The backstage QShift application has been designed to showcase QShift (Quarkus on OpenShift). It is composed of the following plugins and integrated with different backend systems:
| Backstage plugin | Backend system |
|---|---|
| Core - 1.27.x | GitHub |
| Kubernetes | OpenShift 4.15 |
| Quarkus front & backend | code.quarkus.io, OpenShift Virtualization 4.15.2 |
| Quarkus Console | OpenShift 4.15 |
| ArgoCD front & backend | OpenShift GitOps 1.12.3 |
| Tekton | OpenShift Pipelines 1.15.0 |
| Topology | OpenShift 4.15 |
| DevTools |
Note: This backstage application is based on the backstage's version: 1.27.x
corepack enable !Important: If you need to provision an OpenShift cluster with the required backend systems: ArgoCD, Tekton, etc, then go to the next section Provision an ocp cluster, otherwise move to Backstage instructions
The following section details the different commands to be used to deploy the backend systems needed by QShift on a new OCP cluster (e.g. 4.15.x)
To subscribe to the operator and create the needed CR
Note: The version of the operator could be different according to the ocp cluster version used but the platform will in this case bump the version for you. Take care as this project could take time !
cd manifest/installation/virt
kubectl create ns openshift-cnv
kubectl apply -f subscription-kubevirt-hyperconverged.yml
kubectl apply -f hyperConverged.ymlTo install the customized fedora image packaging podman and socat, create now a DataVolume CR and wait till the image will be imported
kubectl -n openshift-virtualization-os-images apply -f quay-to-pvc-datavolume.ymlTo subscribe to the operator and create the needed CR
cd manifest/installation/gitops
kubectl create ns openshift-gitops-operator
kubectl apply -f subscription-gitops.ymlTo use ArgoCD with QShift, it is needed to delete the existing ArgoCD CR and to deploy our ArgoCD CR.
Note: Our CR includes different changes needed to work with QShift:
extraConfig: resource.customizations.health.PersistentVolumeClaim to avoid that ArgoCD watch the PVC resourcestls.termination: reencrypt to allow to access the ArgoCD routekubectl delete argocd/argocd -n openshift-gitops
kubectl apply -f argocd.ymlTodo: Instead of deleting and recreating a new ArgoCD CR, we should patch it or install it using kustomize. Example: https://github.com/redhat-cop/agnosticd/blob/development/ansible/roles_ocp_workloads/ocp4_workload_openshift_gitops/templates/openshift-gitops.yaml.j2
Patch the default AppProject CR to support to deploy the Applications CR in different namespaces.
kubectl get AppProject/default -n openshift-gitops -o json | jq '.spec.sourceNamespaces += ["*"]' | kubectl apply -f -Finally, create a new ClusterRoleBinding to give the Admin role to the ServiceAccount openshift-gitops-argocd-application-controller. That will allow it to manage the Applications CR deployed in any namespace of the cluster.
kubectl apply -f rbac.ymlTo subscribe to the operator, execute this command
cd manifest/installation/tekton
kubectl apply -f subscription-pipelines.ymlThis section explains how to use Backstage:
Before to install and use our Backstage application, it is needed to perform some steps such as:
config.json fileThe commands described hereafter will help you to set up what it is needed:
Start first by cloning this project locally
git clone https://github.com/q-shift/backstage-playground.git
cd backstage-playgroundLog on to the ocp cluster oc login --token=sha256 ... which has been provisioned
Create an OpenShift project:
oc new-project <MY_NAMESPACE>Important: The commands documented hereafter assume that your use the project created: oc project <MY_NAMESPACE>
Next create the following registry config.json file (or use yours). Provide the following registry: quay.io and docker as they are needed to build/push the image of the Quarkus container or to pull images from docker registry without the hassle of the docker limit.
QUAY_CREDS=$(echo -n "<QUAY_USER>:<QUAY_TOKEN>" | base64)
DOCKER_CREDS=$(echo -n "<DOCKER_USER>:<DOCKER_PWD>" | base64)
QUAY_ORG=<QUAY_ORG>
cat <<EOF > config.json
{
"auths": {
"quay.io/${QUAY_ORG}": {
"auth": "$QUAY_CREDS"
},
"https://index.docker.io/v1/": {
"auth": "$DOCKER_CREDS"
}
}
}
EOFImportant: The Org to define here for the container images registry should be the same as the one you will use when you scaffold a Quarkus application and build an image.
Deploy it using this command:
kubectl create secret generic dockerconfig-secret --from-file=config.jsonWarning: To allow Argo CD to manage resources in other namespaces apart from where it is installed, configure the target namespace with a argocd.argoproj.io/managed-by label.
kubectl label namespace <MY_NAMESPACE> \
argocd.argoproj.io/managed-by=<argocd_namespace> And finally, create the service account my-backstage and give it admin rights using the following RBAC to access the Kubernetes API resources.
kubectl create sa my-backstage
NAMESPACE=<MY_NAMESPACE>
cat <<EOF | kubectl apply -f -
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: backstage-$NAMESPACE-cluster-access
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:kind: ServiceAccount name: my-backstage namespace: $NAMESPACE EOF
**Note**: This is needed to create the SA in order to get the secret generated and containing the token that we will use at the step `Deploy and use Backstage on OCP`Next, it is needed to create a VM using the following commands:
oc project <MY_NAMESPACE>
kubectl create secret generic quarkus-dev-ssh-key --from-file=key=$HOME/.ssh/id_rsa.pub
kubectl apply -f manifest/installation/virt/quarkus-dev-virtualmachine.ymlYou can verify if the VMI is well running if you check its status:
kubectl get vm -n <MY_NAMESPACE>
NAMESPACE NAME AGE STATUS READY
<MY_NAMESPACE> quarkus-dev 32s Running TrueWe are now ready to deploy and use backstage within your project as documented at the following section.
A Backstage application uses an app-config.yaml configuration file to configure its front and backend application like the plugins accessing the backend systems.
As we cannot use a local config file as this is the case when you start backstage locally (yarn dev), then we will use for ocp a configMap and
define the sensitive information in a kubernetes secret.
This kubernetes secret, which contains k=v pairs, will be mounted as a volume within the backstage's pod and will override the appo-config.yaml file mounted also as a volume from a ConfigMap.
Trick: The backstage_env_secret.tmpl file contains what you need to get or set the sensitive information :-)
Copy the template and save it: backstage_env_secret.env:
cp manifest/templates/backstage_env_secret.tmpl backstage_env_secret.envEdit the file backstage_env_secret.env and set the different values using the information provided
Create the kubernetes secret using the env file:
kubectl create secret generic my-backstage-secrets --from-env-file=backstage_env_secret.envNote: The ConfigMap packaging the app-config.qshift.yaml file is deployed using our helm chart (see ./manifest/helm/configmap folder) and uses the template: ./templates/[app-config.qshift.tmpl](manifest%2Ftemplates%2Fapp-config.qshift.tmpl) !
To deploy backstage, create from the template manifest/templates/argocd.tmpl the argocd.yaml file and pass env variables to be substituted:
cat manifest/templates/argocd.tmpl | NAMESPACE=<MY_NAMESPACE> DOMAIN=<OCP_CLUSTER_DOMAIN> envsubst > argocd.yaml
kubectl apply -f argocd.yamlVerify if backstage is alive using the URL: https://backstage-<MY_NAMESPACE>.<OCP_CLUSTER_DOMAIN> and start to play with the templates:
Create your app-config.local.yaml file using the app-config.qshift.tmpl file and set the different
url/password/tokens using the env backstage_env_secret.tmpl like this
cp manifest/templates/backstage_env_secret.tmpl backstage_env_secret.env
# Edit the backstage_env_secret.env and set the different url/password/tokens !!
export $(grep -v '^#' backstage_env_secret.env | xargs)
envsubst < manifest/templates/app-config.qshift.tmpl > app-config.local.yamlWarning: If you use node 20, then export the following env var export NODE_OPTIONS=--no-node-snapshot as documented here.
Next run the following commands to start the front and backend using the app-config.local.yaml config file:
yarn install
export NODE_TLS_REJECT_UNAUTHORIZED=0
yarn devYou can now open the backstage URL http://localhodt:3000, select from the left menu /create and scaffold a new project using the template Create a Quarkus application
If you would like to automate the process to scaffold a project on an OpenShift Cluster provisioned with ArgoCD, Tekton, etc and without the need to use the UI, then follow the instructions described hereafter:
TOKEN env var to authenticate the curl requests issued against backstage
export TOKEN="<BACKSTAGE_AUTH_SECRET>"
# The "BACKSTAGE_AUTH_SECRET" corresponds to the token declared within the app-config.local.yaml file
# auth:
# externalAccess:
# - type: static
# options:
# token: <BACKSTAGE_AUTH_SECRET><XXXX> with your own data:cat <<EOF > req.json
{
"templateRef": "template:default/quarkus-application",
"values": {
"component_id": "<YOUR_QUARKUS_APP>",
"native": false,
"owner": "user:guest",
"groupId": "io.quarkus",
"artifactId": "my-quarkus-app",
"version": "1.0.0-SNAPSHOT",
"java_package_name": "io.quarkus.demo",
"description": "A cool quarkus app",
"javaVersion": "17",
"buildTool": "MAVEN",
"database": "quarkus-jdbc-postgresql",
"healthEndpoint": true,
"metricsEndpoint": true,
"infoEndpoint": true,
"extensions": [
"io.quarkus:quarkus-rest-jackson",
"io.quarkus:quarkus-smallrye-openapi",
"io.quarkus:quarkus-hibernate-orm-rest-data-panache",
"io.quarkus:quarkus-hibernate-validator"
],
"repo": {
"host": "github.com",
"org": "<YOUR_GITHUB_ORG>"
},
"namespace": "<YOUR_OCP_NAMESPACE>",
"imageRepository": "quay.io",
"virtualMachineName": "quarkus-dev",
"virtualMachineNamespace": "<THE_OCP_NAMESPACE_WHERE_PODMAN_VM_IS_RUNNING>",
"imageUrl": "quay.io/<YOUR_QUAY_ORG>/<QUAY_REPOSITORY>"
}
}
EOFURL=http://localhost:7007
curl $URL/api/scaffolder/v2/tasks \
-X POST \
-H 'Content-Type: application/json' \
-H "Authorization: Bearer $TOKEN" \
-d @req.jsonTo delete the different resources created (cluster, github), execute the following commands:
ARGOCD_SERVER=openshift-gitops-server-openshift-gitops.apps.qshift.snowdrop.dev
ARGOCD_USER=admin
ARGOCD_PWD=<ARGOCD_PWD>argocd login --insecure $ARGOCD_SERVER --username $ARGOCD_USER --password $ARGOCD_PWD --grpc-web
argocd app delete openshift-gitops/
argocd proj delete
- Database
If a database like Postgresql has been deployed for the Quarkus application created, then delete the PVC as the Helm Postgresql helm don't remove by default
```bash
kubectl delete -n <NAMESPACE> pvc -lapp.kubernetes.io/instance=<YOUR_QUARKUS_APP>-dbGitHub repository
gh repo delete github.com/<GIT_ORG>/<YOUR_QUARKUS_APP> --yesBackstage location/component
According to the name of <YOUR_QUARKUS_APP> created, then pickup one word from the application's name: todo, chatboot and use it as keyword to search hereafter:
KEY_TO_SEARCH="todo"
URL=http://localhost:7007
ID=$(curl -s -H "Authorization: Bearer $TOKEN" $URL:7007/api/catalog/locations | jq -r --arg appToSearch "$KEY_TO_SEARCH" '.[] | select(.data.target | contains($appToSearch)) | .data.id')
curl -X 'DELETE' -H "Authorization: Bearer $TOKEN" $URL/api/catalog/locations/$ID