feat!: introduce new standalone RHDH Chart [RHDHPLAN-1058]#438
Draft
Conversation
…ency Helm cannot merge lists, so when users set extraVolumes/extraEnvVars on the current chart, the entire default list is replaced — forcing them to copy-paste all system defaults just to add one item. This is a Day 2 maintenance burden that grows with every release. This new chart at charts/rhdh/ owns all Kubernetes templates directly and uses an "add, don't replace" pattern: system-required volumes, mounts, env vars, and init containers are hardcoded in the Deployment template, while user-provided values are always appended. Users can now add a volume without knowing or duplicating the system defaults. The values layout is flattened to match helm-create conventions (replicaCount, image, service at root level) — no more navigating global.*/upstream.backstage.* nesting to set basic options. Assisted-by: Claude
The new rhdh chart owns all Kubernetes templates directly and no longer depends on the upstream Backstage subchart, so the weekly sync workflow and its helper script are no longer needed. Assisted-by: Claude
rm3l
changed the title
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
…ove-helm-chart-configuration-experience-via-standalone-rhdh-helm-chart-without-backstage-subchart-dependency # Conflicts: # .github/workflows/sync-upstream-backstage.yaml
Assisted-by: Claude
Port test scenarios from charts/backstage/ci/ with key paths adjusted for the flat values layout. The custom-dynamic-pvc-claim-spec scenario is dropped because the new chart hardcodes the dynamic-plugins-root volume (user volumes are appended, not replaced). Assisted-by: Claude
Add global.imageRegistry, global.imagePullSecrets, and global.defaultStorageClass so they flow through to both the postgresql subchart and the rhdh chart's own templates. Image helpers now delegate to bitnami common's common.images.image, and imagePullSecrets are merged from both global and root-level sources. Lightspeed container images converted from strings to structured registry/repository/tag maps so global.imageRegistry applies uniformly to all containers. Also pins the test pod image to curl/curl:8.9.1 instead of latest, adds automountServiceAccountToken: false and ephemeral-storage requests to the test pod (SonarCloud findings). Assisted-by: Claude
The previous version (12.10.0) was far behind. The new version requires global.security.allowInsecureImages=true since we use a Fedora-based PostgreSQL image instead of the bitnami one. Assisted-by: Claude
Assisted-by: Claude
…ion-experience-via-standalone-rhdh-helm-chart-without-backstage-subchart-dependency
…ove-helm-chart-configuration-experience-via-standalone-rhdh-helm-chart-without-backstage-subchart-dependency # Conflicts: # .github/workflows/sync-upstream-backstage.yaml
…anch chart-testing's --upgrade flag checks out the target branch and tries to build dependencies for the chart there. For brand-new charts like charts/rhdh/ that do not exist on main yet, this causes helm dependency build to fail. Make --upgrade conditional: when a specific chart is tested, check whether its Chart.yaml exists on the target branch first. If not, skip the upgrade test and only run a fresh install. Also rename the backstageChartChanged output to orchestratorCrdsNeeded and include charts/rhdh so that Knative and SonataFlow CRDs are installed for both charts' orchestrator CI scenarios.
On vanilla K8s (KinD), there is no SCC to assign a common UID to all containers in a pod. Set fsGroup so shared volumes (e.g. RAG data) are group-writable across init containers and sidecars that may run as different UIDs. Also disable the route, which is not available on KinD.
Without a default appConfig, no app-config ConfigMap is created and the RHDH application lacks essential configuration (base URLs, CORS, database connection, backend auth), causing it to fail to start. Add a default appConfig matching the backstage chart, providing: - app.baseUrl and backend.baseUrl from rhdh.hostname - backend.cors.origin - backend.database.connection (postgres user, password from env var) - backend.auth.externalAccess (legacy service-to-service auth)
…ion-experience-via-standalone-rhdh-helm-chart-without-backstage-subchart-dependency
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description of the change
Which issue(s) does this PR fix or relate to
ref RHDHPLAN-1058
How to test changes / Special notes to the reviewer
Checklist
Chart.yamlaccording to Semantic Versioning.values.yamland added to the corresponding README.md. The pre-commit utility can be used to generate the necessary content. Runpre-commit run --all-filesto run the hooks and then push any resulting changes. The pre-commit Workflow will enforce this and warn you if needed.pre-commithook.ct lintcommand.