | tidy_schema(v, new_values) 59 | 60 | # Tidy up properties for type: array 61 | items: Dict[str, Any] = schema.get("items", {}) 62 | if items: 63 | tidy_schema(items, values) 64 | return schema 65 | 66 | def save(chart_dir: Path, schema: Any): 67 | """Take schema containing $refs and dereference them.""" 68 | with open(chart_dir / JSONSCHEMA_NAME, "w") as f: 69 | json.dump(schema, f, indent=4, sort_keys=True) 70 | 71 | if __name__ == '__main__': 72 | charts = [p.parent for p in Path(".").rglob(CHART_LOCK)] 73 | 74 | errors: List[BaseException] = [] 75 | for chart in charts: 76 | try: 77 | lock = read_yaml(chart / CHART_LOCK) 78 | values = read_yaml(chart / VALUES_FILE) 79 | schema_template = template_schema(chart, lock) 80 | schema = jsonref.replace_refs(schema_template) 81 | schema = tidy_schema(schema, values) 82 | 83 | save(chart, schema) 84 | except BaseException as e: 85 | print(f"Could not process schema for '{chart}': {e}") 86 | errors.append(e) 87 | if errors: 88 | exit(1) 89 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Apache License 2 | Version 2.0, January 2004 3 | http://www.apache.org/licenses/ 4 | 5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 6 | 7 | 1. Definitions. 8 | 9 | "License" shall mean the terms and conditions for use, reproduction, 10 | and distribution as defined by Sections 1 through 9 of this document. 11 | 12 | "Licensor" shall mean the copyright owner or entity authorized by 13 | the copyright owner that is granting the License. 14 | 15 | "Legal Entity" shall mean the union of the acting entity and all 16 | other entities that control, are controlled by, or are under common 17 | control with that entity. For the purposes of this definition, 18 | "control" means (i) the power, direct or indirect, to cause the 19 | direction or management of such entity, whether by contract or 20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 21 | outstanding shares, or (iii) beneficial ownership of such entity. 22 | 23 | "You" (or "Your") shall mean an individual or Legal Entity 24 | exercising permissions granted by this License. 25 | 26 | "Source" form shall mean the preferred form for making modifications, 27 | including but not limited to software source code, documentation 28 | source, and configuration files. 29 | 30 | "Object" form shall mean any form resulting from mechanical 31 | transformation or translation of a Source form, including but 32 | not limited to compiled object code, generated documentation, 33 | and conversions to other media types. 34 | 35 | "Work" shall mean the work of authorship, whether in Source or 36 | Object form, made available under the License, as indicated by a 37 | copyright notice that is included in or attached to the work 38 | (an example is provided in the Appendix below). 39 | 40 | "Derivative Works" shall mean any work, whether in Source or Object 41 | form, that is based on (or derived from) the Work and for which the 42 | editorial revisions, annotations, elaborations, or other modifications 43 | represent, as a whole, an original work of authorship. For the purposes 44 | of this License, Derivative Works shall not include works that remain 45 | separable from, or merely link (or bind by name) to the interfaces of, 46 | the Work and Derivative Works thereof. 47 | 48 | "Contribution" shall mean any work of authorship, including 49 | the original version of the Work and any modifications or additions 50 | to that Work or Derivative Works thereof, that is intentionally 51 | submitted to Licensor for inclusion in the Work by the copyright owner 52 | or by an individual or Legal Entity authorized to submit on behalf of 53 | the copyright owner. For the purposes of this definition, "submitted" 54 | means any form of electronic, verbal, or written communication sent 55 | to the Licensor or its representatives, including but not limited to 56 | communication on electronic mailing lists, source code control systems, 57 | and issue tracking systems that are managed by, or on behalf of, the 58 | Licensor for the purpose of discussing and improving the Work, but 59 | excluding communication that is conspicuously marked or otherwise 60 | designated in writing by the copyright owner as "Not a Contribution." 61 | 62 | "Contributor" shall mean Licensor and any individual or Legal Entity 63 | on behalf of whom a Contribution has been received by Licensor and 64 | subsequently incorporated within the Work. 65 | 66 | 2. Grant of Copyright License. Subject to the terms and conditions of 67 | this License, each Contributor hereby grants to You a perpetual, 68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 69 | copyright license to reproduce, prepare Derivative Works of, 70 | publicly display, publicly perform, sublicense, and distribute the 71 | Work and such Derivative Works in Source or Object form. 72 | 73 | 3. Grant of Patent License. Subject to the terms and conditions of 74 | this License, each Contributor hereby grants to You a perpetual, 75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 76 | (except as stated in this section) patent license to make, have made, 77 | use, offer to sell, sell, import, and otherwise transfer the Work, 78 | where such license applies only to those patent claims licensable 79 | by such Contributor that are necessarily infringed by their 80 | Contribution(s) alone or by combination of their Contribution(s) 81 | with the Work to which such Contribution(s) was submitted. If You 82 | institute patent litigation against any entity (including a 83 | cross-claim or counterclaim in a lawsuit) alleging that the Work 84 | or a Contribution incorporated within the Work constitutes direct 85 | or contributory patent infringement, then any patent licenses 86 | granted to You under this License for that Work shall terminate 87 | as of the date such litigation is filed. 88 | 89 | 4. Redistribution. You may reproduce and distribute copies of the 90 | Work or Derivative Works thereof in any medium, with or without 91 | modifications, and in Source or Object form, provided that You 92 | meet the following conditions: 93 | 94 | (a) You must give any other recipients of the Work or 95 | Derivative Works a copy of this License; and 96 | 97 | (b) You must cause any modified files to carry prominent notices 98 | stating that You changed the files; and 99 | 100 | (c) You must retain, in the Source form of any Derivative Works 101 | that You distribute, all copyright, patent, trademark, and 102 | attribution notices from the Source form of the Work, 103 | excluding those notices that do not pertain to any part of 104 | the Derivative Works; and 105 | 106 | (d) If the Work includes a "NOTICE" text file as part of its 107 | distribution, then any Derivative Works that You distribute must 108 | include a readable copy of the attribution notices contained 109 | within such NOTICE file, excluding those notices that do not 110 | pertain to any part of the Derivative Works, in at least one 111 | of the following places: within a NOTICE text file distributed 112 | as part of the Derivative Works; within the Source form or 113 | documentation, if provided along with the Derivative Works; or, 114 | within a display generated by the Derivative Works, if and 115 | wherever such third-party notices normally appear. The contents 116 | of the NOTICE file are for informational purposes only and 117 | do not modify the License. You may add Your own attribution 118 | notices within Derivative Works that You distribute, alongside 119 | or as an addendum to the NOTICE text from the Work, provided 120 | that such additional attribution notices cannot be construed 121 | as modifying the License. 122 | 123 | You may add Your own copyright statement to Your modifications and 124 | may provide additional or different license terms and conditions 125 | for use, reproduction, or distribution of Your modifications, or 126 | for any such Derivative Works as a whole, provided Your use, 127 | reproduction, and distribution of the Work otherwise complies with 128 | the conditions stated in this License. 129 | 130 | 5. Submission of Contributions. Unless You explicitly state otherwise, 131 | any Contribution intentionally submitted for inclusion in the Work 132 | by You to the Licensor shall be under the terms and conditions of 133 | this License, without any additional terms or conditions. 134 | Notwithstanding the above, nothing herein shall supersede or modify 135 | the terms of any separate license agreement you may have executed 136 | with Licensor regarding such Contributions. 137 | 138 | 6. Trademarks. This License does not grant permission to use the trade 139 | names, trademarks, service marks, or product names of the Licensor, 140 | except as required for reasonable and customary use in describing the 141 | origin of the Work and reproducing the content of the NOTICE file. 142 | 143 | 7. Disclaimer of Warranty. Unless required by applicable law or 144 | agreed to in writing, Licensor provides the Work (and each 145 | Contributor provides its Contributions) on an "AS IS" BASIS, 146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 147 | implied, including, without limitation, any warranties or conditions 148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 149 | PARTICULAR PURPOSE. You are solely responsible for determining the 150 | appropriateness of using or redistributing the Work and assume any 151 | risks associated with Your exercise of permissions under this License. 152 | 153 | 8. Limitation of Liability. In no event and under no legal theory, 154 | whether in tort (including negligence), contract, or otherwise, 155 | unless required by applicable law (such as deliberate and grossly 156 | negligent acts) or agreed to in writing, shall any Contributor be 157 | liable to You for damages, including any direct, indirect, special, 158 | incidental, or consequential damages of any character arising as a 159 | result of this License or out of the use or inability to use the 160 | Work (including but not limited to damages for loss of goodwill, 161 | work stoppage, computer failure or malfunction, or any and all 162 | other commercial damages or losses), even if such Contributor 163 | has been advised of the possibility of such damages. 164 | 165 | 9. Accepting Warranty or Additional Liability. While redistributing 166 | the Work or Derivative Works thereof, You may choose to offer, 167 | and charge a fee for, acceptance of support, warranty, indemnity, 168 | or other liability obligations and/or rights consistent with this 169 | License. However, in accepting such obligations, You may act only 170 | on Your own behalf and on Your sole responsibility, not on behalf 171 | of any other Contributor, and only if You agree to indemnify, 172 | defend, and hold each Contributor harmless for any liability 173 | incurred by, or claims asserted against, such Contributor by reason 174 | of your accepting any such warranty or additional liability. 175 | 176 | END OF TERMS AND CONDITIONS 177 | 178 | APPENDIX: How to apply the Apache License to your work. 179 | 180 | To apply the Apache License to your work, attach the following 181 | boilerplate notice, with the fields enclosed by brackets "[]" 182 | replaced with your own identifying information. (Don't include 183 | the brackets!) The text should be enclosed in the appropriate 184 | comment syntax for the file format. We also recommend that a 185 | file or class name and description of purpose be included on the 186 | same "printed page" as the copyright notice for easier 187 | identification within third-party archives. 188 | 189 | Copyright 2022 The Janus-IDP Authors 190 | 191 | Licensed under the Apache License, Version 2.0 (the "License"); 192 | you may not use this file except in compliance with the License. 193 | You may obtain a copy of the License at 194 | 195 | http://www.apache.org/licenses/LICENSE-2.0 196 | 197 | Unless required by applicable law or agreed to in writing, software 198 | distributed under the License is distributed on an "AS IS" BASIS, 199 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 200 | See the License for the specific language governing permissions and 201 | limitations under the License. 202 | -------------------------------------------------------------------------------- /OWNERS: -------------------------------------------------------------------------------- 1 | approvers: 2 | - davidfestal 3 | - gazarenkov 4 | - kadel 5 | - nickboldt 6 | - rm3l 7 | - tumido 8 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Janus-IDP Backstage Helm Chart for OpenShift 2 | 3 | > **:exclamation: This Helm Chart is deprecated!** 4 | 5 | [![Artifact Hub](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/janus-idp&style=flat-square)](https://artifacthub.io/packages/search?repo=janus-idp) 6 | ![Version: 2.12.5](https://img.shields.io/badge/Version-2.12.5-informational?style=flat-square) 7 | ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) 8 | 9 | DEPRECATED A Helm chart for deploying a Backstage application. See https://github.com/redhat-developer/rhdh-chart 10 | 11 | **Homepage:** 12 | 13 | ## Maintainers 14 | 15 | | Name | Email | Url | 16 | | ---- | ------ | --- | 17 | | Janus-IDP | | | 18 | 19 | ## Source Code 20 | 21 | * 22 | * 23 | 24 | --- 25 | 26 | [Janus-IDP](https://janus-idp.io/) Backstage chart is an opinionated flavor of the upstream chart located at [backstage/charts](https://github.com/backstage/charts). It extends the upstream chart with additional OpenShift specific functionality and provides opinionated values. 27 | 28 | [Backstage](https://backstage.io) is an open platform for building developer portals. Powered by a centralized software catalog, Backstage restores order to your microservices and infrastructure and enables your product teams to ship high-quality code quickly — without compromising autonomy. 29 | 30 | Backstage unifies all your infrastructure tooling, services, and documentation to create a streamlined development environment from end to end. 31 | 32 | **This chart offers an opinionated OpenShift-specific experience.** It is based on and directly depends on an upstream canonical [Backstage Helm chart](https://github.com/backstage/charts/tree/main/charts/backstage). For less opinionated experience, please consider using the upstream chart directly. 33 | 34 | This chart extends all the features in the upstream chart in addition to including OpenShift only features. It is not recommended to use this chart on other platforms. 35 | 36 | ## Usage 37 | 38 | Charts are available in the following formats: 39 | 40 | - [Chart Repository](https://helm.sh/docs/topics/chart_repository/) 41 | - [OCI Artifacts](https://helm.sh/docs/topics/registries/) 42 | 43 | ### Installing from the Chart Repository 44 | 45 | The following command can be used to add the chart repository: 46 | 47 | ```console 48 | helm repo add bitnami https://charts.bitnami.com/bitnami 49 | helm repo add backstage https://backstage.github.io/charts 50 | helm repo add janus-idp https://janus-idp.github.io/helm-backstage 51 | ``` 52 | 53 | Once the chart has been added, install this chart. However before doing so, please review the default `values.yaml` and adjust as needed. 54 | 55 | - If your cluster doesn't provide PVCs, you should disable PostgreSQL persistence via: 56 | 57 | ```yaml 58 | upstream: 59 | postgresql: 60 | primary: 61 | persistence: 62 | enabled: false 63 | ``` 64 | 65 | ```console 66 | helm upgrade -i janus-idp/backstage 67 | ``` 68 | 69 | ### Installing from an OCI Registry 70 | 71 | Note: this repo is deprecated. New chart updates will be in `[redhat-developer/rhdh-chart](https://github.com/orgs/redhat-developer/packages/container/package/rhdh-chart%2Fbackstage)` starting in 2024. 72 | 73 | Chart is also available in OCI format. The list of available releases can be found [here](https://github.com/orgs/janus-idp/packages/container/package/helm-backstage%2Fbackstage). 74 | 75 | Install one of the available versions: 76 | 77 | ```shell 78 | helm upgrade -i oci://ghcr.io/redhat-developer/rhdh-chart/backstage --version= 79 | ``` 80 | 81 | or 82 | 83 | ```shell 84 | helm upgrade -i oci://ghcr.io/janus-idp/helm-backstage/backstage --version= 85 | ``` 86 | 87 | ## Backstage Chart 88 | 89 | More information can be found by inspecting the [backstage chart](charts/backstage). 90 | -------------------------------------------------------------------------------- /charts/_templates.gotmpl: -------------------------------------------------------------------------------- 1 | {{ define "chart.valuesTable" }} 2 | | Key | Description | Type | Default | 3 | |-----|-------------|------|---------| 4 | {{- range .Values }} 5 | | {{ .Key }} | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} | {{ .Type }} | {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }} | 6 | {{- end }} 7 | {{ end }} 8 | -------------------------------------------------------------------------------- /charts/backstage/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | # Templates files 25 | README.md.gotmpl 26 | values.schema.tmpll.json 27 | -------------------------------------------------------------------------------- /charts/backstage/Chart.lock: -------------------------------------------------------------------------------- 1 | dependencies: 2 | - name: common 3 | repository: https://charts.bitnami.com/bitnami 4 | version: 2.14.1 5 | - name: backstage 6 | repository: https://backstage.github.io/charts 7 | version: 1.8.2 8 | digest: sha256:63d6982cf48079fc5aab1a373446120ff8041f014f913ae848d5867ad9443931 9 | generated: "2024-02-02T01:07:56.326778504Z" 10 | -------------------------------------------------------------------------------- /charts/backstage/Chart.yaml: -------------------------------------------------------------------------------- 1 | annotations: 2 | artifacthub.io/category: integration-delivery 3 | artifacthub.io/license: Apache-2.0 4 | artifacthub.io/links: | 5 | - name: support 6 | url: https://github.com/redhat-developer/rhdh-chart/issues 7 | - name: Chart Source 8 | url: https://github.com/redhat-developer/rhdh-chart 9 | - name: Default Image Source 10 | url: https://github.com/janus-idp/backstage-showcase 11 | charts.openshift.io/name: Backstage 12 | charts.openshift.io/provider: Janus-IDP 13 | charts.openshift.io/supportURL: https://github.com/redhat-developer/rhdh-chart/issues 14 | apiVersion: v2 15 | description: DEPRECATED A Helm chart for deploying a Backstage application. See https://github.com/redhat-developer/rhdh-chart 16 | deprecated: true 17 | dependencies: 18 | - name: common 19 | repository: https://charts.bitnami.com/bitnami 20 | tags: 21 | - bitnami-common 22 | version: "2.14.1" 23 | - name: backstage 24 | repository: https://backstage.github.io/charts 25 | version: "1.8.2" 26 | alias: upstream 27 | home: https://janus-idp.io 28 | icon: https://avatars.githubusercontent.com/u/117844786 29 | keywords: 30 | - backstage 31 | - idp 32 | - janus-idp 33 | kubeVersion: ">= 1.19.0-0" 34 | maintainers: 35 | - name: Red Hat Developer Hub Team 36 | url: https://github.com/redhat-developer/rhdh-chart 37 | name: backstage 38 | type: application 39 | sources: 40 | - https://github.com/redhat-developer/rhdh-chart 41 | - https://github.com/janus-idp/backstage-showcase 42 | # This is the chart version. This version number should be incremented each time you make changes 43 | # to the chart and its templates, including the app version. 44 | # Versions are expected to follow Semantic Versioning (https://semver.org/) 45 | version: 2.12.5 46 | -------------------------------------------------------------------------------- /charts/backstage/README.md: -------------------------------------------------------------------------------- 1 | 2 | # Janus-IDP Backstage Helm Chart for OpenShift 3 | 4 | > **:exclamation: This Helm Chart is deprecated!** 5 | 6 | [![Artifact Hub](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/janus-idp&style=flat-square)](https://artifacthub.io/packages/search?repo=janus-idp) 7 | ![Version: 2.12.5](https://img.shields.io/badge/Version-2.12.5-informational?style=flat-square) 8 | ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) 9 | 10 | DEPRECATED A Helm chart for deploying a Backstage application. See https://github.com/redhat-developer/rhdh-chart 11 | 12 | **Homepage:** 13 | 14 | ## Maintainers 15 | 16 | | Name | Email | Url | 17 | | ---- | ------ | --- | 18 | | Red Hat Developer Hub Team | | | 19 | 20 | ## Source Code 21 | 22 | * 23 | * 24 | 25 | --- 26 | 27 | [Janus-IDP](https://janus-idp.io/) Backstage chart is an opinionated flavor of the upstream chart located at [backstage/charts](https://github.com/backstage/charts). It extends the upstream chart with additional OpenShift specific functionality and provides opinionated values. 28 | 29 | [Backstage](https://backstage.io) is an open platform for building developer portals. Powered by a centralized software catalog, Backstage restores order to your microservices and infrastructure and enables your product teams to ship high-quality code quickly — without compromising autonomy. 30 | 31 | Backstage unifies all your infrastructure tooling, services, and documentation to create a streamlined development environment from end to end. 32 | 33 | **This chart offers an opinionated OpenShift-specific experience.** It is based on and directly depends on an upstream canonical [Backstage Helm chart](https://github.com/backstage/charts/tree/main/charts/backstage). For less opinionated experience, please consider using the upstream chart directly. 34 | 35 | This chart extends all the features in the upstream chart in addition to including OpenShift only features. It is not recommended to use this chart on other platforms. 36 | 37 | ## TL;DR 38 | 39 | ```console 40 | helm repo add bitnami https://charts.bitnami.com/bitnami 41 | helm repo add backstage https://backstage.github.io/charts 42 | helm repo add janus-idp https://janus-idp.github.io/helm-backstage 43 | 44 | helm install my-release janus-idp/backstage 45 | ``` 46 | 47 | ## Introduction 48 | 49 | This chart bootstraps a [Backstage](https://backstage.io/docs/deployment/docker) deployment on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. 50 | 51 | ## Prerequisites 52 | 53 | - Kubernetes 1.19+ 54 | - Helm 3.2.0+ 55 | - PV provisioner support in the underlying infrastructure 56 | - [Backstage container image](https://backstage.io/docs/deployment/docker) 57 | 58 | ## Usage 59 | 60 | Chart is available in the following formats: 61 | 62 | - [Chart Repository](https://helm.sh/docs/topics/chart_repository/) 63 | - [OCI Artifacts](https://helm.sh/docs/topics/registries/) 64 | 65 | ### Installing from the Chart Repository 66 | 67 | The following command can be used to add the chart repository: 68 | 69 | ```console 70 | helm repo add bitnami https://charts.bitnami.com/bitnami 71 | helm repo add backstage https://backstage.github.io/charts 72 | helm repo add janus-idp https://janus-idp.github.io/helm-backstage 73 | ``` 74 | 75 | Once the chart has been added, install this chart. However before doing so, please review the default `values.yaml` and adjust as needed. 76 | 77 | - If your cluster doesn't provide PVCs, you should disable PostgreSQL persistence via: 78 | 79 | ```yaml 80 | upstream: 81 | postgresql: 82 | primary: 83 | persistence: 84 | enabled: false 85 | ``` 86 | 87 | ```console 88 | helm upgrade -i janus-idp/backstage 89 | ``` 90 | 91 | ### Installing from an OCI Registry 92 | 93 | Note: this repo is deprecated. New chart updates will be in `[redhat-developer/rhdh-chart](https://github.com/orgs/redhat-developer/packages/container/package/rhdh-chart%2Fbackstage)` starting in 2024. 94 | 95 | Chart is also available in OCI format. The list of available releases can be found [here](https://github.com/orgs/janus-idp/packages/container/package/helm-backstage%2Fbackstage). 96 | 97 | Install one of the available versions: 98 | 99 | ```shell 100 | helm upgrade -i oci://ghcr.io/redhat-developer/rhdh-chart/backstage --version= 101 | ``` 102 | 103 | or 104 | 105 | ```shell 106 | helm upgrade -i oci://ghcr.io/janus-idp/helm-backstage/backstage --version= 107 | ``` 108 | 109 | > **Tip**: List all releases using `helm list` 110 | 111 | ### Uninstalling the Chart 112 | 113 | To uninstall/delete the `my-backstage-release` deployment: 114 | 115 | ```console 116 | helm uninstall my-backstage-release 117 | ``` 118 | 119 | The command removes all the Kubernetes components associated with the chart and deletes the release. 120 | 121 | ## Requirements 122 | 123 | Kubernetes: `>= 1.19.0-0` 124 | 125 | | Repository | Name | Version | 126 | |------------|------|---------| 127 | | https://backstage.github.io/charts | upstream(backstage) | 1.8.2 | 128 | | https://charts.bitnami.com/bitnami | common | 2.14.1 | 129 | 130 | ## Values 131 | 132 | | Key | Description | Type | Default | 133 | |-----|-------------|------|---------| 134 | | global.auth | Enable service authentication within Backstage instance | object | `{"backend":{"enabled":true,"existingSecret":"","value":""}}` | 135 | | global.auth.backend | Backend service to service authentication
Ref: https://backstage.io/docs/auth/service-to-service-auth/ | object | `{"enabled":true,"existingSecret":"","value":""}` | 136 | | global.auth.backend.enabled | Enable backend service to service authentication, unless configured otherwise it generates a secret value | bool | `true` | 137 | | global.auth.backend.existingSecret | Instead of generating a secret value, refer to existing secret | string | `""` | 138 | | global.auth.backend.value | Instead of generating a secret value, use the following value | string | `""` | 139 | | global.clusterRouterBase | Shorthand for users who do not want to specify a custom HOSTNAME. Used ONLY with the DEFAULT upstream.backstage.appConfig value and with OCP Route enabled. | string | `""` | 140 | | global.dynamic.includes | Array of YAML files listing dynamic plugins to include with those listed in the `plugins` field. Relative paths are resolved from the working directory of the initContainer that will install the plugins (`/opt/app-root/src`). | list | `["dynamic-plugins.default.yaml"]` | 141 | | global.dynamic.includes[0] | List of dynamic plugins included inside the `janus-idp/backstage-showcase` container image, some of which are disabled by default. This file ONLY works with the `janus-idp/backstage-showcase` container image. | string | `"dynamic-plugins.default.yaml"` | 142 | | global.dynamic.plugins | List of dynamic plugins, possibly overriding the plugins listed in `includes` files. Every item defines the plugin `package` as a [NPM package spec](https://docs.npmjs.com/cli/v10/using-npm/package-spec), an optional `pluginConfig` with plugin-specific backstage configuration, and an optional `disabled` flag to disable/enable a plugin listed in `includes` files. It also includes an `integrity` field that is used to verify the plugin package [integrity](https://w3c.github.io/webappsec-subresource-integrity/#integrity-metadata-description). | list | `[]` | 143 | | global.host | Custom hostname shorthand, overrides `global.clusterRouterBase`, `upstream.ingress.host`, `route.host`, and url values in `upstream.backstage.appConfig`. If neither `global.clusterRouterBase` nor `global.host` are set, the helm chart will attempt to autofill with the hostname of the [OCP Ingress configuration](https://access.redhat.com/documentation/en-us/openshift_container_platform/4.14/html/networking/configuring-ingress#nw-installation-ingress-config-asset_configuring-ingress) | string | `""` | 144 | | route | OpenShift Route parameters | object | `{"annotations":{},"enabled":true,"host":"{{ .Values.global.host }}","path":"/","tls":{"caCertificate":"","certificate":"","destinationCACertificate":"","enabled":true,"insecureEdgeTerminationPolicy":"Redirect","key":"","termination":"edge"},"wildcardPolicy":"None"}` | 145 | | route.annotations | Route specific annotations | object | `{}` | 146 | | route.enabled | Enable the creation of the route resource | bool | `true` | 147 | | route.host | Set the host attribute to a custom value. If not set, OpenShift will generate it, please make sure to match your baseUrl | string | `"{{ .Values.global.host }}"` | 148 | | route.path | Path that the router watches for, to route traffic for to the service. | string | `"/"` | 149 | | route.tls | Route TLS parameters
Ref: https://docs.openshift.com/container-platform/4.9/networking/routes/secured-routes.html | object | `{"caCertificate":"","certificate":"","destinationCACertificate":"","enabled":true,"insecureEdgeTerminationPolicy":"Redirect","key":"","termination":"edge"}` | 150 | | route.tls.caCertificate | Cert authority certificate contents. Optional | string | `""` | 151 | | route.tls.certificate | Certificate contents | string | `""` | 152 | | route.tls.destinationCACertificate | Contents of the ca certificate of the final destination.
When using reencrypt termination this file should be provided in order to have routers use it for health checks on the secure connection. If this field is not specified, the router may provide its own destination CA and perform hostname validation using the short service name (service.namespace.svc), which allows infrastructure generated certificates to automatically verify. | string | `""` | 153 | | route.tls.enabled | Enable TLS configuration for the host defined at `route.host` parameter | bool | `true` | 154 | | route.tls.insecureEdgeTerminationPolicy | Indicates the desired behavior for insecure connections to a route.
While each router may make its own decisions on which ports to expose, this is normally port 80. The only valid values are None, Redirect, or empty for disabled. | string | `"Redirect"` | 155 | | route.tls.key | Key file contents | string | `""` | 156 | | route.tls.termination | Specify TLS termination. | string | `"edge"` | 157 | | route.wildcardPolicy | Wildcard policy if any for the route. Currently only 'Subdomain' or 'None' is allowed. | string | `"None"` | 158 | | upstream | Upstream Backstage [chart configuration](https://github.com/backstage/charts/blob/main/charts/backstage/values.yaml) | object | Use Openshift compatible settings | 159 | | upstream.backstage.extraVolumes[0] | Ephemeral volume that will contain the dynamic plugins installed by the initContainer below at start. | object | `{"ephemeral":{"volumeClaimTemplate":{"spec":{"accessModes":["ReadWriteOnce"],"resources":{"requests":{"storage":"1Gi"}}}}},"name":"dynamic-plugins-root"}` | 160 | | upstream.backstage.extraVolumes[0].ephemeral.volumeClaimTemplate.spec.resources.requests.storage | Size of the volume that will contain the dynamic plugins. It should be large enough to contain all the plugins. | string | `"1Gi"` | 161 | | upstream.backstage.initContainers[0].image | Image used by the initContainer to install dynamic plugins into the `dynamic-plugins-root` volume mount. It could be replaced by a custom image based on this one. | string | `quay.io/janus-idp/backstage-showcase:latest` | 162 | 163 | ## Opinionated Backstage deployment 164 | 165 | This chart defaults to an opinionated deployment of Backstage that provides user with a usable Backstage instance out of the box. 166 | 167 | Features enabled by the default chart configuration: 168 | 169 | 1. Uses [janus-idp/backstage-showcase](https://github.com/janus-idp/backstage-showcase/) that pre-loads a lot of useful plugins and features 170 | 2. Exposes a `Route` for easy access to the instance 171 | 3. Enables OpenShift-compatible PostgreSQL database storage 172 | 173 | For additional instance features please consult the [documentation for `janus-idp/backstage-showcase`](https://github.com/janus-idp/backstage-showcase/tree/main/showcase-docs). 174 | 175 | Additional features can be enabled by extending the default configuration at: 176 | 177 | ```yaml 178 | upstream: 179 | backstage: 180 | appConfig: 181 | # Inline app-config.yaml for the instance 182 | extraEnvVars: 183 | # Additional environment variables 184 | ``` 185 | 186 | ## Features 187 | 188 | This charts defaults to using the [latest Janus-IDP Backstage Showcase image](https://quay.io/janus-idp/backstage-showcase:latest) that is OpenShift compatible: 189 | 190 | ```console 191 | quay.io/janus-idp/backstage-showcase:latest 192 | ``` 193 | 194 | Additionally this chart enhances the upstream Backstage chart with following OpenShift-specific features: 195 | 196 | ### OpenShift Routes 197 | 198 | This chart offers a drop-in replacement for the `Ingress` resource already provided by the upstream chart via an OpenShift `Route`. 199 | 200 | OpenShift routes are enabled by default. In order to use the chart without it, please set `route.enabled` to `false` and switch to the `Ingress` resource via `upstream.ingress` values. 201 | 202 | Routes can be further configured via the `route` field. 203 | 204 | By default, the chart expects you to expose Backstage via the autogenerated hostname, which is automatically obtained from the OpenShift Ingress Configurations. 205 | 206 | To manually provide the Backstage pod with the right context, please add the following value: 207 | 208 | ```yaml 209 | # values.yaml 210 | global: 211 | clusterRouterBase: apps.example.com 212 | ``` 213 | 214 | > Tip: you can use `helm upgrade -i --set global.clusterRouterBase=apps.example.com ...` instead of a value file 215 | 216 | Custom hosts are also supported via the following shorthand: 217 | 218 | ```yaml 219 | # values.yaml 220 | global: 221 | host: backstage.example.com 222 | ``` 223 | 224 | > Note: Setting either `global.host` or `global.clusterRouterBase` will disable the automatic hostname discovery. 225 | When both fields are set, `global.host` will take precedence. 226 | These are just templating shorthands. For full manual configuration please pay attention to values under the `route` key. 227 | 228 | Any custom modifications to how backstage is being exposed may require additional changes to the `values.yaml`: 229 | 230 | ```yaml 231 | # values.yaml 232 | upstream: 233 | backstage: 234 | appConfig: 235 | app: 236 | baseUrl: 'https://{{- include "janus-idp.hostname" . }}' 237 | backend: 238 | baseUrl: 'https://{{- include "janus-idp.hostname" . }}' 239 | cors: 240 | origin: 'https://{{- include "janus-idp.hostname" . }}' 241 | ``` 242 | 243 | ### Vanilla Kubernetes compatibility mode 244 | 245 | In order to deploy this chart on vanilla Kubernetes or any other non-OCP platform, please make sure to apply the following changes. Note that further customizations may be required, depending on your exact Kubernetes setup: 246 | 247 | ```yaml 248 | # values.yaml 249 | global: 250 | host: # Specify your own Ingress host as automatic hostname discovery is not supported outside of OpenShift 251 | route: 252 | enabled: false # OpenShift Routes do not exist on vanilla Kubernetes 253 | upstream: 254 | ingress: 255 | enabled: true # Use Kubernetes Ingress instead of OpenShift Route 256 | backstage: 257 | podSecurityContext: # Vanilla Kubernetes doesn't feature OpenShift default SCCs with dynamic UIDs, adjust accordingly to the deployed image 258 | runAsUser: 1001 259 | runAsGroup: 1001 260 | fsGroup: 1001 261 | postgresql: 262 | primary: 263 | podSecurityContext: 264 | enabled: true 265 | fsGroup: 26 266 | runAsUser: 26 267 | volumePermissions: 268 | enabled: true 269 | ``` 270 | -------------------------------------------------------------------------------- /charts/backstage/README.md.gotmpl: -------------------------------------------------------------------------------- 1 | # Janus-IDP Backstage Helm Chart for OpenShift 2 | 3 | {{ template "chart.deprecationWarning" . }} 4 | 5 | [![Artifact Hub](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/janus-idp&style=flat-square)](https://artifacthub.io/packages/search?repo=janus-idp) 6 | {{ template "chart.versionBadge" . }} 7 | {{ template "chart.typeBadge" . }} 8 | 9 | {{ template "chart.description" . }} 10 | 11 | {{ template "chart.homepageLine" . }} 12 | 13 | {{ template "chart.maintainersSection" . }} 14 | 15 | {{ template "chart.sourcesSection" . }} 16 | 17 | --- 18 | 19 | [Janus-IDP](https://janus-idp.io/) Backstage chart is an opinionated flavor of the upstream chart located at [backstage/charts](https://github.com/backstage/charts). It extends the upstream chart with additional OpenShift specific functionality and provides opinionated values. 20 | 21 | [Backstage](https://backstage.io) is an open platform for building developer portals. Powered by a centralized software catalog, Backstage restores order to your microservices and infrastructure and enables your product teams to ship high-quality code quickly — without compromising autonomy. 22 | 23 | Backstage unifies all your infrastructure tooling, services, and documentation to create a streamlined development environment from end to end. 24 | 25 | **This chart offers an opinionated OpenShift-specific experience.** It is based on and directly depends on an upstream canonical [Backstage Helm chart](https://github.com/backstage/charts/tree/main/charts/backstage). For less opinionated experience, please consider using the upstream chart directly. 26 | 27 | This chart extends all the features in the upstream chart in addition to including OpenShift only features. It is not recommended to use this chart on other platforms. 28 | 29 | ## TL;DR 30 | 31 | ```console 32 | helm repo add bitnami https://charts.bitnami.com/bitnami 33 | helm repo add backstage https://backstage.github.io/charts 34 | helm repo add janus-idp https://janus-idp.github.io/helm-backstage 35 | 36 | helm install my-release janus-idp/backstage 37 | ``` 38 | 39 | ## Introduction 40 | 41 | This chart bootstraps a [Backstage](https://backstage.io/docs/deployment/docker) deployment on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. 42 | 43 | ## Prerequisites 44 | 45 | - Kubernetes 1.19+ 46 | - Helm 3.2.0+ 47 | - PV provisioner support in the underlying infrastructure 48 | - [Backstage container image](https://backstage.io/docs/deployment/docker) 49 | 50 | ## Usage 51 | 52 | Chart is available in the following formats: 53 | 54 | - [Chart Repository](https://helm.sh/docs/topics/chart_repository/) 55 | - [OCI Artifacts](https://helm.sh/docs/topics/registries/) 56 | 57 | ### Installing from the Chart Repository 58 | 59 | The following command can be used to add the chart repository: 60 | 61 | ```console 62 | helm repo add bitnami https://charts.bitnami.com/bitnami 63 | helm repo add backstage https://backstage.github.io/charts 64 | helm repo add janus-idp https://janus-idp.github.io/helm-backstage 65 | ``` 66 | 67 | Once the chart has been added, install this chart. However before doing so, please review the default `values.yaml` and adjust as needed. 68 | 69 | - If your cluster doesn't provide PVCs, you should disable PostgreSQL persistence via: 70 | 71 | ```yaml 72 | upstream: 73 | postgresql: 74 | primary: 75 | persistence: 76 | enabled: false 77 | ``` 78 | 79 | ```console 80 | helm upgrade -i janus-idp/backstage 81 | ``` 82 | 83 | ### Installing from an OCI Registry 84 | 85 | Note: this repo is deprecated. New chart updates will be in `[redhat-developer/rhdh-chart](https://github.com/orgs/redhat-developer/packages/container/package/rhdh-chart%2Fbackstage)` starting in 2024. 86 | 87 | Chart is also available in OCI format. The list of available releases can be found [here](https://github.com/orgs/janus-idp/packages/container/package/helm-backstage%2Fbackstage). 88 | 89 | Install one of the available versions: 90 | 91 | ```shell 92 | helm upgrade -i oci://ghcr.io/redhat-developer/rhdh-chart/backstage --version= 93 | ``` 94 | 95 | or 96 | 97 | ```shell 98 | helm upgrade -i oci://ghcr.io/janus-idp/helm-backstage/backstage --version= 99 | ``` 100 | 101 | > **Tip**: List all releases using `helm list` 102 | 103 | ### Uninstalling the Chart 104 | 105 | To uninstall/delete the `my-backstage-release` deployment: 106 | 107 | ```console 108 | helm uninstall my-backstage-release 109 | ``` 110 | 111 | The command removes all the Kubernetes components associated with the chart and deletes the release. 112 | 113 | {{ template "chart.requirementsSection" . }} 114 | 115 | {{ template "chart.valuesSection" . }} 116 | 117 | ## Opinionated Backstage deployment 118 | 119 | This chart defaults to an opinionated deployment of Backstage that provides user with a usable Backstage instance out of the box. 120 | 121 | Features enabled by the default chart configuration: 122 | 123 | 1. Uses [janus-idp/backstage-showcase](https://github.com/janus-idp/backstage-showcase/) that pre-loads a lot of useful plugins and features 124 | 2. Exposes a `Route` for easy access to the instance 125 | 3. Enables OpenShift-compatible PostgreSQL database storage 126 | 127 | For additional instance features please consult the [documentation for `janus-idp/backstage-showcase`](https://github.com/janus-idp/backstage-showcase/tree/main/showcase-docs). 128 | 129 | Additional features can be enabled by extending the default configuration at: 130 | 131 | ```yaml 132 | upstream: 133 | backstage: 134 | appConfig: 135 | # Inline app-config.yaml for the instance 136 | extraEnvVars: 137 | # Additional environment variables 138 | ``` 139 | 140 | ## Features 141 | 142 | This charts defaults to using the [latest Janus-IDP Backstage Showcase image](https://quay.io/janus-idp/backstage-showcase:latest) that is OpenShift compatible: 143 | 144 | ```console 145 | quay.io/janus-idp/backstage-showcase:latest 146 | ``` 147 | 148 | Additionally this chart enhances the upstream Backstage chart with following OpenShift-specific features: 149 | 150 | ### OpenShift Routes 151 | 152 | This chart offers a drop-in replacement for the `Ingress` resource already provided by the upstream chart via an OpenShift `Route`. 153 | 154 | OpenShift routes are enabled by default. In order to use the chart without it, please set `route.enabled` to `false` and switch to the `Ingress` resource via `upstream.ingress` values. 155 | 156 | Routes can be further configured via the `route` field. 157 | 158 | By default, the chart expects you to expose Backstage via the autogenerated hostname, which is automatically obtained from the OpenShift Ingress Configurations. 159 | 160 | To manually provide the Backstage pod with the right context, please add the following value: 161 | 162 | ```yaml 163 | # values.yaml 164 | global: 165 | clusterRouterBase: apps.example.com 166 | ``` 167 | 168 | > Tip: you can use `helm upgrade -i --set global.clusterRouterBase=apps.example.com ...` instead of a value file 169 | 170 | Custom hosts are also supported via the following shorthand: 171 | 172 | ```yaml 173 | # values.yaml 174 | global: 175 | host: backstage.example.com 176 | ``` 177 | 178 | > Note: Setting either `global.host` or `global.clusterRouterBase` will disable the automatic hostname discovery. 179 | When both fields are set, `global.host` will take precedence. 180 | These are just templating shorthands. For full manual configuration please pay attention to values under the `route` key. 181 | 182 | Any custom modifications to how backstage is being exposed may require additional changes to the `values.yaml`: 183 | 184 | ```yaml 185 | # values.yaml 186 | upstream: 187 | backstage: 188 | appConfig: 189 | app: 190 | baseUrl: 'https://{{"{{"}}- include "janus-idp.hostname" . {{"}}"}}' 191 | backend: 192 | baseUrl: 'https://{{"{{"}}- include "janus-idp.hostname" . {{"}}"}}' 193 | cors: 194 | origin: 'https://{{"{{"}}- include "janus-idp.hostname" . {{"}}"}}' 195 | ``` 196 | 197 | 198 | ### Vanilla Kubernetes compatibility mode 199 | 200 | In order to deploy this chart on vanilla Kubernetes or any other non-OCP platform, please make sure to apply the following changes. Note that further customizations may be required, depending on your exact Kubernetes setup: 201 | 202 | ```yaml 203 | # values.yaml 204 | global: 205 | host: # Specify your own Ingress host as automatic hostname discovery is not supported outside of OpenShift 206 | route: 207 | enabled: false # OpenShift Routes do not exist on vanilla Kubernetes 208 | upstream: 209 | ingress: 210 | enabled: true # Use Kubernetes Ingress instead of OpenShift Route 211 | backstage: 212 | podSecurityContext: # Vanilla Kubernetes doesn't feature OpenShift default SCCs with dynamic UIDs, adjust accordingly to the deployed image 213 | runAsUser: 1001 214 | runAsGroup: 1001 215 | fsGroup: 1001 216 | postgresql: 217 | primary: 218 | podSecurityContext: 219 | enabled: true 220 | fsGroup: 26 221 | runAsUser: 26 222 | volumePermissions: 223 | enabled: true 224 | ``` 225 | -------------------------------------------------------------------------------- /charts/backstage/artifacthub-repo.yml: -------------------------------------------------------------------------------- 1 | # Artifact Hub repository metadata file 2 | # 3 | # Some settings like the verified publisher flag or the ignored packages won't 4 | # be applied until the next time the repository is processed. Please keep in 5 | # mind that the repository won't be processed if it has not changed since the 6 | # last time it was processed. Depending on the repository kind, this is checked 7 | # in a different way. For Helm http based repositories, we consider it has 8 | # changed if the `index.yaml` file changes. For git based repositories, it does 9 | # when the hash of the last commit in the branch you set up changes. This does 10 | # NOT apply to ownership claim operations, which are processed immediately. 11 | # 12 | repositoryID: 23c796cc-343d-4b00-9cae-43b00dc5caa4 13 | -------------------------------------------------------------------------------- /charts/backstage/chart_schema.yaml: -------------------------------------------------------------------------------- 1 | name: str() 2 | home: str(required=False) 3 | version: str() 4 | appVersion: any(str(), num(), required=False) 5 | description: str(required=False) 6 | keywords: list(str(), required=False) 7 | sources: list(str(), required=False) 8 | maintainers: list(include('maintainer'), required=False) 9 | dependencies: list(include('dependency'), required=False) 10 | icon: str(required=False) 11 | engine: str(required=False) 12 | condition: str(required=False) 13 | tags: str(required=False) 14 | deprecated: bool(required=False) 15 | apiVersion: str() 16 | kubeVersion: str(required=False) 17 | type: str(required=False) 18 | annotations: map(str(), str(), required=False) 19 | --- 20 | maintainer: 21 | name: str(required=False) 22 | email: str(required=False) 23 | url: str(required=False) 24 | --- 25 | dependency: 26 | name: str() 27 | version: str() 28 | repository: str() 29 | condition: str(required=False) 30 | tags: list(str(), required=False) 31 | enabled: bool(required=False) 32 | import-values: any(list(str()), list(include('import-value')), required=False) 33 | alias: str(required=False) 34 | --- 35 | import-value: 36 | child: str() 37 | parent: str() 38 | -------------------------------------------------------------------------------- /charts/backstage/ci/default-values.yaml: -------------------------------------------------------------------------------- 1 | # Workaround for kind cluster in CI which has no Routes and no PVCs 2 | route: 3 | enabled: false 4 | upstream: 5 | postgresql: 6 | primary: 7 | persistence: 8 | enabled: false 9 | -------------------------------------------------------------------------------- /charts/backstage/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Returns custom hostname 3 | */}} 4 | {{- define "janus-idp.hostname" -}} 5 | {{- if .Values.global.host -}} 6 | {{- .Values.global.host -}} 7 | {{- else if .Values.global.clusterRouterBase -}} 8 | {{- printf "%s-%s.%s" (include "common.names.fullname" .) .Release.Namespace .Values.global.clusterRouterBase -}} 9 | {{/* 10 | Attempt to obtain a fallback value for the hostname from the openshift cluster if both global.host and global.clusterRouterBase are "" and if deployed on Openshift 11 | */}} 12 | {{- else if .Capabilities.APIVersions.Has "config.openshift.io/v1/Ingress" }} 13 | {{- $cluster := (lookup "config.openshift.io/v1" "Ingress" "" "cluster") -}} 14 | {{- if and (hasKey $cluster "spec") (hasKey $cluster.spec "domain") }} 15 | {{- printf "%s-%s.%s" (include "common.names.fullname" .) .Release.Namespace $cluster.spec.domain -}} 16 | {{- else -}} 17 | {{ fail "Unable to generate hostname, OCP Ingress Resource is missing `spec.domain` field. Please provide a valid hostname in `global.host` or `global.clusterRouterBase` instead" }} 18 | {{- end }} 19 | {{- else -}} 20 | {{ fail "Unable to generate hostname, please provide a valid hostname in `global.host` or `global.clusterRouterBase`" }} 21 | {{- end -}} 22 | {{- end -}} 23 | 24 | {{/* 25 | Returns a secret name for service to service auth 26 | */}} 27 | {{- define "janus-idp.backend-secret-name" -}} 28 | {{- if .Values.global.auth.backend.existingSecret -}} 29 | {{- .Values.global.auth.backend.existingSecret -}} 30 | {{- else -}} 31 | {{- include "common.names.fullname" . -}}-auth 32 | {{- end -}} 33 | {{- end -}} 34 | 35 | {{/* 36 | Sets the secretKeyRef name for Backstage to the PostgreSQL existing secret if it present 37 | */}} 38 | {{- define "janus-idp.postgresql.secretName" -}} 39 | {{- if ((((.Values).global).postgresql).auth).existingSecret -}} 40 | {{- .Values.global.postgresql.auth.existingSecret -}} 41 | {{- else if .Values.postgresql.auth.existingSecret -}} 42 | {{- .Values.postgresql.auth.existingSecret -}} 43 | {{- else -}} 44 | {{- printf "%s-%s" .Release.Name "postgresql" -}} 45 | {{- end -}} 46 | {{- end -}} 47 | 48 | {{/* 49 | Get the password secret. 50 | Referenced from: https://github.com/bitnami/charts/blob/main/bitnami/postgresql/templates/_helpers.tpl#L94-L105 51 | */}} 52 | {{- define "postgresql.v1.secretName" -}} 53 | {{- if .Values.global.postgresql.auth.existingSecret -}} 54 | {{- printf "%s" (tpl .Values.global.postgresql.auth.existingSecret $) -}} 55 | {{- else if .Values.auth.existingSecret -}} 56 | {{- printf "%s" (tpl .Values.auth.existingSecret $) -}} 57 | {{- else -}} 58 | {{- printf "%s" (include "common.names.fullname" .) -}} 59 | {{- end -}} 60 | {{- end -}} 61 | -------------------------------------------------------------------------------- /charts/backstage/templates/dynamic-plugins-configmap.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: dynamic-plugins 5 | data: 6 | dynamic-plugins.yaml: | 7 | {{- include "common.tplvalues.render" ( dict "value" 8 | .Values.global.dynamic "context" $) | nindent 4 }} 9 | -------------------------------------------------------------------------------- /charts/backstage/templates/route.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.route.enabled }} 2 | apiVersion: route.openshift.io/v1 3 | kind: Route 4 | metadata: 5 | name: {{ include "common.names.fullname" . }} 6 | namespace: {{ .Release.Namespace | quote }} 7 | labels: {{- include "common.labels.standard" . | nindent 4 }} 8 | app.kubernetes.io/component: backstage 9 | {{- if .Values.upstream.commonLabels }} 10 | {{- include "common.tplvalues.render" ( dict "value" .Values.upstream.commonLabels "context" $ ) | nindent 4 }} 11 | {{- end }} 12 | {{- if or .Values.upstream.commonAnnotations .Values.route.annotations }} 13 | annotations: 14 | {{- if .Values.route.annotations }} 15 | {{- include "common.tplvalues.render" ( dict "value" .Values.route.annotations "context" $) | nindent 4 }} 16 | {{- end }} 17 | {{- if .Values.upstream.commonAnnotations }} 18 | {{- include "common.tplvalues.render" ( dict "value" .Values.upstream.commonAnnotations "context" $ ) | nindent 4 }} 19 | {{- end }} 20 | {{- end }} 21 | spec: 22 | {{- $host := tpl .Values.route.host . -}} 23 | {{- if $host }} 24 | host: {{ $host }} 25 | {{- else }} 26 | host: {{ include "janus-idp.hostname" . }} 27 | {{- end }} 28 | {{- if .Values.route.path }} 29 | path: {{ .Values.route.path }} 30 | {{- end }} 31 | port: 32 | targetPort: {{ .Values.upstream.service.ports.name }} 33 | {{- if .Values.route.tls.enabled }} 34 | tls: 35 | insecureEdgeTerminationPolicy: {{ .Values.route.tls.insecureEdgeTerminationPolicy }} 36 | termination: {{ .Values.route.tls.termination }} 37 | {{- if .Values.route.tls.key }} 38 | key: | 39 | {{- .Values.route.tls.key | nindent 6 }} 40 | {{- end }} 41 | {{- if .Values.route.tls.certificate }} 42 | certificate: | 43 | {{- .Values.route.tls.certificate | nindent 6 }} 44 | {{- end }} 45 | {{- if .Values.route.tls.caCertificate }} 46 | caCertificate: | 47 | {{- .Values.route.tls.caCertificate | nindent 6 }} 48 | {{- end }} 49 | {{- if .Values.route.tls.destinationCACertificate }} 50 | destinationCACertificate: | 51 | {{- .Values.route.tls.destinationCACertificate | nindent 6 }} 52 | {{- end }} 53 | {{- end }} 54 | to: 55 | kind: Service 56 | name: {{ include "common.names.fullname" .Subcharts.upstream }} 57 | weight: 100 58 | wildcardPolicy: {{ .Values.route.wildcardPolicy }} 59 | {{- end }} 60 | -------------------------------------------------------------------------------- /charts/backstage/templates/secrets.yaml: -------------------------------------------------------------------------------- 1 | {{- if and (not .Values.global.auth.backend.existingSecret) .Values.global.auth.backend.enabled }} 2 | apiVersion: v1 3 | kind: Secret 4 | metadata: 5 | name: {{ include "common.names.fullname" . }}-auth 6 | namespace: {{ .Release.Namespace | quote }} 7 | labels: {{- include "common.labels.standard" . | nindent 4 }} 8 | app.kubernetes.io/component: backstage 9 | {{- if .Values.upstream.commonLabels }} 10 | {{- include "common.tplvalues.render" ( dict "value" .Values.upstream.commonLabels "context" $ ) | nindent 4 }} 11 | {{- end }} 12 | annotations: 13 | {{- if .Values.upstream.commonAnnotations }} 14 | {{- include "common.tplvalues.render" ( dict "value" .Values.upstream.commonAnnotations "context" $ ) | nindent 4 }} 15 | {{- end }} 16 | type: Opaque 17 | data: 18 | backend-secret: {{ (ternary (randAlphaNum 24 ) .Values.global.auth.backend.value (empty .Values.global.auth.backend.value)) | b64enc | quote }} 19 | {{- end }} 20 | -------------------------------------------------------------------------------- /charts/backstage/templates/tests/test-connection.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: "{{ include "common.names.fullname" . }}-test-connection" 5 | labels: {{- include "common.labels.standard" . | nindent 4 }} 6 | app.kubernetes.io/component: backstage 7 | {{- if .Values.upstream.commonLabels }} 8 | {{- include "common.tplvalues.render" ( dict "value" .Values.upstream.commonLabels "context" $ ) | nindent 4 }} 9 | {{- end }} 10 | annotations: 11 | helm.sh/hook: test 12 | spec: 13 | containers: 14 | - name: curl 15 | image: quay.io/curl/curl:latest 16 | command: ["/bin/sh", "-c"] 17 | args: 18 | - | 19 | curl --connect-timeout 5 --max-time 20 --retry 20 --retry-delay 10 --retry-max-time 60 --retry-all-errors {{ include "common.names.fullname" . }}:{{ .Values.upstream.service.ports.backend }} 20 | restartPolicy: Never 21 | -------------------------------------------------------------------------------- /charts/backstage/values.schema.tmpl.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "https://json-schema.org/draft/2020-12/schema", 3 | "$id": "https://raw.githubusercontent.com/redhat-developer/rhdh-chart/main/charts/backstage/values.schema.json", 4 | "type": "object", 5 | "title": "Root Schema", 6 | "properties": { 7 | "upstream": { 8 | "title": "Upstream Backstage chart schema.", 9 | "$ref": "https://raw.githubusercontent.com/backstage/charts/backstage-{{ dependencies | selectattr('name', 'equalto', 'backstage') | map(attribute='version') | list | join('') }}/charts/backstage/values.schema.json", 10 | "default": { 11 | "backstage": { 12 | "image": { 13 | "registry": "quay.io", 14 | "repository": "janus-idp/redhat-backstage-build", 15 | "tag": "latest" 16 | } 17 | } 18 | } 19 | }, 20 | "global": { 21 | "type": "object", 22 | "properties": { 23 | "clusterRouterBase": { 24 | "title": "Shorthand for users who do not want to specify a custom HOSTNAME. Used ONLY with the DEFAULT upstream.backstage.appConfig value and with OCP Route enabled.", 25 | "type": "string", 26 | "default": "" 27 | }, 28 | "host": { 29 | "title": "Custom hostname shorthand, overrides `global.clusterRouterBase`, `upstream.ingress.host`, `route.host`, and url values in `upstream.backstage.appConfig`", 30 | "type": "string", 31 | "default": "" 32 | }, 33 | "dynamic": { 34 | "title": "Dynamic plugins configuration.", 35 | "type": "object", 36 | "additionalProperties": false, 37 | "properties": { 38 | "plugins": { 39 | "title": "List of dynamic plugins that should be installed in the backstage application.", 40 | "type": "array", 41 | "items": { 42 | "type": "object", 43 | "properties": { 44 | "package": { 45 | "title": "Package specification of the dynamic plugin to install. It should be usable by the `npm pack` command.", 46 | "type": "string" 47 | }, 48 | "integrity": { 49 | "title": "Integrity checksum of the package. Optional for local packages. Supported algorithms include: `sha512`, `sha384` and `sha256`. Refer to https://w3c.github.io/webappsec-subresource-integrity/#integrity-metadata-description for more information", 50 | "type": "string" 51 | }, 52 | "pluginConfig": { 53 | "title": "Optional plugin-specific app-config YAML fragment.", 54 | "type": "object" 55 | }, 56 | "disabled": { 57 | "title": "Disable the plugin.", 58 | "type": "boolean", 59 | "default": false 60 | } 61 | }, 62 | "required": ["package"] 63 | } 64 | }, 65 | "includes": { 66 | "title": "List of YAML files to include, each of which should contain a `plugins` array.", 67 | "type": "array", 68 | "items": { 69 | "type": "string" 70 | }, 71 | "default": [] 72 | } 73 | } 74 | }, 75 | "auth": { 76 | "title": "Enable service authentication within Backstage instance", 77 | "type": "object", 78 | "additionalProperties": false, 79 | "properties": { 80 | "backend": { 81 | "title": "Backend service to service authentication", 82 | "type": "object", 83 | "additionalProperties": false, 84 | "properties": { 85 | "enabled": { 86 | "title": "Enable backend service to service authentication, unless configured otherwise it generates a secret value", 87 | "type": "boolean", 88 | "default": true 89 | }, 90 | "existingSecret": { 91 | "title": "Instead of generating a secret value, refer to existing secret", 92 | "type": "string", 93 | "default": "" 94 | }, 95 | "value": { 96 | "title": "Instead of generating a secret value, use the following value", 97 | "type": "string", 98 | "default": "" 99 | } 100 | } 101 | } 102 | } 103 | } 104 | } 105 | }, 106 | "route": { 107 | "title": "OpenShift Route parameters.", 108 | "type": "object", 109 | "additionalProperties": false, 110 | "properties": { 111 | "annotations": { 112 | "title": "Route specific annotations.", 113 | "type": "object", 114 | "default": {} 115 | }, 116 | "enabled": { 117 | "title": "Enable the creation of the route resource.", 118 | "type": "boolean", 119 | "default": false 120 | }, 121 | "host": { 122 | "title": "Set the host attribute to a custom value.", 123 | "type": "string", 124 | "default": "", 125 | "examples": [ 126 | "https://bakstage.example.com" 127 | ] 128 | }, 129 | "path": { 130 | "title": "Path that the router watches for, to route traffic for to the service.", 131 | "type": "string", 132 | "default": "/" 133 | }, 134 | "wildcardPolicy": { 135 | "title": "Wildcard policy if any for the route.", 136 | "type": "string", 137 | "default": "None", 138 | "enum": [ 139 | "None", 140 | "Subdomain" 141 | ] 142 | }, 143 | "tls": { 144 | "title": "Route TLS parameters.", 145 | "type": "object", 146 | "additionalProperties": false, 147 | "properties": { 148 | "enabled": { 149 | "title": "Enable TLS configuration for the host defined at `route.host` parameter.", 150 | "type": "boolean", 151 | "default": false 152 | }, 153 | "termination": { 154 | "title": "Specify TLS termination.", 155 | "type": "string", 156 | "default": "edge", 157 | "enum": [ 158 | "edge", 159 | "reencrypt", 160 | "passthrough" 161 | ] 162 | }, 163 | "certificate": { 164 | "title": "Certificate contents.", 165 | "type": "string", 166 | "default": "" 167 | }, 168 | "key": { 169 | "title": "Key file contents.", 170 | "type": "string", 171 | "default": "" 172 | }, 173 | "caCertificate": { 174 | "title": "Cert authority certificate contents.", 175 | "type": "string", 176 | "default": "" 177 | }, 178 | "destinationCACertificate": { 179 | "title": "Contents of the ca certificate of the final destination.", 180 | "type": "string", 181 | "default": "" 182 | }, 183 | "insecureEdgeTerminationPolicy": { 184 | "title": "Indicates the desired behavior for insecure connections to a route.", 185 | "type": "string", 186 | "default": "Redirect", 187 | "enum": [ 188 | "Redirect", 189 | "None", 190 | "" 191 | ] 192 | } 193 | } 194 | } 195 | } 196 | } 197 | } 198 | } 199 | -------------------------------------------------------------------------------- /charts/backstage/values.yaml: -------------------------------------------------------------------------------- 1 | global: 2 | dynamic: 3 | # -- Array of YAML files listing dynamic plugins to include with those listed in the `plugins` field. 4 | # Relative paths are resolved from the working directory of the initContainer that will install the plugins (`/opt/app-root/src`). 5 | includes: 6 | # -- List of dynamic plugins included inside the `janus-idp/backstage-showcase` container image, some of which are disabled by default. 7 | # This file ONLY works with the `janus-idp/backstage-showcase` container image. 8 | - 'dynamic-plugins.default.yaml' 9 | 10 | # -- List of dynamic plugins, possibly overriding the plugins listed in `includes` files. 11 | # Every item defines the plugin `package` as a [NPM package spec](https://docs.npmjs.com/cli/v10/using-npm/package-spec), 12 | # an optional `pluginConfig` with plugin-specific backstage configuration, and an optional `disabled` flag to disable/enable a plugin 13 | # listed in `includes` files. It also includes an `integrity` field that is used to verify the plugin package [integrity](https://w3c.github.io/webappsec-subresource-integrity/#integrity-metadata-description). 14 | plugins: [] 15 | 16 | # -- Shorthand for users who do not want to specify a custom HOSTNAME. Used ONLY with the DEFAULT upstream.backstage.appConfig value and with OCP Route enabled. 17 | clusterRouterBase: "" 18 | # -- Custom hostname shorthand, overrides `global.clusterRouterBase`, `upstream.ingress.host`, `route.host`, and url values in `upstream.backstage.appConfig`. 19 | # If neither `global.clusterRouterBase` nor `global.host` are set, the helm chart will attempt to autofill with the hostname of the [OCP Ingress configuration](https://access.redhat.com/documentation/en-us/openshift_container_platform/4.14/html/networking/configuring-ingress#nw-installation-ingress-config-asset_configuring-ingress) 20 | host: "" 21 | # -- Enable service authentication within Backstage instance 22 | auth: 23 | # -- Backend service to service authentication 24 | #
Ref: https://backstage.io/docs/auth/service-to-service-auth/ 25 | backend: 26 | # -- Enable backend service to service authentication, unless configured otherwise it generates a secret value 27 | enabled: true 28 | # -- Instead of generating a secret value, refer to existing secret 29 | existingSecret: "" 30 | # -- Instead of generating a secret value, use the following value 31 | value: "" 32 | 33 | # -- Upstream Backstage [chart configuration](https://github.com/backstage/charts/blob/main/charts/backstage/values.yaml) 34 | # @default -- Use Openshift compatible settings 35 | upstream: 36 | nameOverride: backstage 37 | backstage: 38 | image: 39 | registry: quay.io 40 | repository: janus-idp/backstage-showcase 41 | tag: latest 42 | command: [] 43 | # FIXME (tumido): USE POSTGRES_PASSWORD and POSTGRES_USER instead of POSTGRES_ADMIN_PASSWORD 44 | # This is a hack. In {fedora,rhel}/postgresql images, regular user is forbidden 45 | # from creating DBs in runtime. A single DB can be created ahead of time via 46 | # POSTGRESQL_DATABASE env variable (in this case via 47 | # upstream.postgresql.primary.extraEnvVars value), but this doesn't allow us to 48 | # create multiple DBs. Since Backstage requires by default 5 different DBs, we 49 | # can't accommodate that properly. 50 | appConfig: 51 | app: 52 | # Please update to match host in case you don't want to configure hostname via `global.clusterRouterBase` or `global.host` if not deploying on an openshift cluster. 53 | baseUrl: 'https://{{- include "janus-idp.hostname" . }}' 54 | backend: 55 | baseUrl: 'https://{{- include "janus-idp.hostname" . }}' 56 | cors: 57 | origin: 'https://{{- include "janus-idp.hostname" . }}' 58 | database: 59 | connection: 60 | password: ${POSTGRESQL_ADMIN_PASSWORD} 61 | user: postgres 62 | auth: 63 | keys: 64 | - secret: ${BACKEND_SECRET} 65 | readinessProbe: 66 | failureThreshold: 3 67 | httpGet: 68 | path: /healthcheck 69 | port: 7007 70 | scheme: HTTP 71 | initialDelaySeconds: 30 72 | periodSeconds: 10 73 | successThreshold: 2 74 | timeoutSeconds: 2 75 | livenessProbe: 76 | failureThreshold: 3 77 | httpGet: 78 | path: /healthcheck 79 | port: 7007 80 | scheme: HTTP 81 | initialDelaySeconds: 60 82 | periodSeconds: 10 83 | successThreshold: 1 84 | timeoutSeconds: 2 85 | extraEnvVars: 86 | - name: BACKEND_SECRET 87 | valueFrom: 88 | secretKeyRef: 89 | key: backend-secret 90 | name: '{{ include "janus-idp.backend-secret-name" $ }}' 91 | - name: POSTGRESQL_ADMIN_PASSWORD 92 | valueFrom: 93 | secretKeyRef: 94 | key: postgres-password 95 | name: '{{- include "janus-idp.postgresql.secretName" . }}' 96 | 97 | args: 98 | # This additional `app-config`` file is generated by the initContainer below, and contains the merged configuration of installed dynamic plugins. 99 | - '--config' 100 | - dynamic-plugins-root/app-config.dynamic-plugins.yaml 101 | extraVolumeMounts: 102 | # The initContainer below will install dynamic plugins in this volume mount. 103 | - name: dynamic-plugins-root 104 | mountPath: /opt/app-root/src/dynamic-plugins-root 105 | extraVolumes: 106 | # -- Ephemeral volume that will contain the dynamic plugins installed by the initContainer below at start. 107 | - name: dynamic-plugins-root 108 | ephemeral: 109 | volumeClaimTemplate: 110 | spec: 111 | accessModes: 112 | - ReadWriteOnce 113 | resources: 114 | requests: 115 | # -- Size of the volume that will contain the dynamic plugins. It should be large enough to contain all the plugins. 116 | storage: 1Gi 117 | 118 | # Volume that will expose the `dynamic-plugins.yaml` file from the `dynamic-plugins` config map. 119 | # The `dynamic-plugins` config map is created by the helm chart from the content of the `global.dynamic` field. 120 | - name: dynamic-plugins 121 | configMap: 122 | defaultMode: 420 123 | name: dynamic-plugins 124 | optional: true 125 | # Optional volume that allows exposing the `.npmrc` file (through a `dynamic-plugins-npmrc` secret) 126 | # to be used when running `npm pack` during the dynamic plugins installation by the initContainer. 127 | - name: dynamic-plugins-npmrc 128 | secret: 129 | defaultMode: 420 130 | optional: true 131 | secretName: dynamic-plugins-npmrc 132 | initContainers: 133 | - name: install-dynamic-plugins 134 | # -- Image used by the initContainer to install dynamic plugins into the `dynamic-plugins-root` volume mount. 135 | # It could be replaced by a custom image based on this one. 136 | # @default -- `quay.io/janus-idp/backstage-showcase:latest` 137 | image: '{{ include "backstage.image" . }}' 138 | command: 139 | - ./install-dynamic-plugins.sh 140 | - /dynamic-plugins-root 141 | env: 142 | - name: NPM_CONFIG_USERCONFIG 143 | value: /opt/app-root/src/.npmrc.dynamic-plugins 144 | imagePullPolicy: Always 145 | volumeMounts: 146 | - mountPath: /dynamic-plugins-root 147 | name: dynamic-plugins-root 148 | - mountPath: /opt/app-root/src/dynamic-plugins.yaml 149 | name: dynamic-plugins 150 | readOnly: true 151 | subPath: dynamic-plugins.yaml 152 | - mountPath: /opt/app-root/src/.npmrc.dynamic-plugins 153 | name: dynamic-plugins-npmrc 154 | readOnly: true 155 | subPath: .npmrc 156 | workingDir: /opt/app-root/src 157 | installDir: /opt/app-root/src 158 | podAnnotations: 159 | checksum/dynamic-plugins: >- 160 | {{- include "common.tplvalues.render" ( dict "value" 161 | .Values.global.dynamic "context" $) | sha256sum }} 162 | postgresql: 163 | enabled: true 164 | postgresqlDataDir: /var/lib/pgsql/data/userdata 165 | image: 166 | registry: quay.io 167 | repository: fedora/postgresql-15 168 | tag: latest 169 | auth: 170 | secretKeys: 171 | adminPasswordKey: postgres-password 172 | userPasswordKey: password 173 | primary: 174 | podSecurityContext: 175 | enabled: false 176 | containerSecurityContext: 177 | enabled: false 178 | persistence: 179 | enabled: true 180 | size: 1Gi 181 | mountPath: /var/lib/pgsql/data 182 | extraEnvVars: 183 | - name: POSTGRESQL_ADMIN_PASSWORD 184 | valueFrom: 185 | secretKeyRef: 186 | key: postgres-password 187 | name: '{{- include "postgresql.v1.secretName" . }}' 188 | ingress: 189 | host: "{{ .Values.global.host }}" 190 | 191 | # -- OpenShift Route parameters 192 | route: 193 | # -- Route specific annotations 194 | annotations: {} 195 | 196 | # -- Enable the creation of the route resource 197 | enabled: true 198 | 199 | # -- Set the host attribute to a custom value. If not set, OpenShift will generate it, please make sure to match your baseUrl 200 | host: "{{ .Values.global.host }}" 201 | 202 | # -- Path that the router watches for, to route traffic for to the service. 203 | path: "/" 204 | 205 | # -- Wildcard policy if any for the route. Currently only 'Subdomain' or 'None' is allowed. 206 | wildcardPolicy: None 207 | 208 | # -- Route TLS parameters 209 | #
Ref: https://docs.openshift.com/container-platform/4.9/networking/routes/secured-routes.html 210 | tls: 211 | # -- Enable TLS configuration for the host defined at `route.host` parameter 212 | enabled: true 213 | 214 | # -- Specify TLS termination. 215 | termination: "edge" 216 | 217 | # -- Certificate contents 218 | certificate: "" 219 | 220 | # -- Key file contents 221 | key: "" 222 | 223 | # -- Cert authority certificate contents. Optional 224 | caCertificate: "" 225 | 226 | # -- Contents of the ca certificate of the final destination. 227 | #
When using reencrypt termination this file should be provided in order to have routers use it for health checks on the secure connection. If this field is not specified, the router may provide its own destination CA and perform hostname validation using the short service name (service.namespace.svc), which allows infrastructure generated certificates to automatically verify. 228 | destinationCACertificate: "" 229 | 230 | # -- Indicates the desired behavior for insecure connections to a route. 231 | #
While each router may make its own decisions on which ports to expose, this is normally port 80. The only valid values are None, Redirect, or empty for disabled. 232 | insecureEdgeTerminationPolicy: "Redirect" 233 | -------------------------------------------------------------------------------- /cr.yaml: -------------------------------------------------------------------------------- 1 | generate-release-notes: true 2 | 3 | -------------------------------------------------------------------------------- /ct-install.yaml: -------------------------------------------------------------------------------- 1 | chart-dirs: 2 | - charts 3 | validate-maintainers: false 4 | remote: origin 5 | target-branch: main 6 | -------------------------------------------------------------------------------- /ct.yaml: -------------------------------------------------------------------------------- 1 | chart-dirs: 2 | - charts 3 | validate-maintainers: false 4 | remote: origin 5 | target-branch: main 6 | --------------------------------------------------------------------------------