# INSTALLATION HELM NOTES ``` KURULUM NOTLARI -> tüm deploymentlara backstage-anyuid verildi -> postgresl de yeni database lighthouse_audit_service yaratıldı. (lighthouse deployment'i icin) -> lighthouse deployment'ında aşağıdaki env oluşturuldu. - name: PGPATH_TO_CA value: /etc/postgresql/ca.crt -> postgresql statefulset icindeki container security alani boş bırakıldı {} -> postgresql statefulset serviceAccountName: postgresql-anyuid verildi. -> https://github.com/backstage/backstage.git backstage chart'ı indirildi. Chart.yaml'daki postgre versionu 12.8.0 yapıldı. values.yaml oluşturuldu ve aşağıdaki gibi vi values.yaml # Default values for backstage. # This is a YAML-formatted file. # Declare variables to be passed into your templates. frontend: enabled: true replicaCount: 1 image: repository: martinaif/backstage-k8s-demo-frontend tag: test1 pullPolicy: IfNotPresent containerPort: 80 serviceType: ClusterIP serviceAccountName: backstage-anyuid resources: requests: memory: 128Mi limits: memory: 256Mi backend: enabled: true nodeEnv: development demoData: true replicaCount: 1 serviceAccountName: backstage-anyuid image: repository: martinaif/backstage-k8s-demo-backend tag: 20210423T1550 pullPolicy: IfNotPresent containerPort: 7007 serviceType: ClusterIP postgresCertMountEnabled: true resources: requests: memory: 512Mi limits: memory: 1024Mi lighthouse: enabled: true replicaCount: 1 image: repository: roadiehq/lighthouse-audit-service tag: latest pullPolicy: IfNotPresent containerPort: 3003 serviceType: ClusterIP postgresCertMountEnabled: true serviceAccountName: backstage-anyuid resources: requests: memory: 128Mi limits: memory: 256Mi database: connection: port: 5432 host: test-backstage-postgresql-hl user: postgres password: xxxxxxxxx database: lighthouse_audit_service pathToDatabaseCa: nameOverride: '' fullnameOverride: '' ingress: annotations: kubernetes.io/ingress.class: nginx issuer: email: clusterIssuer: 'letsencrypt-staging' global: postgresql: postgresqlUsername: postgres postgresqlPassword: devops2023 caFilename: ca.crt nodeSelector: {} postgresql: enabled: true serviceAccount: create: false name: postgresql-anyuid primary: podSecurityConext: enabled: false auth: username: postgres password: xxxxxxxxx service: port: 5432 nameOverride: postgresql tls: enabled: true certificatesSecret: backstage-postgresql-certs certFilename: tls.crt certKeyFilename: tls.key volumePermissions: enabled: true initdbScriptsSecret: backstage-postgresql-initdb appConfig: app: baseUrl: https://test-backstage.apps.nonprod.spider.com title: Backstage backend: baseUrl: https://test-backstage.apps.nonprod.spider.com listen: port: 7007 cors: origin: https://test-backstage.apps.nonprod.spider.com database: client: pg connection: database: backstage_plugin_catalog host: test-backstage-postgresql-hl user: postgres port: 5432 password: xxxxxxxx ssl: rejectUnauthorized: false ca: sentry: organization: spider.com techdocs: storageUrl: https://demo.example.com/api/techdocs/static/docs requestUrl: https://demo.example.com/api/techdocs lighthouse: baseUrl: https://demo.example.com/lighthouse-api rollbar: organization: spider.com # Auth config has recently moved into the app config file in upstream Backstage. However, # most of this config simply mandates that items like the client id and client secret should # be picked up from the environment variables named below. Those environment variables are # set in this helm controlled environment by the 'auth' configuration below this section. # Thus, the only key in this config which directly controls an app config is the # auth.providers.github.development.appOrigin property. auth: providers: google: development: appOrigin: 'http://localhost:3000/' secure: false clientId: ${AUTH_GOOGLE_CLIENT_ID} clientSecret: ${AUTH_GOOGLE_CLIENT_SECRET} github: development: appOrigin: 'http://localhost:3000/' secure: false clientId: ${AUTH_GITHUB_CLIENT_ID} clientSecret: ${AUTH_GITHUB_CLIENT_SECRET} enterpriseInstanceUrl: ${AUTH_GITHUB_ENTERPRISE_INSTANCE_URL} gitlab: development: appOrigin: 'http://localhost:3000/' secure: false clientId: ${AUTH_GITLAB_CLIENT_ID} clientSecret: ${AUTH_GITLAB_CLIENT_SECRET} audience: ${GITLAB_BASE_URL} okta: development: appOrigin: 'http://localhost:3000/' secure: false clientId: ${AUTH_OKTA_CLIENT_ID} clientSecret: ${AUTH_OKTA_CLIENT_SECRET} audience: ${AUTH_OKTA_AUDIENCE} oauth2: development: appOrigin: 'http://localhost:3000/' secure: false clientId: ${AUTH_OAUTH2_CLIENT_ID} clientSecret: ${AUTH_OAUTH2_CLIENT_SECRET} authorizationURL: ${AUTH_OAUTH2_AUTH_URL} tokenURL: ${AUTH_OAUTH2_TOKEN_URL} auth0: development: clientId: ${AUTH_AUTH0_CLIENT_ID} clientSecret: ${AUTH_AUTH0_CLIENT_SECRET} domain: ${AUTH_AUTH0_DOMAIN} microsoft: development: clientId: ${AUTH_MICROSOFT_CLIENT_ID} clientSecret: ${AUTH_MICROSOFT_CLIENT_SECRET} tenantId: ${AUTH_MICROSOFT_TENANT_ID} auth: google: clientId: a clientSecret: a github: clientId: c clientSecret: c gitlab: clientId: b clientSecret: b baseUrl: b okta: clientId: b clientSecret: b audience: b oauth2: clientId: b clientSecret: b authUrl: b tokenUrl: b auth0: clientId: b clientSecret: b domain: b microsoft: clientId: f clientSecret: f tenantId: f azure: api: token: h sentryToken: e rollbarAccountToken: f # This is a 'Personal Access Token' circleciAuthToken: r # Used by the scaffolder to create GitHub repos. Must have 'repo' scope. githubToken: g gitlabToken: g newRelicRestApiKey: r travisciAuthToken: fake-travis-ci-auth-token pagerdutyToken: h :wq! asagidaki komut ile kuruldu. helm install test-backstage -f values.yaml -n test-backstage . ``` ## REFERANCES https://medium.com/rahasak/deploy-spotify-backstage-with-kubernetes-b769e755e402 https://github.com/backstage/charts https://medium.com/@chrisschneider/build-a-developer-portal-with-backstage-on-openshift-d2a97aca91ee