feature/backstage (#13)

Reviewed-on: #13
Reviewed-by: gitea_admin <admin@forteapps.net>
Co-authored-by: Danijel Simeunovic <danijel.simeunovic@fortedigital.com>
Co-committed-by: Danijel Simeunovic <danijel.simeunovic@fortedigital.com>

infra/base/backstage.yaml

@@ -0,0 +1,43 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: backstage
+  namespace: argocd
+  annotations:
+    argocd.argoproj.io/sync-wave: "1"
+  labels:
+    app.kubernetes.io/name: backstage
+    app.kubernetes.io/part-of: developer-portal
+    app.kubernetes.io/managed-by: argocd
+  finalizers:
+  - resources-finalizer.argocd.argoproj.io
+spec:
+  project: default
+
+  sources:
+  - repoURL: https://redhat-developer.github.io/rhdh-chart
+    chart: backstage
+    targetRevision: "5.8.0"
+    helm:
+      releaseName: backstage
+      valueFiles:
+      - $values/infra/values/base/backstage-values.yaml
+      - $values/infra/values/upc-dev/backstage-values.yaml
+
+  - repoURL: ssh://git@git.forteapps.net:2222/Forte/launchpad.git
+    targetRevision: HEAD
+    ref: values
+
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: backstage
+
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+      allowEmpty: false
+    syncOptions:
+    - CreateNamespace=true
+    - Validate=true
+    - ServerSideApply=true

infra/base/kustomization.yaml

@@ -22,3 +22,4 @@ resources:
 - tempo.yaml
 - grafana-dashboards.yaml
 - network-policies-application.yaml
+- backstage.yaml

infra/values/base/backstage-values.yaml

@@ -0,0 +1,128 @@
+# Red Hat Developer Hub (RHDH) - Internal Developer Portal
+# Helm chart: https://github.com/redhat-developer/rhdh-chart
+# Includes 27+ plugins out of the box: ArgoCD, Kubernetes, Keycloak,
+# GitHub, GitLab, Jira, SonarQube, Tekton, Jenkins, and more.
+
+global:
+  auth:
+    backend:
+      enabled: true
+  dynamic:
+    includes:
+    - dynamic-plugins.default.yaml
+    plugins: []
+
+# Disable OpenShift Route (not on OpenShift)
+route:
+  enabled: false
+
+upstream:
+  backstage:
+    image:
+      registry: quay.io
+      repository: rhdh-community/rhdh
+      tag: next
+
+    podSecurityContext:
+      runAsUser: 1001
+      runAsGroup: 1001
+      fsGroup: 1001
+
+    resources:
+      requests:
+        cpu: 250m
+        memory: 1Gi
+      limits:
+        cpu: 1000m
+        memory: 2560Mi
+
+    extraEnvVarsSecrets:
+    - backstage-oidc-credentials
+
+    appConfig:
+      app:
+        title: "Forte Backstage"
+        baseUrl: http://localhost:7007
+
+      backend:
+        baseUrl: http://localhost:7007
+
+      # -- Keycloak OIDC authentication
+      signInPage: oidc
+      auth:
+        environment: production
+        providers:
+          oidc:
+            production:
+              metadataUrl: https://id.forteapps.net/realms/forte/.well-known/openid-configuration
+              clientId: ${AUTH_OIDC_CLIENT_ID}
+              clientSecret: ${AUTH_OIDC_CLIENT_SECRET}
+              prompt: auto
+              signIn:
+                resolvers:
+                - resolver: emailMatchingUserEntityProfileEmail
+
+      # -- Gitea SCM integration (for catalog URL resolution)
+      integrations:
+        gitea:
+        - host: git.forteapps.net
+
+      # -- Software catalog
+      catalog:
+        rules:
+        - allow:
+          - Component
+          - System
+          - API
+          - Resource
+          - Location
+          - Template
+          - Group
+          - User
+          - Domain
+        providers:
+          # Auto-discover catalog-info.yaml from all Forte org repos
+          gitea:
+            forte:
+              organization: Forte
+              host: git.forteapps.net
+              catalogPath: catalog-info.yaml
+              schedule:
+                frequency: { minutes: 30 }
+                timeout: { minutes: 3 }
+        locations:
+          # Backstage's own org data (bootstrap teams, systems, domains)
+          # - type: url
+          #   target: https://git.forteapps.net/Forte/backstage-catalog/raw/branch/main/org.yaml
+          #   rules:
+          #   - allow: [Group, User, System, Domain]
+
+  ingress:
+    enabled: true
+    className: traefik
+    annotations:
+      traefik.ingress.kubernetes.io/router.entrypoints: websecure
+
+  postgresql:
+    enabled: true
+    image:
+      registry: docker.io
+      repository: library/postgres
+      tag: "15"
+    primary:
+      persistence:
+        enabled: true
+        size: 2Gi
+      podSecurityContext:
+        enabled: true
+        fsGroup: 26
+        runAsUser: 26
+      resources:
+        requests:
+          cpu: 50m
+          memory: 128Mi
+        limits:
+          cpu: 250m
+          memory: 512Mi
+    volumePermissions:
+      enabled: true

infra/values/upc-dev/backstage-values.yaml

@@ -0,0 +1,12 @@
+global:
+  host: backstage.forteapps.net
+
+upstream:
+  backstage:
+    appConfig:
+      app:
+        baseUrl: https://backstage.forteapps.net
+      backend:
+        baseUrl: https://backstage.forteapps.net
+  ingress:
+    host: backstage.forteapps.net