Merge branch 'main' into RHIDP-4566-main

Author: themr0c

artifacts/attributes.adoc

@@ -88,9 +88,15 @@
 :authorization-book-url: https://docs.redhat.com/documentation/en-us/red_hat_developer_hub/{product-version}/html-single/authorization/index
 :authorization-book-title: Authorization
 
+:installing-on-osd-on-gcp-book-url: https://docs.redhat.com/en/documentation/red_hat_developer_hub/{product-version}/html-single/installing_red_hat_developer_hub_on_openshift_dedicated_on_google_cloud_platform/index
+:installing-on-osd-on-gcp-book-title: Installing {product} on {gcp-brand-name} on {gcp-brand-name}
+
 :installing-on-ocp-book-url: https://docs.redhat.com/en/documentation/red_hat_developer_hub/{product-version}/html-single/installing_red_hat_developer_hub_on_openshift_container_platform/index
 :installing-on-ocp-book-title: Installing {product} on {ocp-short}
 
+:installing-on-gke-book-url: https://docs.redhat.com/en/documentation/red_hat_developer_hub/{product-version}/html-single/installing_red_hat_developer_hub_on_google_kubernetes_engine/index
+:installing-on-gke-book-title: Installing {product} on {gke-brand-name}
+
 :installing-on-eks-book-url: https://docs.redhat.com/en/documentation/red_hat_developer_hub/{product-version}/html-single/installing_red_hat_developer_hub_on_amazon_elastic_kubernetes_service/index
 :installing-on-eks-book-title: Installing {product} on {eks-brand-name}
 

assemblies/assembly-about-rhdh.adoc

@@ -20,3 +20,5 @@ Use {product} to simplify decision-making through a selection of internally appr
 
 
 include::modules/about/con-benefits-of-rhdh.adoc[leveloffset=+1]
+include::modules/about/ref-supported-platforms.adoc[leveloffset=+1]
+include::modules/about/ref-rhdh-sizing.adoc[leveloffset=+1]

assemblies/assembly-audit-log.adoc

@@ -45,4 +45,4 @@ include::modules/observe/ref-audit-log-scaffolder-events.adoc[leveloffset=+2]
 
 include::modules/observe/ref-audit-log-catalog-events.adoc[leveloffset=+2]
 
-include::modules/observe/ref-audit-log-file-rotation-overview.adoc[]
+include::modules/observe/ref-audit-log-file-rotation-overview.adoc[]

assemblies/assembly-rhdh-integration-aks.adoc

@@ -13,4 +13,4 @@ This integration requires the deployment of {product-short} on {aks-short} using
 * The Helm chart
 * The {product} Operator
 
-//include::modules/admin/proc-rhdh-monitoring-logging-aks.adoc[leveloffset=+1] // moving observe category related content to new titles: RHIDP-4814
+//include::modules/admin/proc-rhdh-monitoring-logging-aks.adoc[leveloffset=+1] // moving observe category related content to new titles: RHIDP-4814

modules/getting-started/ref-rhdh-sizing.adoc renamed to modules/about/ref-rhdh-sizing.adoc

@@ -1,7 +1,8 @@
-[id='ref-rhdh-sizing_{context}']
+:_mod-docs-content-type: REFERENCE
+[id="rhdh-sizing_{context}"]
 = Sizing requirements for {product}
 
-Scalability of {product} requires significant resource allocation. The following table lists the sizing requirements for installing and running {product}, including {product-short} application, database components, and Operator.
+Scaling the {product} requires significant resource allocation. The following table lists the sizing requirements for installing and running {product}, including {product-short} application, database components, and Operator.
 
 .Recommended sizing for running {product}
 [cols="25%,25%,25%,25%", frame="all", options="header"]

modules/about/ref-supported-platforms.adoc

@@ -0,0 +1,15 @@
+:_newdoc-version: 2.18.3
+:_template-generated: 2024-11-08
+
+:_mod-docs-content-type: REFERENCE
+
+[id="supported-platforms_{context}"]
+= Supported platforms
+
+{product} runs on {ocp-short} {ocp-version-min}-{ocp-version} on supported architectures and providers, such as:
+
+* link:{installing-on-ocp-book-url}[{ocp-brand-name} {ocp-version-min}-{ocp-version}]
+* link:{installing-on-eks-book-url}[{eks-brand-name}]
+* link:{installing-on-aks-book-url}[{aks-brand-name}]
+* link:{installing-on-osd-on-gcp-book-url}[{gcp-brand-name}]
+* link:{installing-on-gke-book-url}[{gke-brand-name}]

modules/getting-started/proc-customize-rhdh-tech-radar-page.adoc

@@ -1,16 +1,8 @@
 [id='proc-customize-rhdh-tech-radar-page_{context}']
 = Customizing the Tech Radar page in {product}
 
-In {product}, the Tech Radar page is provided by the `tech-radar` dynamic plugin, which is disabled by default. For information about enabling dynamic plugins in {product} see link:{LinkPluginsGuide}[Configuring plugins in {product}].
-
-In {product}, you can configure Learning Paths by passing the data into the `app-config.yaml` file as a proxy. The base Tech Radar URL must include the `/developer-hub/tech-radar` proxy.
-
-[NOTE]
-====
-Due to the use of overlapping `pathRewrites` for both the `tech-radar` and `homepage` quick access proxies, you must create the `tech-radar` configuration (`^api/proxy/developer-hub/tech-radar`) before you create the `homepage` configuration (`^/api/proxy/developer-hub`).
-
-For more information about customizing the Home page in {product}, see xref:proc-customize-rhdh-homepage_rhdh-getting-started[Customizing the Home page in {product}].
-====
+In {product}, the Tech Radar page is provided by the `tech-radar` and `tech-radar-backend` dynamic plugins, which are disabled by default. 
+For information about enabling dynamic plugins in {product} see link:{LinkPluginsGuide}[Configuring plugins in {product}].
 
 You can provide data to the Tech Radar page from the following sources:
 
@@ -21,33 +13,22 @@ You can provide data to the Tech Radar page from the following sources:
 
 .Prerequisites
 
-You have installed {product} by using either the Operator or Helm chart.
-For more information, see xref:{installing-on-ocp-book-url}#assembly-install-rhdh-ocp[{installing-on-ocp-book-title}].
+* You have installed {product} by using either the Operator or Helm chart. For more information, see link:{installing-on-ocp-book-url}[{installing-on-ocp-book-title}].
+* You have specified the data sources for the Tech Radar plugin in the `integrations` section of the `app-config.yaml` file. For example, to configure GitHub as an integration, see link:{authentication-book-url}#authenticating-with-github[Authenticating with GitHub].
 
 .Procedure
 
 To access the data from the JSON files, complete the following step:
 
-* Add the following code to the `app-config.yaml` file:
+. Enable the `./dynamic-plugins/dist/backstage-community-plugin-tech-radar` and `/dynamic-plugins/dist/backstage-community-plugin-tech-radar-backend-dynamic` plugins.
+. Add the following code to the `app-config.yaml` file:
 +
 [source,yaml]
 ----
-proxy:
-  endpoints:
-    # Other Proxies
-    # customize developer hub instance
-    '/developer-hub':
-      target: <DOMAIN_URL> # i.e https://raw.githubusercontent.com/
-      pathRewrite:
-        '^/api/proxy/developer-hub/tech-radar': <path to json file> # i.e /janus-idp/backstage-showcase/main/packages/app/public/tech-radar/data-default.json
-	 '^/api/proxy/developer-hub': <path to json file> # i.e /janus-idp/backstage-showcase/main/packages/app/public/homepage/data.json
-      changeOrigin: true
-      secure: true
-
-      # Change to "false" in case of using self hosted cluster with a self-signed certificate
-      headers:
-	<HEADER_KEY>: <HEADER_VALUE> # optional and can be passed as needed i.e Authorization can be passed for private GitHub repo and PRIVATE-TOKEN can be passed for private GitLab repo
+techRadar:        
+    url: ${TECH_RADAR_DATA_URL} <1>
 ----
+<1>  `TECH_RADAR_DATA_URL` is the URL from which the JSON data is loaded.
 
 == Using a dedicated service to provide data to the Tech Radar page
 
@@ -66,24 +47,20 @@ For more information, see xref:{installing-on-ocp-book-url}#assembly-install-rhd
 
 To use a separate service to provide the Tech Radar data, complete the following steps:
 
-. Add the following code to the `app-config-rhdh.yaml` file:
+. Add the dedicated service as an allowed host by adding the following code to the `app-config.yaml` file:
 +
 [source,yaml]
 ----
-proxy:
-  endpoints:
-    # Other Proxies
-    '/developer-hub/tech-radar':
-      target: ${TECHRADAR_DATA_URL}
-      changeOrigin: true
-      # Change to "false" in case of using self hosted cluster with a self-signed certificate
-      secure: true
+backend:    
+   reading:    
+        allow:     
+          - host: 'hostname'
 ----
-where the `TECHRADAR_DATA_URL` is defined as `pass:c[http://<SERVICE_NAME>/tech-radar]`, for example, `pass:c[http://rhdh-customization-provider/tech-radar]`.
-+
-[NOTE]
-====
-You can define the `TECHRADAR_DATA_URL` by adding it to `rhdh-secrets` or by directly replacing it with its value in your custom ConfigMap.
-====
+. Add the following to the `app-config.yaml` file:
 +
-. Delete the {product-short} pod to ensure that the new configurations are loaded correctly.
+[source,yaml]
+----
+techRadar:        
+    url: ${TECH_RADAR_DATA_URL} <1>
+----
+<1> `TECH_RADAR_DATA_URL` is the URL from which the JSON data is loaded.

modules/installation/con-rhdh-overview.adoc

@@ -1,7 +1,7 @@
 [id="proc-configuring-an-rhdh-instance-with-tls-in-kubernetes_{context}"]
 = Configuring an {product-very-short} instance with a TLS connection in Kubernetes
 
-You can configure an {product-very-short} instance with a Transport Layer Security (TLS) connection in a Kubernetes cluster, such as an Azure Red Hat OpenShift (ARO) cluster, any cluster from a supported cloud provider, or your own cluster with proper configuration. However, You must use a public Certificate Authority (CA)-signed certificate to configure your Kubernetes cluster.
+You can configure a {product-very-short} instance with a Transport Layer Security (TLS) connection in a Kubernetes cluster, such as an Azure Red Hat OpenShift (ARO) cluster, any cluster from a supported cloud provider, or your own cluster with proper configuration. Transport Layer Security (TLS) ensures a secure connection for the {product-very-short} instance with other entities, such as third-party applications, or external databases. However, you must use a public Certificate Authority (CA)-signed certificate to configure your Kubernetes cluster.
 
 .Prerequisites
 

modules/installation/proc-configuring-an-rhdh-instance-with-tls-in-kubernetes.adoc

@@ -0,0 +1,195 @@
+[id="proc-deploy-rhdh-instance-gke.adoc_{context}"]
+= Deploying the {product-short} instance on {gke-short} with the Operator
+You can deploy your {product-short} instance in {gke-short} using the Operator. 
+
+.Prerequisites
+* A cluster administrator has installed the {product} Operator.
+* You have subscribed to `registry.redhat.io`. For more information, see https://access.redhat.com/RegistryAuthentication[{company-name} Container Registry Authentication].
+* You have installed `kubectl`. For more information, see https://kubernetes.io/docs/tasks/tools/#kubectl[Install kubetl].
+
+* You have configured a domain name for your {product-short} instance.
+* You have reserved a static external Premium IPv4 Global IP address that is not attached to any virtual machine (VM). For more information see https://cloud.google.com/vpc/docs/reserve-static-external-ip-address#reserve_new_static[Reserve a new static external IP address]
+* You have configured the DNS records for your domain name to point to the IP address that has been reserved. 
++
+[NOTE]
+====
+You need to create an `A` record with the value equal to the IP address. This process can take up to one hour to propagate.
+====
+
+.Procedure
+. Create a ConfigMap named `app-config-rhdh` containing the {product-short} configuration using the following template:
++
+--
+.`app-config-rhdh.yaml` fragment
+[source,yaml,subs="attributes+"]
+----
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: app-config-rhdh
+data:
+  "app-config-rhdh.yaml": |
+    app:
+      title: Red Hat Developer Hub
+      baseUrl: https://<rhdh_domain_name>
+    backend:
+      auth:
+        externalAccess:
+            - type: legacy
+              options:
+                subject: legacy-default-config
+                secret: "${BACKEND_SECRET}"
+      baseUrl: https://<rhdh_domain_name>
+      cors:
+        origin: https://<rhdh_domain_name>
+----
+--
+
+. Create a Secret named `secrets-rhdh` and add a key named `BACKEND_SECRET` with a `Base64-encoded` string as value:
++
+--
+.`secrets-rhdh` fragment
+[source,yaml]
+----
+apiVersion: v1
+kind: Secret
+metadata:
+  name: secrets-rhdh
+stringData:
+  # TODO: See https://backstage.io/docs/auth/service-to-service-auth/#setup
+  BACKEND_SECRET: "xxx"
+----
+
+[IMPORTANT]
+====
+Ensure that you use a unique value of `BACKEND_SECRET` for each {product-short} instance.
+====
+
+You can use the following command to generate a key:
+
+[source,terminal]
+----
+node-p'require("crypto").randomBytes(24).toString("base64")'
+----
+--
+
+. To enable pulling the PostgreSQL image from the {company-name} Ecosystem Catalog, add the image pull secret in the default service account within the namespace where the {product-short} instance is being deployed:
++
+--
+[source,terminal]
+----
+kubectl patch serviceaccount default \
+    -p '{"imagePullSecrets": [{"name": "rhdh-pull-secret"}]}' \
+    -n <your_namespace>
+----
+--
+
+. Create a Custom Resource file using the following template:
++
+--
+.Custom Resource fragment
+[source,yaml,subs="attributes+"]
+----
+apiVersion: rhdh.redhat.com/v1alpha1
+kind: Backstage
+metadata:
+  # This is the name of your {product-short} instance
+  name: my-rhdh
+spec:
+  application:
+    imagePullSecrets:
+    - "rhdh-pull-secret"
+    route:
+      enabled: false
+    appConfig:
+      configMaps:
+        - name: "app-config-rhdh"
+    extraEnvs:
+      secrets:
+        - name: "secrets-rhdh"
+----
+--
+
+. Set up a Google-managed certificate by creating a `ManagedCertificate` object which you must attach to the Ingress.
++
+--
+.Example of a `ManagedCertificate` object
+[source,yaml,subs="attributes+"]
+----
+apiVersion: networking.gke.io/v1
+kind: ManagedCertificate
+metadata:
+  name: <rhdh_certificate_name>
+spec:
+  domains:
+    - <rhdh_domain_name>
+----
+--
+For more information about setting up a Google-managed certificate, see https://cloud.google.com/kubernetes-engine/docs/how-to/managed-certs?hl=en#setting_up_a_google-managed_certificate[Setting up a Google-managed certificate]. 
+
+. Create a `FrontendConfig` object to set a policy for redirecting to HTTPS. You must attach this policy to the Ingress. 
++
+--
+.Example of a `FrontendConfig` object
+[source,yaml,subs="attributes+"]
+----
+apiVersion: networking.gke.io/v1beta1
+kind: FrontendConfig
+metadata:
+  name: <ingress_security_config>
+spec:
+  sslPolicy: gke-ingress-ssl-policy-https
+  redirectToHttps:
+    enabled: true
+----
+--
+For more information about setting a policy to redirect to HTTPS, see https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-configuration?hl=en#https_redirect[HTTP to HTTPS redirects].
+
+. Create an ingress resource using the following template, customizing the names as needed:
++
+--
+.Example of an ingress resource configuration
+[source,yaml,subs="attributes+"]
+----
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  # TODO: this the name of your Developer Hub Ingress
+  name: my-rhdh
+  annotations:
+    # If the class annotation is not specified it defaults to "gce".
+    kubernetes.io/ingress.class: "gce"
+    kubernetes.io/ingress.global-static-ip-name: <ADDRESS_NAME>
+    networking.gke.io/managed-certificates: <rhdh_certificate_name>
+    networking.gke.io/v1beta1.FrontendConfig: <ingress_security_config>
+spec:
+  ingressClassName: gce
+  rules:
+    # TODO: Set your application domain name.
+    - host: <rhdh_domain_name>
+      http:
+        paths:
+        - path: /
+          pathType: Prefix
+          backend:
+            service:
+              # TODO: my-rhdh is the name of your Backstage Custom Resource.
+              # Adjust if you changed it!
+              name: backstage-my-rhdh
+              port:
+                name: http-backend
+----
+--
+
+
+
+.Verification
+
+* Wait for the `ManagedCertificate` to be provisioned. This process can take a couple of hours.
+
+* Access {product-very-short} with `https://<rhdh_domain_name>`
+
+// Wait until the DNS name is responsive, indicating that your {product-short} instance is ready for use.
+
+.Additional information
+For more information on setting up {gke-short} using Ingress with TLS, see https://github.com/GoogleCloudPlatform/gke-networking-recipes/tree/main/ingress/single-cluster/ingress-https[Secure GKE Ingress].