RHDH backstage

docs/REFERENCE.md

@@ -965,21 +965,37 @@ ignore:
 - Check Gitea Actions tab for workflow run status and logs
 - Monitor Anthropic usage dashboard for token consumption
 
-### Backstage (Developer Portal)
+### Backstage / RHDH (Developer Portal)
 
-**Chart**: `backstage/backstage`
+**Chart**: `backstage` (RHDH — Red Hat Developer Hub)
-**Version**: `2.6.3`
+**Version**: `5.8.0`
 **Namespace**: `backstage`
-**Helm Repo**: `https://backstage.github.io/charts`
+**Helm Repo**: `https://redhat-developer.github.io/rhdh-chart`
+**Image**: `quay.io/rhdh-community/rhdh:next`
 
 **Purpose**: Internal developer portal where teams register and broadcast themselves, their applications, APIs, and systems. Provides a unified catalog, templates, and documentation hub.
 
+**Why RHDH over vanilla Backstage**: Ships 27+ plugins pre-bundled (ArgoCD, Kubernetes, Keycloak, GitHub, GitLab, Jira, SonarQube, Tekton, Jenkins, Quay, and more). Supports dynamic plugin installation at runtime — no image rebuilds needed.
+
 **Configuration** (`infra/values/base/backstage-values.yaml`):
-- PostgreSQL subchart enabled for persistence (standalone, 2Gi)
+- OpenShift Route disabled (`route.enabled: false`) — uses Traefik ingress instead
+- PostgreSQL subchart enabled for persistence (2Gi)
+- SecurityContext configured for vanilla Kubernetes (non-OpenShift)
 - Traefik ingress with `websecure` entrypoint
 - App title: "Forte Developer Portal"
+- Dynamic plugins: loads `dynamic-plugins.default.yaml` (all 27+ bundled plugins)
 - Catalog rules: Component, System, API, Resource, Location, Template, Group, User, Domain
 
+**Dynamic Plugins**:
+Add plugins at runtime via `global.dynamic.plugins` in values — no image rebuild:
+```yaml
+global:
+  dynamic:
+    plugins:
+    - package: "@scope/my-plugin@1.0.0"
+      integrity: "sha512-..."
+```
+
 **Catalog Registration**:
 Teams register services by adding a `catalog-info.yaml` to their repo root:
 ```yaml
@@ -996,11 +1012,14 @@ spec:
   owner: team-name
 ```
 
-Then add the location to `backstage-values.yaml` under `appConfig.catalog.locations`.
+Then add the location to `backstage-values.yaml` under `upstream.backstage.appConfig.catalog.locations`.
 
 **Per-cluster Configuration**:
 To set the ingress hostname, create a per-cluster overlay values file (e.g., `infra/values/upc-dev/backstage-values.yaml`) with:
 ```yaml
+global:
+  host: backstage.example.com
+upstream:
   backstage:
     appConfig:
       app:

infra/base/backstage.yaml

@@ -15,9 +15,9 @@ spec:
   project: default
 
   sources:
-  - repoURL: https://backstage.github.io/charts
+  - repoURL: https://redhat-developer.github.io/rhdh-chart
     chart: backstage
-    targetRevision: "2.6.3"
+    targetRevision: "5.8.0"
     helm:
       releaseName: backstage
       valueFiles:

infra/values/base/backstage-values.yaml

@@ -1,49 +1,51 @@
-# Backstage - Internal Developer Portal
+# Red Hat Developer Hub (RHDH) - Internal Developer Portal
-# Helm chart: https://github.com/backstage/charts
+# Helm chart: https://github.com/redhat-developer/rhdh-chart
+# Includes 27+ plugins out of the box: ArgoCD, Kubernetes, Keycloak,
+# GitHub, GitLab, Jira, SonarQube, Tekton, Jenkins, and more.
 
+global:
+  auth:
+    backend:
+      enabled: true
+  dynamic:
+    includes:
+    - dynamic-plugins.default.yaml
+    plugins: []
+
+# Disable OpenShift Route (not on OpenShift)
+route:
+  enabled: false
+
+upstream:
   backstage:
     image:
-    registry: ghcr.io
+      registry: quay.io
-    repository: backstage/backstage
+      repository: rhdh-community/rhdh
-    tag: latest
+      tag: next
+
+    podSecurityContext:
+      runAsUser: 1001
+      runAsGroup: 1001
+      fsGroup: 1001
 
     resources:
       requests:
-      cpu: 100m
+        cpu: 250m
-      memory: 256Mi
+        memory: 1Gi
       limits:
-      cpu: 500m
+        cpu: 1000m
-      memory: 512Mi
+        memory: 2560Mi
-
-  extraEnvVars:
-  - name: POSTGRES_HOST
-    value: "{{ .Release.Name }}-postgresql"
-  - name: POSTGRES_PORT
-    value: "5432"
-  - name: POSTGRES_USER
-    value: backstage
-  - name: POSTGRES_PASSWORD
-    valueFrom:
-      secretKeyRef:
-        name: "{{ .Release.Name }}-postgresql"
-        key: password
 
     appConfig:
       app:
         title: "Forte Developer Portal"
-      baseUrl: http://localhost:3000
+        baseUrl: http://localhost:7007
 
       backend:
         baseUrl: http://localhost:7007
-      listen:
-        port: 7007
         database:
-        client: pg
+          client: better-sqlite3
-        connection:
+          connection: ":memory:"
-          host: ${POSTGRES_HOST}
-          port: ${POSTGRES_PORT}
-          user: ${POSTGRES_USER}
-          password: ${POSTGRES_PASSWORD}
 
       catalog:
         rules:
@@ -57,11 +59,10 @@ backstage:
           - Group
           - User
           - Domain
-      locations:
+        locations: []
-      # Register components from Gitea repositories
+        # Register components from Gitea repositories by adding:
-      # Example: uncomment and adjust to scan your Gitea org
         # - type: url
-      #   target: https://git.forteapps.net/Forte/*/blob/main/catalog-info.yaml
+        #   target: https://git.forteapps.net/Forte/my-repo/raw/branch/main/catalog-info.yaml
         #   rules:
         #   - allow: [Component, System, API]
 
@@ -73,19 +74,24 @@ ingress:
 
   postgresql:
     enabled: true
-  auth:
+    image:
-    username: backstage
+      registry: docker.io
-    password: ""
+      repository: library/postgres
-    existingSecret: ""
+      tag: "15"
-  architecture: standalone
     primary:
+      persistence:
+        enabled: true
+        size: 2Gi
+      podSecurityContext:
+        enabled: true
+        fsGroup: 26
+        runAsUser: 26
       resources:
         requests:
           cpu: 50m
           memory: 128Mi
         limits:
           cpu: 250m
-        memory: 256Mi
+          memory: 512Mi
-    persistence:
+    volumePermissions:
       enabled: true
-      size: 2Gi