Install RHDH with Internal PostgreSQL via Ingress or SSL Passthrough L4 Network Load Balancer

In this first lesson, you will install RHDH with minimal configuration and expose it using Layer 4 Load Balancer or Ingress on GKE. The configuration also exposes RHDH over Secure Sockets Layer (SSL) using self-signed certificates or custom certificates.

In this lesson, you will:

• Get Developer Hub up and running with PostgreSQL and Ingress/Layer 4 Load Balancer (LB) enabled on your GKE cluster.

To begin, complete the following steps to ensure that the prerequisite conditions are satisfied:

1. Connect to the GKE cluster. Authenticate and set up GKE access using the Google Cloud command-line interface (CLI):

   gcloud auth login --cred-file=credentials.json
   gcloud config set project ${PROJECT_ID}
   gcloud components install gke-gcloud-auth-plugin
   gcloud container clusters get-credentials ${CLUSTER} --location ${LOCATION}

2. Create a namespace where RHDH will be installed and pull the secret to pull images from Red Hat Registry:

   apiVersion: v1
   kind: Namespace
   metadata:
     labels:
       kubernetes.io/metadata.name: rhdh-gke
     name: <namespace>
   
   ---
   
   apiVersion: v1
   data:
     .dockerconfigjson: <data>
   kind: Secret
   metadata:
     name: rhdh-pull-secret
     namespace: <namespace>
   type: kubernetes.io/dockerconfigjson

3. Create a managed certificate (optional). If you are planning to use a Google Cloud-managed certificate for the ingress, you can apply the ManagedCertificate CR onto the GKE cluster:

   apiVersion: networking.gke.io/v1
   kind: ManagedCertificate
   metadata:
     name: rhdh-cert
     namespace: rhdh-gke
   spec:
     domains:
       - <rhdh domain name>

Install Developer Hub with Helm

In the next steps, we’ll use Helm and configure the necessary settings using a values.yaml file to install RHDH.

1. Provide the host configuration. Specify the DNS value where RHDH will be exposed in global.host. This ensures proper ingress routing.
2. Configure pull secrets. If you need to pull Developer Hub images from the Red Hat Registry and require authentication, import the pull secret. Add it under upstream.backstage.image.pullSecrets, or upstream.global.imagePullSecrets.

3. Configure ingress:

   ingress:
         enabled: true
         annotations:
           kubernetes.io/ingress.class: gce
           networking.gke.io/managed-certificates: "rhdh-cert" 

   This configuration enables the creation of ingress on GKE using a default ingress class gce.

   TLS certificate configuration:

   • This example uses networking.gke.io/managed-certificates for TLS management.

   • If using self-provisioned TLS certificates, provide the secret name under: upstream.ingress.tls.secretName.

4. Alternatively, configure an L4 Load Balancer:

   upstream: 
     service:
       ports:
         backend: 443
       type: LoadBalancer
       externalTrafficPolicy: Local
       annotations: 
         cloud.google.com/l4-rbs: "enabled" 

   This example creates a back-end, service-based external passthrough Network Load Balancer. One can always provide a load balancer IP if using an existing Load Balancer.

5. Enable Backstage with SSL. By default, the application is configured to be exposed over HTTP. For passthrough, however, it requires SSL. The following configuration shows how to enable HTTPS for Backstage by providing the key and certificate in pem formats. If you skip the certificate section, Developer Hub will generate self-signed certificates.

   Using custom certificates:

   upstream: 
       appConfig:
         backend:
           https:
             certificate:
               key: <BACKSTAGE_SSL_KEY> # key in pem format 
               cert: <BACKSTAGE_SSL_CERT> # cert in pem format 

   Using self-signed certificates (also set environment variable NODE_TLS_REJECT_UNAUTHORIZED=0):

   upstream: 
       appConfig:
         backend:
           https: true

Install the Helm chart

Finally, use the following Helm command to install RHDH:

helm repo add openshift-helm-charts https://charts.openshift.io/

helm install rhdh \
    openshift-helm-charts/redhat-developer-hub \
    --namespace rhdh-gke \
    --values iteration-1/values-sample.yaml

After completing these steps, you’ll have RHDH up and running with PostgreSQL and ingress/Layer 4 LB enabled on your GKE cluster. In the next lesson, we will demonstrate how to configure a GCS bucket for TechDocs.