From d9e9a44e3863dd2a44a326b301a9a399d9297d4c Mon Sep 17 00:00:00 2001 From: Patrick Hermann Date: Sat, 24 Jan 2026 04:47:42 +0000 Subject: [PATCH 1/3] feat: feat/add-backstage --- apps/backstage.yaml.gotmpl | 67 +++++++++++++++ .../backstage-appconfig-secret.values.gotmpl | 86 +++++++++++++++++++ apps/values/backstage.values.yaml.gotmpl | 42 +++++++++ 3 files changed, 195 insertions(+) create mode 100644 apps/backstage.yaml.gotmpl create mode 100644 apps/values/backstage-appconfig-secret.values.gotmpl create mode 100644 apps/values/backstage.values.yaml.gotmpl diff --git a/apps/backstage.yaml.gotmpl b/apps/backstage.yaml.gotmpl new file mode 100644 index 00000000..efb01b99 --- /dev/null +++ b/apps/backstage.yaml.gotmpl @@ -0,0 +1,67 @@ +--- +environments: + default: + values: + - version: "2.6.3" + - namespace: backstage + - clusterDomain: "172.18.0.3.nip.io" + - postgresql: + enabled: true + username: backstage + password: backstage # pragma: allowlist secret + architecture: standalone + - ingress: + enabled: false + className: nginx + clusterIssuer: selfsigned + host: backstage + tlsEnabled: true + - backstage: + replicas: 1 + imageRegistry: ttl.sh + imageRepository: sthings/backstage + imageTag: "0.1.0" + extraAppConfig: + filename: app-config.extra.yaml + configMapRef: backstage-app-config + - secrets: + backstage-secrets: + namespace: backstage + kvs: + APP_TITLE: Stuttgart Things Backstage + ORGANIZATION_NAME: stuttgart-things + APP_BASE_URL: "" # pragma: allowlist secret + BACKEND_BASE_URL: "" # pragma: allowlist secret + BACKEND_PORT: "" # pragma: allowlist secret + CORS_ORIGIN: "" # pragma: allowlist secret + AUTH_ENVIRONMENT: "" # pragma: allowlist secret + GITHUB_TOKEN: "" # pragma: allowlist secret + GITHUB_CLIENT_ID: "" # pragma: allowlist secret + GITHUB_CLIENT_SECRET: "" # pragma: allowlist secret + BACKEND_SECRET: "" # pragma: allowlist secret +--- +repositories: + - name: backstage + url: ghcr.io/backstage/charts + oci: true + - name: stuttgart-things + url: ghcr.io/stuttgart-things + oci: true + +releases: +{{- if hasKey .Values.backstage "extraAppConfig" }} + - name: app-config-secret + disableValidationOnInstall: true + installed: true + namespace: {{ .Values.namespace }} + chart: stuttgart-things/sthings-cluster + version: 0.3.20 + values: + - values/backstage-appconfig-secret.values.gotmpl +{{- end }} + - name: backstage + namespace: {{ .Values.namespace }} + chart: backstage/backstage + version: {{ .Values.version }} + values: + - values/backstage.values.yaml.gotmpl \ No newline at end of file diff --git a/apps/values/backstage-appconfig-secret.values.gotmpl b/apps/values/backstage-appconfig-secret.values.gotmpl new file mode 100644 index 00000000..62e4a326 --- /dev/null +++ b/apps/values/backstage-appconfig-secret.values.gotmpl @@ -0,0 +1,86 @@ +---- +secrets: +{{- range $k, $v := .Values.secrets }} + {{ $k }}: + name: {{ $k }} + namespace: {{ $v.namespace }} + secretKVs: + {{- range $key, $value := $v.kvs }} + {{ $key }}: {{ $value | quote }}{{ end }} +{{- end }} + kubernetes-config: + name: kubernetes-config + namespace: default + secretFiles: + app-config.yaml: | + app: + title: Backstage + baseUrl: ${APP_BASE_URL} + organization: + name: ${ORGANIZATION_NAME} + backend: + auth: + keys: + - secret: ${BACKEND_SECRET:-change-me-in-production} + baseUrl: ${BACKEND_BASE_URL:-http://localhost:7007} + listen: + port: ${BACKEND_PORT:-7007} + csp: + connect-src: ["'self'", 'http:', 'https:'] + cors: + origin: ${CORS_ORIGIN:-http://localhost:3000} + methods: [GET, HEAD, PATCH, POST, PUT, DELETE] + credentials: true + database: + client: better-sqlite3 + connection: ':memory:' + integrations: + github: + - host: github.com + token: ${GITHUB_TOKEN} + + proxy: + ### Example for how to add a proxy endpoint for the frontend. + techdocs: + builder: 'local' # Alternatives - 'external' + generator: + runIn: 'docker' # Alternatives - 'local' + publisher: + type: 'local' # Alternatives - 'googleGcs' or 'awsS3'. Read documentation for using alternatives. + + auth: + environment: development + providers: + guest: {} + github: + development: + clientId: ${GITHUB_CLIENT_ID} + clientSecret: ${GITHUB_CLIENT_SECRET} + signIn: + resolvers: + - resolver: usernameMatchingUserEntityName + + scaffolder: + # see https://backstage.io/docs/features/software-templates/configuration for software template options + + catalog: + import: + entityFilename: catalog-info.yaml + pullRequestBranchName: backstage-integration + rules: + - allow: [Component, System, API, Resource, Location] + locations: + - type: url + target: https://github.com/stuttgart-things/backstage-resources/blob/main/org/sthings-dev/org.yaml + rules: + - allow: [User, Group] + + - type: url + target: https://github.com/stuttgart-things/backstage-resources/blob/main/services/sthings-dev/catalog-index.yaml + rules: + - allow: [Component, Location, System, API, Resource] + + kubernetes: + + permission: + enabled: true diff --git a/apps/values/backstage.values.yaml.gotmpl b/apps/values/backstage.values.yaml.gotmpl new file mode 100644 index 00000000..d5e36139 --- /dev/null +++ b/apps/values/backstage.values.yaml.gotmpl @@ -0,0 +1,42 @@ +--- +clusterDomain: {{ .Values.clusterDomain }} + +ingress: + enabled: {{ .Values.ingress.enabled }} + className: {{ .Values.ingress.className }} + annotations: + cert-manager.io/cluster-issuer: {{ .Values.ingress.clusterIssuer }} + host: {{ .Values.ingress.host }}.{{ .Values.clusterDomain }} + tls: + enabled: {{ .Values.ingress.tlsEnabled }} + +postgresql: + enabled: {{ .Values.postgresql.enabled }} + auth: + username: {{ .Values.postgresql.username }} + password: {{ .Values.postgresql.password }} # pragma: allowlist secret + architecture: {{ .Values.postgresql.architecture }} + +backstage: + replicas: {{ .Values.backstage.replicas }} + image: + registry: {{ .Values.backstage.imageRegistry }} + repository: {{ .Values.backstage.imageRepository }} + tag: {{ .Values.backstage.imageTag }} + +{{- range $secretName, $secretConfig := .Values.secrets }} + extraEnvVars: +{{- range $key, $value := $secretConfig.kvs }} + - name: {{ $key }} + valueFrom: + secretKeyRef: + name: {{ $secretName }} + key: {{ $key }} +{{- end }} +{{- end }} + +{{- if hasKey .Values.backstage "extraAppConfig" }} + extraAppConfig: + - filename: {{ .Values.backstage.extraAppConfig.filename }} + configMapRef: {{ .Values.backstage.extraAppConfig.configMapRef }} +{{- end }} From 36da9a4230e58d50374b329e3e404f339d23b293 Mon Sep 17 00:00:00 2001 From: Patrick Hermann Date: Wed, 18 Feb 2026 13:35:26 +0000 Subject: [PATCH 2/3] feat: feat/add-backstage --- apps/README.md | 2 +- apps/backstage.yaml.gotmpl | 2 +- .../backstage-appconfig-secret.values.gotmpl | 143 +++++++++--------- apps/values/backstage.values.yaml.gotmpl | 1 + 4 files changed, 75 insertions(+), 73 deletions(-) diff --git a/apps/README.md b/apps/README.md index 1501d3fd..ca1108f6 100644 --- a/apps/README.md +++ b/apps/README.md @@ -1,4 +1,4 @@ -# stuttgart-things/helm/apps +s# stuttgart-things/helm/apps App Helmfile templates. diff --git a/apps/backstage.yaml.gotmpl b/apps/backstage.yaml.gotmpl index efb01b99..f1b3bfb5 100644 --- a/apps/backstage.yaml.gotmpl +++ b/apps/backstage.yaml.gotmpl @@ -64,4 +64,4 @@ releases: chart: backstage/backstage version: {{ .Values.version }} values: - - values/backstage.values.yaml.gotmpl \ No newline at end of file + - values/backstage.values.yaml.gotmpl diff --git a/apps/values/backstage-appconfig-secret.values.gotmpl b/apps/values/backstage-appconfig-secret.values.gotmpl index 62e4a326..49a6407c 100644 --- a/apps/values/backstage-appconfig-secret.values.gotmpl +++ b/apps/values/backstage-appconfig-secret.values.gotmpl @@ -1,4 +1,3 @@ ----- secrets: {{- range $k, $v := .Values.secrets }} {{ $k }}: @@ -6,81 +5,83 @@ secrets: namespace: {{ $v.namespace }} secretKVs: {{- range $key, $value := $v.kvs }} - {{ $key }}: {{ $value | quote }}{{ end }} + {{ $key }}: {{ $value | quote }} + {{- end }} {{- end }} - kubernetes-config: - name: kubernetes-config - namespace: default - secretFiles: - app-config.yaml: | - app: - title: Backstage - baseUrl: ${APP_BASE_URL} - organization: - name: ${ORGANIZATION_NAME} - backend: - auth: - keys: - - secret: ${BACKEND_SECRET:-change-me-in-production} - baseUrl: ${BACKEND_BASE_URL:-http://localhost:7007} - listen: - port: ${BACKEND_PORT:-7007} - csp: - connect-src: ["'self'", 'http:', 'https:'] - cors: - origin: ${CORS_ORIGIN:-http://localhost:3000} - methods: [GET, HEAD, PATCH, POST, PUT, DELETE] - credentials: true - database: - client: better-sqlite3 - connection: ':memory:' - integrations: - github: - - host: github.com - token: ${GITHUB_TOKEN} - - proxy: - ### Example for how to add a proxy endpoint for the frontend. - techdocs: - builder: 'local' # Alternatives - 'external' - generator: - runIn: 'docker' # Alternatives - 'local' - publisher: - type: 'local' # Alternatives - 'googleGcs' or 'awsS3'. Read documentation for using alternatives. +configmaps: + backstage-app-config: + name: backstage-app-config + namespace: {{ .Values.namespace }} + app-config.extra.yaml: | + app: + title: Backstage + baseUrl: ${APP_BASE_URL} + organization: + name: ${ORGANIZATION_NAME} + backend: auth: - environment: development - providers: - guest: {} - github: - development: - clientId: ${GITHUB_CLIENT_ID} - clientSecret: ${GITHUB_CLIENT_SECRET} - signIn: - resolvers: - - resolver: usernameMatchingUserEntityName + keys: + - secret: ${BACKEND_SECRET:-change-me-in-production} + baseUrl: ${BACKEND_BASE_URL:-http://localhost:7007} + listen: + port: ${BACKEND_PORT:-7007} + csp: + connect-src: ["'self'", 'http:', 'https:'] + cors: + origin: ${CORS_ORIGIN:-http://localhost:3000} + methods: [GET, HEAD, PATCH, POST, PUT, DELETE] + credentials: true + database: + client: better-sqlite3 + connection: ':memory:' + integrations: + github: + - host: github.com + token: ${GITHUB_TOKEN} + + proxy: + ### Example for how to add a proxy endpoint for the frontend. + techdocs: + builder: 'local' # Alternatives - 'external' + generator: + runIn: 'local' # Alternatives - 'local' + publisher: + type: 'local' # Alternatives - 'googleGcs' or 'awsS3'. Read documentation for using alternatives. + + auth: + environment: development + providers: + guest: {} + github: + development: + clientId: ${GITHUB_CLIENT_ID} + clientSecret: ${GITHUB_CLIENT_SECRET} + signIn: + resolvers: + - resolver: usernameMatchingUserEntityName - scaffolder: - # see https://backstage.io/docs/features/software-templates/configuration for software template options + scaffolder: + # see https://backstage.io/docs/features/software-templates/configuration for software template options - catalog: - import: - entityFilename: catalog-info.yaml - pullRequestBranchName: backstage-integration - rules: - - allow: [Component, System, API, Resource, Location] - locations: - - type: url - target: https://github.com/stuttgart-things/backstage-resources/blob/main/org/sthings-dev/org.yaml - rules: - - allow: [User, Group] + catalog: + import: + entityFilename: catalog-info.yaml + pullRequestBranchName: backstage-integration + rules: + - allow: [Component, System, API, Resource, Location] + locations: + - type: url + target: https://github.com/stuttgart-things/backstage-resources/blob/main/org/sthings-dev/org.yaml + rules: + - allow: [User, Group] - - type: url - target: https://github.com/stuttgart-things/backstage-resources/blob/main/services/sthings-dev/catalog-index.yaml - rules: - - allow: [Component, Location, System, API, Resource] + - type: url + target: https://github.com/stuttgart-things/backstage-resources/blob/main/services/sthings-dev/catalog-index.yaml + rules: + - allow: [Component, Location, System, API, Resource] - kubernetes: + kubernetes: - permission: - enabled: true + permission: + enabled: true diff --git a/apps/values/backstage.values.yaml.gotmpl b/apps/values/backstage.values.yaml.gotmpl index d5e36139..cb492f4c 100644 --- a/apps/values/backstage.values.yaml.gotmpl +++ b/apps/values/backstage.values.yaml.gotmpl @@ -9,6 +9,7 @@ ingress: host: {{ .Values.ingress.host }}.{{ .Values.clusterDomain }} tls: enabled: {{ .Values.ingress.tlsEnabled }} + secretName: {{ .Values.ingress.host }}-tls postgresql: enabled: {{ .Values.postgresql.enabled }} From 9b25de0a88be070d2248c635bcc1992b9dbe852e Mon Sep 17 00:00:00 2001 From: Patrick Hermann Date: Wed, 18 Feb 2026 15:53:30 +0000 Subject: [PATCH 3/3] feat: feat/add-backstage --- apps/backstage.yaml.gotmpl | 10 +++ .../backstage-appconfig-secret.values.gotmpl | 74 +------------------ apps/values/backstage-httproute.values.gotmpl | 42 +++++++++++ apps/values/backstage.values.yaml.gotmpl | 7 +- 4 files changed, 61 insertions(+), 72 deletions(-) create mode 100644 apps/values/backstage-httproute.values.gotmpl diff --git a/apps/backstage.yaml.gotmpl b/apps/backstage.yaml.gotmpl index f1b3bfb5..875d775e 100644 --- a/apps/backstage.yaml.gotmpl +++ b/apps/backstage.yaml.gotmpl @@ -58,6 +58,16 @@ releases: version: 0.3.20 values: - values/backstage-appconfig-secret.values.gotmpl +{{- end }} +{{- if hasKey .Values "gateway" }} + - name: backstage-httproute + disableValidationOnInstall: true + installed: true + namespace: {{ .Values.namespace }} + chart: stuttgart-things/sthings-cluster + version: 0.3.20 + values: + - values/backstage-httproute.values.gotmpl {{- end }} - name: backstage namespace: {{ .Values.namespace }} diff --git a/apps/values/backstage-appconfig-secret.values.gotmpl b/apps/values/backstage-appconfig-secret.values.gotmpl index 49a6407c..8b63a81e 100644 --- a/apps/values/backstage-appconfig-secret.values.gotmpl +++ b/apps/values/backstage-appconfig-secret.values.gotmpl @@ -9,79 +9,11 @@ secrets: {{- end }} {{- end }} +{{- if hasKey .Values "appConfig" }} configmaps: backstage-app-config: name: backstage-app-config namespace: {{ .Values.namespace }} app-config.extra.yaml: | - app: - title: Backstage - baseUrl: ${APP_BASE_URL} - organization: - name: ${ORGANIZATION_NAME} - backend: - auth: - keys: - - secret: ${BACKEND_SECRET:-change-me-in-production} - baseUrl: ${BACKEND_BASE_URL:-http://localhost:7007} - listen: - port: ${BACKEND_PORT:-7007} - csp: - connect-src: ["'self'", 'http:', 'https:'] - cors: - origin: ${CORS_ORIGIN:-http://localhost:3000} - methods: [GET, HEAD, PATCH, POST, PUT, DELETE] - credentials: true - database: - client: better-sqlite3 - connection: ':memory:' - integrations: - github: - - host: github.com - token: ${GITHUB_TOKEN} - - proxy: - ### Example for how to add a proxy endpoint for the frontend. - techdocs: - builder: 'local' # Alternatives - 'external' - generator: - runIn: 'local' # Alternatives - 'local' - publisher: - type: 'local' # Alternatives - 'googleGcs' or 'awsS3'. Read documentation for using alternatives. - - auth: - environment: development - providers: - guest: {} - github: - development: - clientId: ${GITHUB_CLIENT_ID} - clientSecret: ${GITHUB_CLIENT_SECRET} - signIn: - resolvers: - - resolver: usernameMatchingUserEntityName - - scaffolder: - # see https://backstage.io/docs/features/software-templates/configuration for software template options - - catalog: - import: - entityFilename: catalog-info.yaml - pullRequestBranchName: backstage-integration - rules: - - allow: [Component, System, API, Resource, Location] - locations: - - type: url - target: https://github.com/stuttgart-things/backstage-resources/blob/main/org/sthings-dev/org.yaml - rules: - - allow: [User, Group] - - - type: url - target: https://github.com/stuttgart-things/backstage-resources/blob/main/services/sthings-dev/catalog-index.yaml - rules: - - allow: [Component, Location, System, API, Resource] - - kubernetes: - - permission: - enabled: true +{{ .Values.appConfig | indent 6 }} +{{- end }} diff --git a/apps/values/backstage-httproute.values.gotmpl b/apps/values/backstage-httproute.values.gotmpl new file mode 100644 index 00000000..b5d102ed --- /dev/null +++ b/apps/values/backstage-httproute.values.gotmpl @@ -0,0 +1,42 @@ +customresources: + backstage-referencegrant: + apiVersion: gateway.networking.k8s.io/v1beta1 + kind: ReferenceGrant + metadata: + name: backstage-gateway-access + namespace: {{ .Values.namespace }} + labels: + app.kubernetes.io/name: backstage + app.kubernetes.io/instance: backstage + spec: + from: + - group: gateway.networking.k8s.io + kind: Gateway + namespace: {{ .Values.gateway.namespace }} + to: + - group: "" + kind: Service + backstage-httproute: + apiVersion: gateway.networking.k8s.io/v1 + kind: HTTPRoute + metadata: + name: backstage + namespace: {{ .Values.namespace }} + labels: + app.kubernetes.io/name: backstage + app.kubernetes.io/instance: backstage + spec: + hostnames: + - {{ .Values.gateway.hostname }}.{{ .Values.clusterDomain }} + parentRefs: + - name: {{ .Values.gateway.name }} + namespace: {{ .Values.gateway.namespace }} + rules: + - matches: + - path: + type: PathPrefix + value: / + backendRefs: + - name: backstage + namespace: {{ .Values.namespace }} + port: 7007 diff --git a/apps/values/backstage.values.yaml.gotmpl b/apps/values/backstage.values.yaml.gotmpl index cb492f4c..4a030477 100644 --- a/apps/values/backstage.values.yaml.gotmpl +++ b/apps/values/backstage.values.yaml.gotmpl @@ -1,6 +1,11 @@ --- clusterDomain: {{ .Values.clusterDomain }} +{{- if .Values.storageClass }} +global: + storageClass: {{ .Values.storageClass }} +{{- end }} + ingress: enabled: {{ .Values.ingress.enabled }} className: {{ .Values.ingress.className }} @@ -23,7 +28,7 @@ backstage: image: registry: {{ .Values.backstage.imageRegistry }} repository: {{ .Values.backstage.imageRepository }} - tag: {{ .Values.backstage.imageTag }} + tag: "{{ .Values.backstage.imageTag }}" {{- range $secretName, $secretConfig := .Values.secrets }} extraEnvVars: