RHIDP-7849 Added existing modules to _Getting started with RHDH for PE_

assemblies/assembly-configuring-a-proxy.adoc

@@ -1,4 +1,5 @@
 :_mod-docs-content-type: ASSEMBLY
+:previouscontext: {context}
 :context: running-behind-a-proxy
 [id="{context}"]
 = Running {product} behind a corporate proxy
@@ -21,3 +22,4 @@ include::modules/configuring-a-proxy/proc-configuring-proxy-in-operator-deployme
 
 include::modules/configuring-a-proxy/proc-configuring-proxy-in-helm-deployment.adoc[leveloffset=+1]
 
+:context: {previouscontext}

assemblies/assembly-configuring-external-postgresql-databases.adoc

@@ -1,4 +1,5 @@
 :_mod-docs-content-type: ASSEMBLY
+:previouscontext: {context}
 :context: configuring-external-postgresql-databases
 [id="{context}"]
 = Configuring external PostgreSQL databases
@@ -21,3 +22,4 @@ include::modules/configuring-external-databases/proc-configuring-postgresql-inst
 
 include::modules/configuring-external-databases/proc-migrating-databases-to-an-external-server.adoc[leveloffset=+1]
 
+:context: {previouscontext}

assemblies/assembly-configuring-high-availability.adoc

@@ -1,4 +1,5 @@
 :_mod-docs-content-type: ASSEMBLY
+:previouscontext: {context}
 :context: HighAvailability
 [id="{context}"]
 = Configuring high availability in {product}
@@ -9,7 +10,7 @@ High availability (HA) is a system design approach that ensures a service remain
 {product} supports HA deployments on the following platforms:
 
 * {ocp-brand-name}
-* {aks-name} 
+* {aks-name}
 * {eks-name}
 
 The HA deployments enable more resilient and reliable service availability across supported environments.
@@ -25,4 +26,7 @@ As an administrator, you can configure high availability by adjusting replica va
 
 include::modules/configuring-high-availability/proc-configuring-high-availability-in-rhdh-operator-deployment.adoc[leveloffset=+1]
 
-include::modules/configuring-high-availability/proc-configuring-high-availability-in-rhdh-helm-chart-deployment.adoc[leveloffset=+1]
+include::modules/configuring-high-availability/proc-configuring-high-availability-in-rhdh-helm-chart-deployment.adoc[leveloffset=+1]
+
+:context: {previouscontext}
+!:previouscontext:

assemblies/assembly-configuring-readonlyrootfilesystem.adoc

@@ -1,4 +1,5 @@
 :_mod-docs-content-type: ASSEMBLY
+:previouscontext: {context}
 :context: readonlyrootfilesystem
 [id="{context}"]
 = Configuring readOnlyRootFilesystem in {product}
@@ -10,4 +11,6 @@ The {product} deployment consists of two containers: an `initContainer` that ins
 
 include::modules/configuring-readonlyrootfilesystem/proc-configuring-readonlyrootfilesystem-option-in-rhdh-operator-deployment.adoc[leveloffset=+1]
 
-include::modules/configuring-readonlyrootfilesystem/proc-configuring-readonlyrootfilesystem-option-in-rhdh-helm-chart-deployment.adoc[leveloffset=+1]
+include::modules/configuring-readonlyrootfilesystem/proc-configuring-readonlyrootfilesystem-option-in-rhdh-helm-chart-deployment.adoc[leveloffset=+1]
+
+:context: {previouscontext}

assemblies/assembly-provisioning-a-custom-configuration.adoc

@@ -1,4 +1,5 @@
 :_mod-docs-content-type: ASSEMBLY
+:previouscontext: {context}
 :context: provisioning-and-using-your-custom-configuration
 [id="{context}"]
 = Provisioning and using your custom {product} configuration
@@ -26,3 +27,4 @@ include::modules/configuring/proc-mounting-additional-files-in-your-custom-confi
 
 include::modules/configuring/proc-using-the-helm-chart-to-run-rhdh-with-your-custom-configuration.adoc[leveloffset=+1]
 
+:context: {previouscontext}

modules/installation/proc-configuring-an-rhdh-instance-with-tls-in-kubernetes.adoc → modules/configuring/proc-configuring-an-rhdh-instance-with-tls-in-kubernetes.adoc

@@ -1,4 +1,4 @@
-[id="proc-configuring-an-rhdh-instance-with-tls-in-kubernetes_{context}"]
+[id="configuring-an-rhdh-instance-with-tls-in-kubernetes"]
 = Configuring an {product-very-short} instance with a TLS connection in Kubernetes
 
 You can configure a {product-very-short} instance with a Transport Layer Security (TLS) connection in a Kubernetes cluster, such as an Azure Red Hat OpenShift (ARO) cluster, any cluster from a supported cloud provider, or your own cluster with proper configuration. Transport Layer Security (TLS) ensures a secure connection for the {product-very-short} instance with other entities, such as third-party applications, or external databases. However, you must use a public Certificate Authority (CA)-signed certificate to configure your Kubernetes cluster.

modules/configuring/proc-preparing-your-external-services.adoc

@@ -0,0 +1,105 @@
+[id="preparing-your-external-services"]
+= Preparing your external services
+
+{product} relies on external services:
+
+PostgreSQL database::
+{product-short} stores data in a PostgreSQL database.
+For resiliency, use an external database and include it in your disaster recovery plan.
+
+Redis cache::
+For efficiency, {product-short} caches plugin and Techdocs assets when your provide a Redis cache server.
+
+GitHub API access::
+Provide credentials to a GitHub app to enable access to the GitHub API for repository discovery.
+
+Connection to your identity provider::
+Provide credentials to your identity provider to enable user provisioning and authentication.
+
+.Procedure
+. Get your Redis cache server connection string, such as `rediss://user:[email protected]:6379`.
+For security, consider using a `rediss` secure server connection.
+
+. To allow {product-short} to access the GitHub API for repository, create a GitHub App.
+Opt for a GitHub App instead of an OAuth app to use fine-grained permissions, gain more control over which repositories the application can access, and use short-lived tokens.
+
+.. link:https://docs.github.com/en/apps/creating-github-apps/registering-a-github-app/registering-a-github-app[Register a GitHub App] with the following configuration:
+
+GitHub App name::
+Enter a unique name identifying your GitHub App, such as `integrating-with-rhdh-__<GUID>__`.
+
+Homepage URL::
+Enter your {product-short} URL: `pass:c,a,q[{my-product-url}]`.
+
+Authorization callback URL::
+Enter your {product-short} authentication backend URL: `pass:c,a,q[{my-product-url}/api/auth/github/handler/frame]`.
+
+Webhook::
+Clear "Active", as this is not needed for authentication and catalog providers.
+
+App permissions::
+Select permissions to define the level of access for the app.
+Adapt permissions to your needs:
+
+Reading software components:::
+
+Contents::::
+`Read-only`
+
+Commit statuses::::
+`Read-only`
+
+Reading organization data:::
+
+Members::::
+`Read-only`
+
+Publishing software templates:::
+Set permissions if you intend to use the same GitHub App for software templates.
+
+Administration::::
+`Read & write` (for creating repositories)
+
+Contents::::
+`Read & write`
+
+Metadata::::
+`Read-only`
+
+Pull requests::::
+`Read & write`
+
+Issues::::
+`Read & write`
+
+Workflows::::
+`Read & write` (if templates include GitHub workflows)
+
+Variables::::
+`Read & write` (if templates include GitHub Action Repository Variables)
+
+Secrets::::
+`Read & write` (if templates include GitHub Action Repository Secrets)
+
+Environments::::
+`Read & write` (if templates include GitHub Environments)
+
+Organization permissions::
+Members:::
+`Read-only`
+
+Where can this GitHub App be installed?::
+Select `Only on this account`.
+
+.. In the *General* -> *Clients secrets* section, click *Generate a new client secret*.
+
+.. In the *General* -> *Private keys* section, click *Generate a private key*.
+
+.. In the *Install App* tab, choose an account to install your GitHub App on.
+
+.. Save the following values for the next step:
+
+* **App ID**
+* **Client ID**
+* **Client secret**
+* **Private key**

modules/configuring/proc-provisioning-your-custom-configuration.adoc

@@ -12,50 +12,41 @@ Your changes on this configuration might get reverted on {product-short} restart
 .Prerequisites
 * By using the link:https://docs.redhat.com/en/documentation/openshift_container_platform/{ocp-version}/html-single/cli_tools/index#cli-about-cli_cli-developer-commands[{openshift-cli}], you have access, with developer permissions, to the {ocp-short} cluster aimed at containing your {product-short} instance.
 
+include::snip-provisioning-your-custom-configuration-prerequisites-in-{context}-context.adoc[]
+
 .Procedure
-. Author your custom `_<my_product_secrets>_.txt` file to provision your secrets as environment variables values in an {ocp-short} secret, rather than in clear text in your configuration files.
-It contains one secret per line in `KEY=value` form.
+. For security, store your secrets as environment variables values in an {ocp-short} secret,
+rather than in clear text in your configuration files.
+Collect all your secrets in the `secrets.txt` file, with one secret per line in `KEY=value` form.
 +
-* link:{authentication-book-url}[Enter your authentication secrets].
+--
+include::snip-provisioning-your-custom-configuration-secrets-step-in-{context}-context.adoc[]
+--
 
 . Author your custom `{my-app-config-file}` file.
 This is the main {product-short} configuration file.
 You need a custom `{my-app-config-file}` file to avoid the {product-short} installer to revert user edits during upgrades.
 When your custom `{my-app-config-file}` file is empty, {product-short} is using default values.
++
+--
+include::snip-provisioning-your-custom-configuration-appconfig-step-in-{context}-context.adoc[]
+--
 
-** To prepare a deployment with the {product} Operator on {ocp-short}, you can start with an empty file.
-
-** To prepare a deployment with the {product} Helm chart, or on Kubernetes, enter the {product-short} base URL in the relevant fields in your `{my-app-config-file}` file to ensure proper functionality of {product-short}.
-The base URL is what a {product-short} user sees in their browser when accessing {product-short}.
-The relevant fields are `baseUrl` in the `app` and `backend` sections, and `origin` in the `backend.cors` subsection:
+. Author your custom `dynamic-plugins.yaml` file to enable plugins.
+Plugins that require configuration are disabled by default.
+Enable the GitHub repository discovery and the Role bases access control (RBAC) features:
 +
-.Configuring the `baseUrl` in `{my-app-config-file}`
-====
-[source,yaml,subs="+attributes,+quotes"]
+.`dynamic.plugins.yaml`
+[source,yaml]
 ----
-app:
-  title: {product}
-  baseUrl: {my-product-url}
-
-backend:
-  auth:
-    externalAccess:
-      - type: legacy
-        options:
-          subject: legacy-default-config
-          secret: "${BACKEND_SECRET}"
-  baseUrl: {my-product-url}
-  cors:
-    origin: {my-product-url}
+includes:
+  - dynamic-plugins.default.yaml
+plugins:
+  - package: ./dynamic-plugins/dist/backstage-plugin-catalog-backend-module-github
+    disabled: false
+  - package: ./dynamic-plugins/dist/backstage-community-plugin-rbac
+    disabled: false
 ----
-====
-
-** Optionally, enter your configuration such as:
-
-*** link:{authentication-book-url}[{authentication-book-title}].
-*** link:{authorization-book-url}[{authorization-book-title}].
-*** link:{customizing-book-url}[Customization].
-*** xref:proc-configuring-an-rhdh-instance-with-tls-in-kubernetes_running-behind-a-proxy[Configure your {ocp-short} integration].
 
 . Provision your custom configuration files to your {ocp-short} cluster.
 
@@ -68,36 +59,25 @@ $ oc create namespace {my-product-namespace}
 +
 Alternatively, link:https://docs.redhat.com/en/documentation/openshift_container_platform/{ocp-version}/html-single/building_applications/index#creating-a-project-using-the-web-console_projects[create the project by using the web console].
 
-.. Provision your `{my-app-config-file}` file to the `{my-app-config-config-map}` config map in the _<{my-product-namespace}>_ project.
+.. Provision your `{my-app-config-file}` and `dynamic-plugins.yaml` files respectively to the `{my-app-config-config-map}` and `dynamic-plugins-rhdh` config maps in the _<{my-product-namespace}>_ project.
 +
 [source,terminal,subs="+attributes,+quotes"]
 ----
 $ oc create configmap {my-app-config-config-map} --from-file={my-app-config-file} --namespace={my-product-namespace}
+$ oc create configmap dynamic-plugins-rhdh --from-file=dynamic-plugins.yaml --namespace={my-product-namespace}
 ----
 +
-Alternatively, link:https://docs.redhat.com/en/documentation/openshift_container_platform/{ocp-version}/html-single/nodes/index#nnodes-pods-configmap-create-from-console_configmaps[create the config map by using the web console].
+Alternatively,
+link:https://docs.redhat.com/en/documentation/openshift_container_platform/{ocp-version}/html-single/nodes/index#nnodes-pods-configmap-create-from-console_configmaps[create the config maps by using the web console].
 
-.. Provision your `_<my_product_secrets>_.txt` file to the `_<my_product_secrets>_` secret in the _<{my-product-namespace}>_ project.
+.. Provision your `secrets.txt` file to the `{my-product-secrets}` secret in the _<{my-product-namespace}>_ project.
 +
 [source,terminal,subs="+attributes,+quotes"]
 ----
-$ oc create secret generic `_<my_product_secrets>_` --from-file=`_<my_product_secrets>_.txt` --namespace={my-product-namespace}
+$ oc create secret generic {my-product-secrets} --from-file=secrets.txt --namespace={my-product-namespace}
 ----
 +
 Alternatively,
 link:https://docs.redhat.com/en/documentation/openshift_container_platform/{ocp-version}/html-single/nodes/index#nodes-pods-secrets-creating-web-console-secrets_nodes-pods-secrets[create the secret by using the web console].
 
-[NOTE]
-====
-`_<my_product_secrets>_` is your preferred {product-short} secret name, specifying the identifier for your secret configuration within {product-short}.
-====
-
-.Next steps
-Consider provisioning additional config maps and secrets:
-
-* To use an external PostgreSQL database, xref:configuring-external-postgresql-databases[provision your PostgreSQL database secrets].
-
-
-* To enable dynamic plugins, link:{installing-and-viewing-plugins-book-url}[provision your dynamic plugins config map].
-
-* To configure authorization by using external files, link:{authorization-book-url}#managing-authorizations-by-using-external-files[provision your RBAC policies config map].
+include::snip-provisioning-your-custom-configuration-next-steps-in-{context}-context.adoc[]

modules/configuring/proc-using-the-operator-to-run-rhdh-with-your-custom-configuration-in-getting-started-context.adoc

@@ -0,0 +1,71 @@
+[id="using-the-operator-to-run-rhdh-with-your-custom-configuration"]
+= Using the {product} Operator to run {product-short} with your custom configuration
+
+To use the {product-short} Operator to run {product} with your custom configuration, create your {product-custom-resource-type} custom resource (CR) that:
+
+* Mounts files provisioned in your custom config maps.
+* Injects environment variables provisioned in your custom secrets.
+
+.Prerequisites
+* By using the link:https://docs.redhat.com/en/documentation/openshift_container_platform/{ocp-version}/html-single/cli_tools/index#cli-about-cli_cli-developer-commands[{openshift-cli}], you have access, with developer permissions, to the {ocp-short} cluster aimed at containing your {product-short} instance.
+* xref:proc-install-operator_getting-started-with-rhdh-on-ocp-for-the-platform-engineer[]
+* xref:provisioning-your-custom-configuration[]
+
+.Procedure
+
+. Author your {product-custom-resource-type} CR in a `{my-product-cr-name}.yaml` file to use your custom config maps and secrets.
++
+.`{my-product-cr-name}.yaml` custom resource example with dynamic plugins and RBAC policies config maps, and external PostgreSQL database secrets.
+[source,yaml,subs="+attributes,+quotes"]
+----
+apiVersion: rhdh.redhat.com/v1alpha3
+kind: Backstage
+metadata:
+  name: _<{my-product-cr-name}>_
+spec:
+  application:
+    appConfig:
+      mountPath: /opt/app-root/src
+      configMaps:
+         - name: {my-app-config-config-map}
+         - name: rbac-policies
+    dynamicPluginsConfigMapName: dynamic-plugins-rhdh
+    extraEnvs:
+      envs:
+        - name: HTTP_PROXY
+          value: 'http://10.10.10.105:3128'
+        - name: HTTPS_PROXY
+          value: 'http://10.10.10.106:3128'
+        - name: NO_PROXY
+          value: 'localhost,example.org'
+      secrets:
+         - name: {my-product-secrets}
+    extraFiles:
+      mountPath: /opt/app-root/src
+      secrets:
+        - name: {my-product-database-certificates-secrets}
+          key: postgres-crt.pem, postgres-ca.pem, postgres-key.key
+    replicas: 2
+  database:
+    enableLocalDb: false
+----
+
+`application`::
+`appConfig`::: Register your `{my-app-config-config-map}` and `rbac-policies` config maps.
+`dynamicPluginsConfigMapName`::: Register your `dynamic-plugins-rhdh` config map.
+`extraEnvs`:::
+`env`:::: Enter your proxy environment variables.
+`secrets`:::: Register your `<my_product_secrets>` and `{my-product-database-secrets}` secrets.
+`extraFiles`:::
+`secrets`::::
+Register the `postgres-crt.pem`, `postgres-ca.pem`, and `postgres-key.key` files contained in the `{my-product-database-certificates-secrets}` secret.
+`replicas`::: Enable high availability (HA) by increasing the replicas count to a value higher or equal to 2.
+`database`::
+`enableLocalDb`::: Use your external PostgreSQL database rather than the internal PostgreSQL database.
+
+. Apply your {product-custom-resource-type} CR to start or update your {product-short} instance.
++
+[source,terminal,subs="+attributes,+quotes"]
+----
+$ oc apply --filename={my-product-cr-name}.yaml --namespace={my-product-namespace}
+----