Feat/add backstage

apps/README.md

@@ -1,4 +1,4 @@
-# stuttgart-things/helm/apps
+s# stuttgart-things/helm/apps
 
 App Helmfile templates.
 

apps/backstage.yaml.gotmpl

@@ -0,0 +1,77 @@
+---
+environments:
+  default:
+    values:
+      - version: "2.6.3"
+      - namespace: backstage
+      - clusterDomain: "172.18.0.3.nip.io"
+      - postgresql:
+          enabled: true
+          username: backstage
+          password: backstage # pragma: allowlist secret
+          architecture: standalone
+      - ingress:
+          enabled: false
+          className: nginx
+          clusterIssuer: selfsigned
+          host: backstage
+          tlsEnabled: true
+      - backstage:
+          replicas: 1
+          imageRegistry: ttl.sh
+          imageRepository: sthings/backstage
+          imageTag: "0.1.0"
+          extraAppConfig:
+            filename: app-config.extra.yaml
+            configMapRef: backstage-app-config
+      - secrets:
+          backstage-secrets:
+            namespace: backstage
+            kvs:
+              APP_TITLE: Stuttgart Things Backstage
+              ORGANIZATION_NAME: stuttgart-things
+              APP_BASE_URL: "" # pragma: allowlist secret
+              BACKEND_BASE_URL: "" # pragma: allowlist secret
+              BACKEND_PORT: "" # pragma: allowlist secret
+              CORS_ORIGIN: "" # pragma: allowlist secret
+              AUTH_ENVIRONMENT: "" # pragma: allowlist secret
+              GITHUB_TOKEN: "" # pragma: allowlist secret
+              GITHUB_CLIENT_ID: "" # pragma: allowlist secret
+              GITHUB_CLIENT_SECRET: "" # pragma: allowlist secret
+              BACKEND_SECRET: "" # pragma: allowlist secret
+---
+repositories:
+  - name: backstage
+    url: ghcr.io/backstage/charts
+    oci: true
+  - name: stuttgart-things
+    url: ghcr.io/stuttgart-things
+    oci: true
+
+releases:
+{{- if hasKey .Values.backstage "extraAppConfig" }}
+  - name: app-config-secret
+    disableValidationOnInstall: true
+    installed: true
+    namespace: {{ .Values.namespace }}
+    chart: stuttgart-things/sthings-cluster
+    version: 0.3.20
+    values:
+      - values/backstage-appconfig-secret.values.gotmpl
+{{- end }}
+{{- if hasKey .Values "gateway" }}
+  - name: backstage-httproute
+    disableValidationOnInstall: true
+    installed: true
+    namespace: {{ .Values.namespace }}
+    chart: stuttgart-things/sthings-cluster
+    version: 0.3.20
+    values:
+      - values/backstage-httproute.values.gotmpl
+{{- end }}
+  - name: backstage
+    namespace: {{ .Values.namespace }}
+    chart: backstage/backstage
+    version: {{ .Values.version }}
+    values:
+      - values/backstage.values.yaml.gotmpl

apps/values/backstage-appconfig-secret.values.gotmpl

@@ -0,0 +1,19 @@
+secrets:
+{{- range $k, $v := .Values.secrets }}
+  {{ $k }}:
+    name: {{ $k }}
+    namespace: {{ $v.namespace }}
+    secretKVs:
+    {{- range $key, $value := $v.kvs }}
+      {{ $key }}: {{ $value | quote }}
+    {{- end }}
+{{- end }}
+
+{{- if hasKey .Values "appConfig" }}
+configmaps:
+  backstage-app-config:
+    name: backstage-app-config
+    namespace: {{ .Values.namespace }}
+    app-config.extra.yaml: |
+{{ .Values.appConfig | indent 6 }}
+{{- end }}

apps/values/backstage-httproute.values.gotmpl

@@ -0,0 +1,42 @@
+customresources:
+  backstage-referencegrant:
+    apiVersion: gateway.networking.k8s.io/v1beta1
+    kind: ReferenceGrant
+    metadata:
+      name: backstage-gateway-access
+      namespace: {{ .Values.namespace }}
+      labels:
+        app.kubernetes.io/name: backstage
+        app.kubernetes.io/instance: backstage
+    spec:
+      from:
+        - group: gateway.networking.k8s.io
+          kind: Gateway
+          namespace: {{ .Values.gateway.namespace }}
+      to:
+        - group: ""
+          kind: Service
+  backstage-httproute:
+    apiVersion: gateway.networking.k8s.io/v1
+    kind: HTTPRoute
+    metadata:
+      name: backstage
+      namespace: {{ .Values.namespace }}
+      labels:
+        app.kubernetes.io/name: backstage
+        app.kubernetes.io/instance: backstage
+    spec:
+      hostnames:
+        - {{ .Values.gateway.hostname }}.{{ .Values.clusterDomain }}
+      parentRefs:
+        - name: {{ .Values.gateway.name }}
+          namespace: {{ .Values.gateway.namespace }}
+      rules:
+        - matches:
+            - path:
+                type: PathPrefix
+                value: /
+          backendRefs:
+            - name: backstage
+              namespace: {{ .Values.namespace }}
+              port: 7007

apps/values/backstage.values.yaml.gotmpl

@@ -0,0 +1,48 @@
+---
+clusterDomain: {{ .Values.clusterDomain }}
+
+{{- if .Values.storageClass }}
+global:
+  storageClass: {{ .Values.storageClass }}
+{{- end }}
+
+ingress:
+  enabled: {{ .Values.ingress.enabled }}
+  className: {{ .Values.ingress.className }}
+  annotations:
+    cert-manager.io/cluster-issuer: {{ .Values.ingress.clusterIssuer }}
+  host: {{ .Values.ingress.host }}.{{ .Values.clusterDomain }}
+  tls:
+    enabled: {{ .Values.ingress.tlsEnabled }}
+    secretName: {{ .Values.ingress.host }}-tls
+
+postgresql:
+  enabled: {{ .Values.postgresql.enabled }}
+  auth:
+    username: {{ .Values.postgresql.username }}
+    password: {{ .Values.postgresql.password }} # pragma: allowlist secret
+  architecture: {{ .Values.postgresql.architecture }}
+
+backstage:
+  replicas: {{ .Values.backstage.replicas }}
+  image:
+    registry: {{ .Values.backstage.imageRegistry }}
+    repository: {{ .Values.backstage.imageRepository }}
+    tag: "{{ .Values.backstage.imageTag }}"
+
+{{- range $secretName, $secretConfig := .Values.secrets }}
+  extraEnvVars:
+{{- range $key, $value := $secretConfig.kvs }}
+    - name: {{ $key }}
+      valueFrom:
+        secretKeyRef:
+          name: {{ $secretName }}
+          key: {{ $key }}
+{{- end }}
+{{- end }}
+
+{{- if hasKey .Values.backstage "extraAppConfig" }}
+  extraAppConfig:
+    - filename: {{ .Values.backstage.extraAppConfig.filename }}
+      configMapRef: {{ .Values.backstage.extraAppConfig.configMapRef }}
+{{- end }}