-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathapp-config.yaml
164 lines (148 loc) · 7.12 KB
/
app-config.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
app:
title: Scaffolded Backstage App
baseUrl: http://localhost:3000
organization:
name: My Company
backend:
# Used for enabling authentication, secret is shared by all backend plugins
# See https://backstage.io/docs/auth/service-to-service-auth for
# information on the format
# auth:
# keys:
# - secret: ${BACKEND_SECRET}
baseUrl: http://localhost:7007
listen:
port: 7007
# Uncomment the following host directive to bind to specific interfaces
# host: 127.0.0.1
csp:
connect-src: ["'self'", 'http:', 'https:']
# Content-Security-Policy directives follow the Helmet format: https://helmetjs.github.io/#reference
# Default Helmet Content-Security-Policy values can be removed by setting the key to false
cors:
origin: http://localhost:3000
methods: [GET, HEAD, PATCH, POST, PUT, DELETE]
credentials: true
# This is for local development only, it is not recommended to use this in production
# The production database configuration is stored in app-config.production.yaml
database:
client: better-sqlite3
connection: ':memory:'
# workingDirectory: /tmp # Use this to configure a working directory for the scaffolder, defaults to the OS temp-dir
integrations:
github:
- host: github.com
# This is a Personal Access Token or PAT from GitHub. You can find out how to generate this token, and more information
# about setting up the GitHub integration here: https://backstage.io/docs/getting-started/configuration#setting-up-a-github-integration
token: ${BACKSTAGE_GITHUB_TOKEN}
### Example for how to add your GitHub Enterprise instance using the API:
# - host: ghe.example.net
# apiBaseUrl: https://ghe.example.net/api/v3
# token: ${GHE_TOKEN}
proxy:
### Example for how to add a proxy endpoint for the frontend.
### A typical reason to do this is to handle HTTPS and CORS for internal services.
# '/test':
# target: 'https://example.com'
# changeOrigin: true
# Reference documentation http://backstage.io/docs/features/techdocs/configuration
# Note: After experimenting with basic setup, use CI/CD to generate docs
# and an external cloud storage when deploying TechDocs for production use-case.
# https://backstage.io/docs/features/techdocs/how-to-guides#how-to-migrate-from-techdocs-basic-to-recommended-deployment-approach
techdocs:
builder: 'local' # Alternatives - 'external'
generator:
runIn: 'docker' # Alternatives - 'local'
publisher:
type: 'local' # Alternatives - 'googleGcs' or 'awsS3'. Read documentation for using alternatives.
auth:
# see https://backstage.io/docs/auth/ to learn about auth providers
providers: {}
scaffolder:
# see https://backstage.io/docs/features/software-templates/configuration for software template options
catalog:
import:
entityFilename: catalog-info.yaml
pullRequestBranchName: backstage-integration
rules:
- allow: [Component, System, API, Resource, Location]
locations:
# Local example data, file locations are relative to the backend process, typically `packages/backend`
- type: file
target: ../../examples/entities.yaml
# Local example template
- type: file
target: ../../examples/template/template.yaml
rules:
- allow: [Template]
# Local example organizational data
- type: file
target: ../../examples/org.yaml
rules:
- allow: [User, Group]
# Custom example template
- type: file
target: ../../examples/custom-template/template.yaml
rules:
- allow: [ Template ]
providers:
threeScaleApiEntity:
dev:
baseUrl: https://<foo>-test-admin.3scale.net
accessToken: <xxx>
schedule: # optional; same options as in TaskScheduleDefinition
# supports cron, ISO duration, "human duration" as used in code
frequency: { minutes: 1 }
# supports ISO duration, "human duration" as used in code
timeout: { minutes: 1 }
## Uncomment these lines to add more example data
# - type: url
# target: https://github.com/backstage/backstage/blob/master/packages/catalog-model/examples/all.yaml
## Uncomment these lines to add an example org
# - type: url
# target: https://github.com/backstage/backstage/blob/master/packages/catalog-model/examples/acme-corp.yaml
# rules:
# - allow: [User, Group]
kubernetes:
serviceLocatorMethod:
type: 'multiTenant'
clusterLocatorMethods:
- type: 'config'
clusters:
- url: https://192.168.2.151:16443 # kubectl cluster-info
name: lenovo
authProvider: 'serviceAccount'
skipTLSVerify: true
skipMetricsLookup: true
# NOTE: token work
# 1. create a new service account in the kube-system namespace
# kubectl -n kube-system create serviceaccount backstage-admin
# 2. create a clusterrolebinding
# kubectl create clusterrolebinding backstage-admin --clusterrole=cluster-admin --serviceaccount=kube-system:backstage-admin
# 3. create a secret for the service account
# kubectl apply -f - <<EOF
#apiVersion: v1
#kind: Secret
#metadata:
# name: backstage-admin
# namespace: kube-system
# annotations:
# kubernetes.io/service-account.name: backstage-admin
#type: kubernetes.io/service-account-token
#EOF
# 4. get the token
# export TOKEN=$(kubectl -n kube-system get secret backstage-admin -o jsonpath='{.data.token}' | base64 --decode)
# 5. run a sanity check
# curl -k -H "Authorization: Bearer $TOKEN" -X GET "https://192.168.2.151:16443/api/v1/nodes" | json_pp
serviceAccountToken: "eyJhbGciOiJSUzI1NiIsImtpZCI6Ijd4dnI3bW02SC0wZFRHRklGSUJ3NnNmNHRkN3Y2b1BvYjRQX3NDSWZPeHcifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJiYWNrc3RhZ2UtYWRtaW4iLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiYmFja3N0YWdlLWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiMzBjYTEyMmEtMDg3MS00OGNhLThhNWQtNDQyODY5MjEwZDkyIiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmUtc3lzdGVtOmJhY2tzdGFnZS1hZG1pbiJ9.BpopSV91NX4ggDZU6r03-roqifP3ZLBUVIM-O7eJyI_hnqQwnbf6N5tTlHeDXTIkc6N9UqZrfc3e1z12zyK-5IGdcyfkY0lk3bKWIF9fm2X6092D6XCLIWE7f2TnuygPhLaqiTwv9RA_y6ZLDiVOUQWyPSlbRXyx7y4RqkuUy5YeGXcrDjD1CtM4PYOk-Xa6RbC_62tWy9VkDux65VleHBmaEYojANpM8IYT2aa42rT3xDMNEES6l6QXOzAacaY1xtINl8RpBxt-lHZKC_BXNNLxRvSJuMNwir9AapMVz_fRo2jIPaHDloYvv51ZC3zd9-5DwikXm7z9cWnjt-VgiQ"
dashboardUrl: http://127.0.0.1:64713 # url copied from running the command: minikube service kubernetes-dashboard -n kubernetes-dashboard
dashboardApp: standard
# caData: '' # we're skipping TLS verification, so no need for a CA
# caFile: '' # local path to CA file
customResources:
- group: 'tekton.dev'
apiVersion: 'v1beta1'
plural: 'pipelineruns'
- group: 'tekton.dev'
apiVersion: 'v1beta1'
plural: 'taskruns'