humanitec-architecture · jayonthenet · Jul 26, 2024 · Jul 26, 2024 · Mar 28, 2025 · astromechza
@@ -253,6 +253,7 @@ Once you are finished with the reference architecture, you can remove all provis
 
 | Name | Version |
 |------|---------|
+| terraform | >= 1.0.0 |
 | terraform | >= 1.3.0 |
 | aws | ~> 5.17 |
 | github | ~> 5.38 |
@@ -281,6 +282,7 @@ Once you are finished with the reference architecture, you can remove all provis
 | humanitec\_k8s\_connection | ./modules/humanitec-k8s-connection | n/a |
 | portal\_backstage | ./modules/portal-backstage | n/a |
 | portal\_rhdh | ./modules/portal-rhdh | n/a |
+| terraform\_state\_backend | cloudposse/tfstate-backend/aws | 1.1.1 |
 
 ### Resources
 

@@ -0,0 +1,13 @@
+terraform {
+  required_version = ">= 1.0.0"
+
+  backend "s3" {
+    region         = "eu-central-1"
+    bucket         = "htc-demo-41-ra-rhos-with-rhdh-state"
+    key            = "terraform.tfstate"
+    dynamodb_table = "htc-demo-41-ra-rhos-with-rhdh-state-lock"
+    profile        = ""
+    role_arn       = ""
+    encrypt        = "true"
+  }
+}
@@ -62,7 +62,7 @@ resource "helm_release" "humanitec_operator" {
 
   repository = "oci://ghcr.io/humanitec/charts"
   chart      = "humanitec-operator"
-  version    = "0.2.6"
+  version    = "0.4.0"
   wait       = true
   timeout    = 300
 

@@ -31,3 +31,19 @@ resource "humanitec_resource_definition_criteria" "default_mysql" {
 
   force_delete = true
 }
+
+resource "humanitec_resource_definition" "default_logging" {
+  driver_type = "humanitec/logging-k8s"
+  id          = "default-logging"
+  name        = "default-logging"
+  type        = "logging"
+
+  driver_inputs = {}
+}
+
+resource "humanitec_resource_definition_criteria" "default_logging" {
+  resource_definition_id = humanitec_resource_definition.default_logging.id
+  class                  = "default"
+
+  force_delete = true
+}
@@ -55,7 +55,7 @@ resource "kubernetes_manifest" "argocd_operator_subscription" {
       name                = "argocd-operator"
       source              = "community-operators"
       sourceNamespace     = "openshift-marketplace"
-      startingCSV         = "argocd-operator.v0.10.0"
+      startingCSV         = "argocd-operator.v0.13.0"
     }
   }
 }
@@ -1,6 +1,5 @@
 locals {
   devhub_manifests = "${path.module}/devhub"
-
 }
 
 resource "kubernetes_namespace_v1" "rhdh" {
@@ -52,23 +51,140 @@ resource "kubernetes_secret_v1" "rhdh_secrets" {
   }
 }
 
-resource "kubernetes_manifest" "rhdh_app_configmap" {
-  manifest = yamldecode(file("${local.devhub_manifests}/rhdh-app-configmap.yaml"))
+resource "kubernetes_config_map" "rhdh_app_configmap" {
+  metadata {
+    name      = "app-config-rhdh"
+    namespace = kubernetes_namespace_v1.rhdh.id
+  }
 
-  field_manager {
-    force_conflicts = true
+  data = {
+    "app-config.yaml" = <<-EOT
+      app:
+        title: Red Hat Developer Hub
+        baseUrl: https://backstage-developer-hub-rhdh.${var.basedomain}
+      backend:
+        auth:
+          keys:
+            - secret: ${resource.kubernetes_secret_v1.rhdh_secrets.metadata[0].name}
+        baseUrl: https://backstage-developer-hub-rhdh.${var.basedomain}
+        cors:
+          origin: https://backstage-developer-hub-rhdh.${var.basedomain}
+      catalog:
+        rules:
+          - allow: [Component, System, Group, Resource, Location, Template, API, User, Domain, Type]
+        locations:
+          - type: url
+            target: https://github.com/humanitec-architecture/backstage-catalog-templates/blob/main/podinfo/template.yaml
+          - type: url
+            target: https://github.com/humanitec-architecture/backstage-catalog-templates/blob/main/node-service/template.yaml
+          - type: url
+            target: https://github.com/humanitec-architecture/reference-architecture-rhos/blob/main/backstage-templates/quarkus-todo/template.yaml
+      dynamicPlugins:
+        # See https://github.com/janus-idp/backstage-showcase/blob/main/showcase-docs/dynamic-plugins.md#frontend-layout-configuration
+        frontend:
+          humanitec.backstage-plugin:
+            mountPoints:
+              - mountPoint: entity.page.overview/cards
+                importName: HumanitecCardComponent
+                config:
+                  layout:
+                    gridColumn:
+                      lg: '5 / -1'
+                      md: '3 / -1'
+                      xs: '1 / -1'
+                  if:
+                    allOf:
+                      - isKind: component
+            scaffolderFieldExtensions:
+              - importName: ValidateHumanitecAppIDFieldExtension
+      humanitec:
+        orgId: ${var.humanitec_org_id}
+        token: ${var.humanitec_ci_service_user_token} # without Bearer
+        cloudProvider: aws
+        githubOrgId: ${var.github_org_id}
+      auth:
+        environment: production
+        providers:
+          github:
+            production:
+              clientId: ${var.github_app_client_id}
+              clientSecret: ${var.github_app_client_secret}
+              signIn:
+                resolvers:
+                  - resolver: usernameMatchingUserEntityName
+                    dangerouslyAllowSignInWithoutUserInCatalog: true
+      integrations:
+        github:
+          - host: github.com
+            apps:
+              - appId: ${var.github_app_id}
+                clientId: ${var.github_app_client_id}
+                clientSecret: ${var.github_app_client_secret}
+                webhookUrl: ${var.github_webhook_url}
+                webhookSecret: ${var.github_webhook_secret}
+                privateKey: |
+                  ${replace(var.github_app_private_key, "\n", "\n            ")}
+      signInPage: github
+    EOT
   }
 
   depends_on = [
     kubernetes_namespace_v1.rhdh
   ]
 }
 
-resource "kubernetes_manifest" "rhdh_dynamic_plugins_configmap" {
-  manifest = yamldecode(file("${local.devhub_manifests}/rhdh-dynamic-plugins-configmap.yaml"))
+resource "kubernetes_config_map" "dynamic_plugin_config_rhdh" {
+  metadata {
+    name      = "dynamic-plugin-config-rhdh"
+    namespace = kubernetes_namespace_v1.rhdh.id
+  }
 
-  field_manager {
-    force_conflicts = true
+  data = {
+    "dynamic-plugins.yaml" = <<-EOT
+      includes:
+        - dynamic-plugins.default.yaml
+      plugins:
+        - # update using: npm view @humanitec/backstage-plugin-scaffolder-backend-module-dynamic
+          package: '@humanitec/backstage-plugin-scaffolder-backend-module-dynamic@0.4.0'
+          integrity: 'sha512-sn6PgR0oCix/Nd0MXLoQ5SW00rF+SNmXArNuH/4dns5zLBN8iXXIhwLh8mIEKu7kI1P9pe/WYhGcA1GNSHCO2A=='
+          pluginConfig: {}
+        - # update using: npm view @humanitec/backstage-plugin-dynamic
+          package: '@humanitec/backstage-plugin-dynamic@0.8.0'
+          integrity: 'sha512-y3Cfy/+EkjW9hYqg6KOgRJ1mEobjppE1nkSj3cIBHFH1t5JXhqSE2OOxDzxdqvRdApk3e/JufEgTRn1MpcAxhg=='
+          pluginConfig: {}
+        - # update using: npm view @humanitec/backstage-plugin-backend-dynamic
+          package: '@humanitec/backstage-plugin-backend-dynamic@0.7.0'
+          integrity: 'sha512-zzrNbXvB1BVa/z1jWZQwFH90bXvNM5by1MSj7dZZ5MlcftB6D/G10RYvHar4QjsNx+o6klio5I32yLX6vwOYHA=='
+          pluginConfig: {}
+        - # update using: npm view @backstage/plugin-scaffolder-backend-module-github
+          package: '@backstage/plugin-scaffolder-backend-module-github@0.6.1'
+          integrity: 'sha512-B1lKoeEZlEz0uFs2LB5p+W2pinDUuLbbtDAV7m8KvAkim6bw7KJ/LB4ibXZHyCRa/nH4Gsgjnb/cTwemSpEveg=='
+          pluginConfig: {}
+        - package: './dynamic-plugins/dist/backstage-plugin-catalog-backend-module-github-dynamic'
+          disabled: false
+          pluginConfig:
+            catalog:
+              providers:
+                github:
+                  organization: "${var.github_org_id}"
+                  schedule:
+                    frequency: { minutes: 1 }
+                    timeout: { seconds: 45 }
+                    initialDelay: { seconds: 10 }
+        - package: './dynamic-plugins/dist/backstage-plugin-catalog-backend-module-github-org-dynamic'
+          disabled: false
+          pluginConfig:
+            catalog:
+              providers:
+                githubOrg:
+                  id: "${var.github_org_id}"
+                  githubUrl: "https://github.com"
+                  orgs: [ "${var.github_org_id}" ]
+                  schedule:
+                    frequency: { minutes: 1 }
+                    timeout: { seconds: 45 }
+                    initialDelay: { seconds: 10 }
+    EOT
   }
 
   depends_on = [
@@ -82,8 +198,8 @@ resource "kubernetes_manifest" "rhdh_instance" {
   depends_on = [
     kubernetes_manifest.rhdh_operator_group,
     kubernetes_manifest.rhdh_operator_subscription,
-    kubernetes_manifest.rhdh_app_configmap,
-    kubernetes_manifest.rhdh_dynamic_plugins_configmap,
+    kubernetes_config_map.rhdh_app_configmap,
+    kubernetes_config_map.dynamic_plugin_config_rhdh,
     kubernetes_secret_v1.rhdh_github_secrets,
     kubernetes_secret_v1.rhdh_secrets
   ]

@@ -0,0 +1,13 @@
+# TODO Remove before merge
+
+module "terraform_state_backend" {
+  source     = "cloudposse/tfstate-backend/aws"
+  version    = "1.1.1"
+  namespace  = var.humanitec_org_id
+  name       = "ra-rhos-with-rhdh"
+  attributes = ["state"]
+
+  terraform_backend_config_file_path = "."
+  terraform_backend_config_file_name = "backend.tf"
+  force_destroy                      = false
+}