apiVersion: v1 data: app-config.yaml: |- apiVersion: v1 kind: ConfigMap metadata: name: my-backstage-config-cm1 # placeholder for -default-appconfig data: default.app-config.yaml: | backend: database: connection: password: ${POSTGRES_PASSWORD} user: ${POSTGRES_USER} auth: keys: # This is a default value, which you should change by providing your own app-config - secret: "pl4s3Ch4ng3M3" db-secret.yaml: |- apiVersion: v1 kind: Secret metadata: name: postgres-secrets # will be replaced type: Opaque #stringData: # POSTGRES_PASSWORD: # POSTGRES_PORT: "5432" # POSTGRES_USER: postgres # POSTGRESQL_ADMIN_PASSWORD: admin123 # POSTGRES_HOST: bs1-db-service #placeholder -db-service db-service-hl.yaml: | apiVersion: v1 kind: Service metadata: name: backstage-psql-cr1-hl # placeholder for 'backstage-psql--hl' spec: selector: rhdh.redhat.com/app: backstage-psql-cr1 # placeholder for 'backstage-psql-' clusterIP: None ports: - port: 5432 db-service.yaml: | apiVersion: v1 kind: Service metadata: name: backstage-psql # placeholder for 'backstage-psql-' .NOTE: For the time it is static and linked to Secret-> postgres-secrets -> OSTGRES_HOST spec: selector: rhdh.redhat.com/app: backstage-psql-cr1 # placeholder for 'backstage-psql-' ports: - port: 5432 db-statefulset.yaml: |- apiVersion: apps/v1 kind: StatefulSet metadata: name: backstage-psql-cr1 # placeholder for 'backstage-psql-' spec: podManagementPolicy: OrderedReady replicas: 1 selector: matchLabels: rhdh.redhat.com/app: backstage-psql-cr1 # placeholder for 'backstage-psql-' serviceName: backstage-psql-cr1-hl # placeholder for 'backstage-psql--hl' template: metadata: labels: rhdh.redhat.com/app: backstage-psql-cr1 # placeholder for 'backstage-psql-' name: backstage-db-cr1 # placeholder for 'backstage-psql-' spec: # fsGroup does not work for Openshift # AKS/EKS does not work w/o it #securityContext: # fsGroup: 26 automountServiceAccountToken: false ## https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/ ## The optional .spec.persistentVolumeClaimRetentionPolicy field controls if and how PVCs are deleted during the lifecycle of a StatefulSet. ## You must enable the StatefulSetAutoDeletePVC feature gate on the API server and the controller manager to use this field. # persistentVolumeClaimRetentionPolicy: # whenDeleted: Retain # whenScaled: Retain containers: - env: - name: POSTGRESQL_PORT_NUMBER value: "5432" - name: POSTGRESQL_VOLUME_DIR value: /var/lib/pgsql/data - name: PGDATA value: /var/lib/pgsql/data/userdata image: quay.io/fedora/postgresql-15:latest # will be replaced with the actual image imagePullPolicy: IfNotPresent securityContext: # runAsUser:26 does not work for Openshift but looks work for AKS/EKS # runAsUser: 26 runAsGroup: 0 runAsNonRoot: true allowPrivilegeEscalation: false seccompProfile: type: RuntimeDefault capabilities: drop: - ALL livenessProbe: exec: command: - /bin/sh - -c - exec pg_isready -U ${POSTGRES_USER} -h 127.0.0.1 -p 5432 failureThreshold: 6 initialDelaySeconds: 30 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 5 name: postgresql ports: - containerPort: 5432 name: tcp-postgresql protocol: TCP readinessProbe: exec: command: - /bin/sh - -c - -e - | exec pg_isready -U ${POSTGRES_USER} -h 127.0.0.1 -p 5432 failureThreshold: 6 initialDelaySeconds: 5 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 5 resources: requests: cpu: 250m memory: 256Mi limits: cpu: 250m memory: 1024Mi ephemeral-storage: 20Mi volumeMounts: - mountPath: /dev/shm name: dshm - mountPath: /var/lib/pgsql/data name: data restartPolicy: Always serviceAccountName: default volumes: - emptyDir: medium: Memory name: dshm updateStrategy: rollingUpdate: partition: 0 type: RollingUpdate volumeClaimTemplates: - apiVersion: v1 kind: PersistentVolumeClaim metadata: name: data spec: accessModes: - ReadWriteOnce resources: requests: storage: 1Gi deployment.yaml: |- apiVersion: apps/v1 kind: Deployment metadata: name: backstage # placeholder for 'backstage-' spec: replicas: 1 selector: matchLabels: rhdh.redhat.com/app: # placeholder for 'backstage-' template: metadata: labels: rhdh.redhat.com/app: # placeholder for 'backstage-' spec: automountServiceAccountToken: false # if securityContext not present in AKS/EKS, the error is like this: #Error: EACCES: permission denied, open '/dynamic-plugins-root/backstage-plugin-scaffolder-backend-module-github-dynamic-0.2.2.tgz' # fsGroup doesn not work for Openshift #securityContext: # fsGroup: 1001 volumes: - ephemeral: volumeClaimTemplate: spec: accessModes: - ReadWriteOnce resources: requests: storage: 2Gi name: dynamic-plugins-root - name: dynamic-plugins-npmrc secret: defaultMode: 420 optional: true secretName: dynamic-plugins-npmrc initContainers: - name: install-dynamic-plugins command: - ./install-dynamic-plugins.sh - /dynamic-plugins-root image: quay.io/janus-idp/backstage-showcase:latest # will be replaced with the actual image quay.io/janus-idp/backstage-showcase:next imagePullPolicy: IfNotPresent securityContext: runAsNonRoot: true allowPrivilegeEscalation: false env: - name: NPM_CONFIG_USERCONFIG value: /opt/app-root/src/.npmrc.dynamic-plugins volumeMounts: - mountPath: /dynamic-plugins-root name: dynamic-plugins-root - mountPath: /opt/app-root/src/.npmrc.dynamic-plugins name: dynamic-plugins-npmrc readOnly: true subPath: .npmrc workingDir: /opt/app-root/src resources: requests: cpu: 250m memory: 256Mi limits: cpu: 1000m memory: 2.5Gi ephemeral-storage: 5Gi containers: - name: backstage-backend # image will be replaced by the value of the `RELATED_IMAGE_backstage` env var, if set image: quay.io/janus-idp/backstage-showcase:latest imagePullPolicy: IfNotPresent args: - "--config" - "dynamic-plugins-root/app-config.dynamic-plugins.yaml" securityContext: runAsNonRoot: true allowPrivilegeEscalation: false readinessProbe: failureThreshold: 3 httpGet: path: /healthcheck port: 7007 scheme: HTTP initialDelaySeconds: 30 periodSeconds: 10 successThreshold: 2 timeoutSeconds: 2 livenessProbe: failureThreshold: 3 httpGet: path: /healthcheck port: 7007 scheme: HTTP initialDelaySeconds: 60 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 2 ports: - name: backend containerPort: 7007 env: - name: APP_CONFIG_backend_listen_port value: "7007" volumeMounts: - mountPath: /opt/app-root/src/dynamic-plugins-root name: dynamic-plugins-root resources: requests: cpu: 250m memory: 256Mi limits: cpu: 1000m memory: 2.5Gi ephemeral-storage: 5Gi dynamic-plugins.yaml: |- apiVersion: v1 kind: ConfigMap metadata: name: default-dynamic-plugins # must be the same as (deployment.yaml).spec.template.spec.volumes.name.dynamic-plugins-conf.configMap.name data: "dynamic-plugins.yaml": | includes: - dynamic-plugins.default.yaml plugins: [] route.yaml: |- apiVersion: route.openshift.io/v1 kind: Route metadata: name: route # placeholder for 'backstage-' spec: port: targetPort: http-backend path: / tls: insecureEdgeTerminationPolicy: Redirect termination: edge to: kind: Service name: # placeholder for 'backstage-' secret-envs.yaml: | apiVersion: v1 kind: Secret metadata: name: backend-auth-secret stringData: # generated with the command below (from https://janus-idp.io/docs/auth/service-to-service-auth/#setup): # node -p 'require("crypto").randomBytes(24).toString("base64")' BACKEND_SECRET: "R2FxRVNrcmwzYzhhN3l0V1VRcnQ3L1pLT09WaVhDNUEK" # notsecret service.yaml: |- apiVersion: v1 kind: Service metadata: name: backstage # placeholder for 'backstage-' spec: type: ClusterIP selector: rhdh.redhat.com/app: # placeholder for 'backstage-' ports: - name: http-backend port: 80 targetPort: backend kind: ConfigMap metadata: name: backstage-default-config