This repository has been archived by the owner on Aug 19, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 14
Initial Docs #64
Merged
Merged
Initial Docs #64
Changes from all commits
Commits
Show all changes
56 commits
Select commit
Hold shift + click to select a range
cfb83b2
yaml/configMap default configuration
gazarenkov c952470
Merge remote-tracking branch 'upstream/main' into status2
gazarenkov 9563358
fix make test
gazarenkov 46f0e7f
Merge remote-tracking branch 'upstream/main' into status2
gazarenkov 99b4e54
fix with new objects
gazarenkov cffa417
fix with new objects
gazarenkov 2bf0716
config small fixes
gazarenkov 47ba2f9
fix for https://github.com/janus-idp/operator/issues/51
gazarenkov 5882f62
Merge branch 'main' of https://github.com/janus-idp/operator into sta…
gazarenkov 4863874
Merge branch 'main' of https://github.com/janus-idp/operator into doc
gazarenkov 4bdb1a0
fix for https://github.com/janus-idp/operator/issues/58
gazarenkov 1970621
Merge remote-tracking branch 'upstream/main' into doc
gazarenkov 58e0287
initial doc commit (WIP)
gazarenkov 0f24d60
initial docs
gazarenkov 3cc03bd
Merge remote-tracking branch 'upstream/main' into doc
gazarenkov 19dd9ea
initial docs
gazarenkov f6eabef
Update config/manager/kustomization.yaml
gazarenkov 39fe89d
Update docs/developer.md
gazarenkov 67ed0c6
Update README.md
gazarenkov 71c9480
Update README.md
gazarenkov 1e2682f
Update README.md
gazarenkov c073d37
Update README.md
gazarenkov cbc4516
Update README.md
gazarenkov 2c2b627
Update README.md
gazarenkov dec5278
admin guide
gazarenkov 3ba5ef6
Merge remote-tracking branch 'upstream/main' into doc
gazarenkov dbf7fb4
Merge remote-tracking branch 'origin/doc' into doc
gazarenkov 3fb9783
Update docs/admin.md - typo
nickboldt 17b0078
Update docs/admin.md
gazarenkov 23b931e
Update docs/admin.md
gazarenkov e5a518b
Update README.md
gazarenkov 7a7a45f
Update docs/admin.md
gazarenkov f8a567f
Update README.md
gazarenkov 9924719
Update docs/admin.md
gazarenkov 6469e77
Merge remote-tracking branch 'upstream/main' into doc
gazarenkov 21c09b2
design
gazarenkov e5cce28
Merge branch 'doc' of https://github.com/gazarenkov/janus-idp-operato…
gazarenkov c6692dc
Update design.md
gazarenkov ecb19ad
more docs added and updated
gazarenkov 5eabc7f
Update docs/admin.md
gazarenkov 42c5df6
fixed examples/bs1.yaml
gazarenkov 10e6d34
added version to config table
gazarenkov d6be975
db-service-hl added to admin.yaml
gazarenkov d6436c8
Update docs/admin.md
gazarenkov 63dbec6
Update docs/admin.md
gazarenkov 68aba95
Update docs/admin.md
gazarenkov 137b7a0
Update docs/admin.md
gazarenkov ebb6c8f
Fix formatting of ConfigMap keys table in admin.md
rm3l eadc109
Apply review suggestions
rm3l f764850
Update docker/bundle.Dockerfile
nickboldt 2115f53
Update docs/admin.md
gazarenkov dbd07bf
Update README.md
gazarenkov ed7e166
Update README.md
gazarenkov a7e144c
Update README.md
gazarenkov c1d673b
Update README.md
gazarenkov 93708eb
Update bundle/manifests/backstage-operator.clusterserviceversion.yaml
gazarenkov File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,99 @@ | ||
# Administrator Guide | ||
|
||
## Backstage Operator configuration | ||
|
||
### Context | ||
|
||
As it is described in Design doc (TODO), Backstage CR's desired state is defined using layered configuration approach, which means: | ||
- By default each newly created Backstage CR uses Operator scope Default Configuration | ||
- Which can be fully or partially overriden for particular CR instance using ConfigMap with the name pointed in BackstageCR.spec.RawConfig | ||
- Which in turn can be customized by other BackstageCR.spec fields (see Backstage API doc) | ||
|
||
Cluster Administrator may want to customize Default Configuration due to internal preferences/limitations, for example: | ||
- Preferences/restrictions for Backstage and|or PostgreSQL images due to Airgapped environment. | ||
rm3l marked this conversation as resolved.
Show resolved
Hide resolved
|
||
- Existed Taints and Tolerations policy, so Backstage Pods have to be configured with certain tolerations restrictions. | ||
- ... | ||
|
||
Default Configuration is implemented as a ConfigMap called *backstage-default-config*, deployed on *backstage-system* namespace and mounted to Backstage controller container as a */default-config* directory. | ||
This config map contains the set of keys/values which maps to file names/contents in the */default-config*. | ||
These files contain yaml manifests of objects used by Backstage controller as an initial desired state of Backstage CR according to Backstage Operator configuration model: | ||
|
||
![Backstage Default ConfigMap and CR](images/backstage_admin_configmap_and_cr.jpg) | ||
|
||
|
||
Mapping of configMap keys (yaml files) to runtime objects (NOTE: for the time (Dec 20'23) it is a subject of change): | ||
|
||
| Key/File name | k8s/OCP Kind | Mandatory* | version | Notes | | ||
|--------------------------------|--------------------|----------------|---------|-------------------------------------------------| | ||
| deployment.yaml | appsv1.Deployment | Yes | all | Backstage deployment | | ||
| service.yaml | corev1.Service | Yes | all | Backstage Service | | ||
| db-statefulset.yaml | appsv1.Statefulset | For DB enabled | all | PostgreSQL StatefulSet | | ||
| db-service.yaml | corev1.Service | For DB enabled | all | PostgreSQL Service | | ||
| db-service-hl.yaml | corev1.Service | For DB enabled | all | PostgreSQL Service | | ||
| db-secret.yaml | corev1.Secret | For DB enabled | all | Secret to connect Backstage to PSQL | | ||
| route.yaml | openshift.Route | No (for OCP) | all | Route exposing Backstage service | | ||
| app-config.yaml | corev1.ConfigMap | No | 0.0.2 | Backstage app-config.yaml | | ||
| configmap-files.yaml | corev1.ConfigMap | No | 0.0.2 | Backstage config file inclusions from configMap | | ||
| configmap-envs.yaml | corev1.ConfigMap | No | 0.0.2 | Backstage env variables from configMap | | ||
| secret-files.yaml | corev1.Secret | No | 0.0.2 | Backstage config file inclusions from Secret | | ||
| secret-envs.yaml | corev1.Secret | No | 0.0.2 | Backstage env variables from Secret | | ||
| dynamic-plugins.yaml | corev1.ConfigMap | No | 0.0.2 | dynamic-plugins config * | | ||
| dynamic-plugins-configmap.yaml | corev1.ConfigMap | No | 0.0.1 | dynamic-plugins config * | | ||
| backend-auth-configmap.yaml | corev1.ConfigMap | No | 0.0.1 | backend auth config | | ||
|
||
|
||
NOTES: | ||
- Mandatory means it is needed to be present in either (or both) Default and CR Raw Configuration. | ||
- dynamic-plugins.yaml is a fragment of app-config.yaml provided with RHDH/Janus-IDP, which is mounted into a dedicated initContainer. | ||
- items marked as version 0.0.1 are not supported in version 0.0.2 | ||
### Operator Bundle configuration | ||
|
||
With Backstage Operator's Makefile you can generate bundle descriptor using *make bundle* command | ||
|
||
Along with CSV manifest it generates default-config ConfigMap manifest, which can be modified and applied to Backstage Operator. | ||
|
||
[//]: # (TODO: document how an administrator can make changes to the default operator configuration, using their own configuration file (perhaps based on the generated one), and apply it using `kubectl` or `oc`. | ||
|
||
### Kustomize deploy configuration | ||
gazarenkov marked this conversation as resolved.
Show resolved
Hide resolved
|
||
|
||
Make sure use the current context in your kubeconfig file is pointed to correct place, change necessary part of your config/manager/default-config or just replace some of the file(s) with yours and run | ||
`` | ||
make deploy | ||
`` | ||
|
||
### Direct ConfigMap configuration | ||
|
||
You can change default configuration by directly changing the default-config ConfigMap with kubectl like: | ||
|
||
- retrieve the current `default-config` from the cluster | ||
|
||
`` | ||
kubectl get -n backstage-system configmap default-config > my-config.yaml | ||
`` | ||
|
||
- modify the file in your editor of choice | ||
|
||
- apply the updated configuration to your cluster | ||
|
||
`` | ||
kubectl apply -n backstage-system -f my-config.yaml | ||
`` | ||
|
||
It has to be re-applied to the controller's container after being reconciled by kubernetes processes. | ||
|
||
|
||
### Use Cases | ||
|
||
#### Airgapped environment | ||
|
||
When creating the Backstage CR, the Operator will try to create a Backstage Pod, deploying: | ||
- Backstage Container from the image, configured in *(deployment.yaml).spec.template.spec.Containers[].image* | ||
- Init Container (applied for RHDH/Janus-IDP configuration, usually the same as Backstage Container) | ||
|
||
Also, if Backstage CR configured with *EnabledLocalDb*, it will create a PostgreSQL container pod, configured in *(db-deployment.yaml).spec.template.spec.Containers[].image* | ||
|
||
By default, the Backstage Operator is configured to use publicly available images. | ||
If you plan to deploy to a [restricted environment](https://docs.openshift.com/container-platform/4.14/operators/admin/olm-restricted-networks.html), | ||
you will need to configure your cluster or network to allow these images to be pulled. | ||
For the list of related images deployed by the Operator, see the `RELATED_IMAGE_*` env vars or `relatedImages` section of the [CSV](../bundle/manifests/backstage-operator.clusterserviceversion.yaml). | ||
See also https://docs.openshift.com/container-platform/4.14/operators/admin/olm-restricted-networks.html |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
WIP |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,62 @@ | ||
# Backstage Operator Design [WIP] | ||
|
||
The goal of Backstage Operator is to deploy Backstage workload to the Kubernetes namespace and keep this workload synced with the desired state defined by configuration. | ||
|
||
## Backstage Kubernetes Runtime | ||
|
||
Backstage Kubernetes workload consists of set of Kubernetes resources (Runtime Objects). | ||
Approximate set of Runtime Objects necessary for Backstage server on Kubernetes is shown on the diagram below: | ||
|
||
![Backstage Kubernetes Runtime](images/backstage_kubernetes_runtime.jpg) | ||
|
||
The most important object is Backstage Pod created by Backstage Deployment. That is where we run 'backstage-backend' container with Backstage application inside. | ||
This Backstage application is a web server which can be reached using Backstage Service. | ||
Actually, those 2 are the core part of Backstage workload. | ||
|
||
Backstage application uses SQL database as a data storage and it is possible to install PostgreSQL DB on the same namespace as Backstage instance. | ||
It brings PostgreSQL StatefulSet/Pod, Service to connect to Backstage and PV/PVC to store the data. | ||
|
||
For providing external access to Backstage server it is possible, depending on underlying infrastructure, to use Openshift Route or | ||
K8s Ingress on top of Backstage Service. | ||
Note that in versions up to 0.0.2, only Route configuration is supported by the Operator. | ||
|
||
Finally, the Backstage Operator supports all the [Backstage configuration](https://backstage.io/docs/conf/writing) options, which can be provided by creating dedicated | ||
ConfigMaps and Secrets, then contributing them to the Backstage Pod as mounted volumes or environment variables (see [Configuration](configuration.md) guide for details). | ||
|
||
## Configuration | ||
|
||
### Configuration layers | ||
|
||
The Backstage Operator can be configured to customize the deployed workload. | ||
With no changes to the default configuration, an admin user can deploy a Backstage instance to try it out for a local, personal, or small group test deployment. | ||
|
||
When you do want to customize your Backstage instance, there are 3 layers of configuration available. | ||
|
||
![Backstage Operator Configuration Layers](images/backstage_operator_configuration_layers.jpg) | ||
|
||
As shown in the picture above: | ||
|
||
- There is an Operator (Cluster) level Default Configuration implemented as a ConfigMap inside Backstage system namespace | ||
(where Backstage controller is launched). It allows to choose some optimal for most cases configuration which will be applied | ||
if there are no other config to override (i.e. Backstage CR is empty). | ||
- Another layer overriding default is instance (Backstage CR) scoped, implemented as a ConfigMap which | ||
has the same as default structure but inside Backstage instance's namespace. The name of theis ConfigMap | ||
is specified on Backstage.Spec.RawConfig field. It offers very flexible way to configure certain Backstage instance | ||
- And finally, there are set of fields on Backstage.Spec to override configuration made on level 1 and 2. | ||
It offers simple configuration of some parameters. So, user is not required to understand the | ||
overall structure of Backstage runtime object and is able to simply configure "the most important" parameters. | ||
(see [configuration](configuration.md) for more details) | ||
|
||
### Backstage Application | ||
|
||
Backstage Application comes with advanced configuration features. | ||
|
||
As per the [Backstage configuration](https://backstage.io/docs/conf/writing), a user can define and overload multiple _app-config.yaml_ | ||
files and flexibly configure them by including environment variables. | ||
Backstage Operator supports this flexibility allowing to define these configurations components in all the configuration levels | ||
(default, raw and CR) | ||
|
||
![Backstage App with Advanced Configuration](images/backstage_application_advanced_config.jpg) | ||
|
||
### Networking | ||
TODO |
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't think we're targetting k8s, only openshift. IIRC the helmchart is for k8s (and openshift too) but the operator is ONLY for openshift. @jasperchui @christophe-f am I correct here?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@nickboldt the codebase is working and tested on both K8s AND Openshift.
This is the message for GitHub repository README.
We probably need to slightly change this message and we definitely need to add more information about openshift/operatorhub as soon as we have it, but technically it is the truth and I doubt it will be much differ from the helm chart I guess (support of openshift == support of k8s + Route for this operator)
So, I'd definitely welcome improving the message from the marketing standpoint if it is the goal here but technically the current message it is relevant :)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'll let @christophe-f weigh in from the PM side. I'm OK with technically correct docs, but we don't want to imply support that we won't actually do.