From 7944abc729aaf6b11a5175fd5a1eaf43b8418153 Mon Sep 17 00:00:00 2001 From: GitHub Actions Date: Fri, 15 May 2026 15:24:26 +0200 Subject: [PATCH 01/11] Add section how to disable SonataFlow references for Orchestrator plugins --- ...chestrator-by-using-the-rhdh-operator.adoc | 2 + ...to-existing-postgresql-infrastructure.adoc | 247 ++++++++++++++++++ 2 files changed, 249 insertions(+) create mode 100644 modules/extend_orchestrator-in-rhdh/proc-configure-orchestrator-to-connect-to-existing-postgresql-infrastructure.adoc diff --git a/assemblies/extend_orchestrator-in-rhdh/assembly-install-rhdh-with-orchestrator-by-using-the-rhdh-operator.adoc b/assemblies/extend_orchestrator-in-rhdh/assembly-install-rhdh-with-orchestrator-by-using-the-rhdh-operator.adoc index 16a70083c41..526b0d70a27 100644 --- a/assemblies/extend_orchestrator-in-rhdh/assembly-install-rhdh-with-orchestrator-by-using-the-rhdh-operator.adoc +++ b/assemblies/extend_orchestrator-in-rhdh/assembly-install-rhdh-with-orchestrator-by-using-the-rhdh-operator.adoc @@ -11,6 +11,8 @@ You can install {product} with Orchestrator by using the {product} Operator. include::../modules/extend_orchestrator-in-rhdh/proc-enable-the-orchestrator-plugins-using-the-operator.adoc[leveloffset=+1] +include::../modules/extend_orchestrator-in-rhdh/proc-configure-orchestrator-to-connect-to-existing-postgresql-infrastructure.adoc[leveloffset=+1] + include::../modules/extend_orchestrator-in-rhdh/proc-upgrade-the-openshift-serverless-logic-operator-for-rhdh-1-9.adoc[leveloffset=+1] include::../modules/extend_orchestrator-in-rhdh/proc-upgrade-the-orchestrator-plugins-for-1-9-operator-backed-instances.adoc[leveloffset=+1] diff --git a/modules/extend_orchestrator-in-rhdh/proc-configure-orchestrator-to-connect-to-existing-postgresql-infrastructure.adoc b/modules/extend_orchestrator-in-rhdh/proc-configure-orchestrator-to-connect-to-existing-postgresql-infrastructure.adoc new file mode 100644 index 00000000000..be66090c64f --- /dev/null +++ b/modules/extend_orchestrator-in-rhdh/proc-configure-orchestrator-to-connect-to-existing-postgresql-infrastructure.adoc @@ -0,0 +1,247 @@ +:_mod-docs-content-type: PROCEDURE + +[id="configure-orchestrator-to-connect-to-existing-postgresql-infrastructure_{context}"] += Configure Orchestrator to connect to existing PostgreSQL infrastructure + +[role="_abstract"] +Connect the Orchestrator plugins to your existing PostgreSQL database infrastructure to leverage centralized database management and meet compliance requirements. This configuration bypasses the default operator-managed database and integrates with external PostgreSQL services. + +By default, when you enable the Orchestrator plugin using the Operator, the `dependencies: - ref: sonataflow` field automatically provisions a `SonataFlowPlatform` CR and creates the required PostgreSQL database resources. The Operator uses specific naming patterns for these resources (such as `backstage-psql-{{backstage-name}}` for the Service and `backstage-psql-secret-{{backstage-name}}` for the Secret). + +However, when you use an external PostgreSQL database that the Operator does not manage, these default resources and naming patterns do not exist. You must explicitly configure the `SonataFlowPlatform` CR to reference your external database resources and remove the automatic dependency provisioning. + +.Prerequisites +* You have installed {product-very-short} on {ocp-short}. +* You have an external PostgreSQL database available and accessible from your {ocp-short} cluster. +* You have created a Kubernetes Service object in your namespace that points to the external PostgreSQL database. The cluster must resolve this Service from within. ++ +[NOTE] +==== +If your external database is outside the cluster, you can create a Service with an `ExternalName` type or an `Endpoints` object that maps to the external database IP address. +==== +* You have created a Kubernetes Secret containing the following database credentials: +** `POSTGRES_HOST`: The hostname or IP address of the external PostgreSQL server +** `POSTGRES_PORT`: The port number of the PostgreSQL service +** `POSTGRES_USER`: The database user name +** `POSTGRES_PASSWORD`: The database user password +* You have access to create Jobs, Secrets, ConfigMaps, and custom resources in the namespace where you deploy the {product-custom-resource-type} CR. + +.Procedure + +. Create the required Kubernetes resources for your external database connection. You can create the Service and `Secret` in parallel: ++ +.. Create a Kubernetes Service that points to your external PostgreSQL database: ++ +[source,yaml,subs="+attributes,+quotes"] +---- +apiVersion: v1 +kind: Service +metadata: + name: external-postgresql-service # Use this name in subsequent steps where is referenced +spec: + type: ExternalName # Creates a CNAME record to the external database hostname + externalName: ____ # FQDN of your external PostgreSQL server, for example, postgres.example.com + ports: + - port: 5432 + targetPort: 5432 + protocol: TCP +---- ++ +[NOTE] +==== +If your external database uses an IP address instead of a hostname, create a Service with Endpoints: + +[source,yaml,subs="+attributes,+quotes"] +---- +apiVersion: v1 +kind: Service +metadata: + name: external-postgresql-service +spec: + ports: + - port: 5432 + targetPort: 5432 + protocol: TCP +--- +apiVersion: v1 +kind: Endpoints +metadata: + name: external-postgresql-service +subsets: + - addresses: + - ip: ____ # IP address of your external PostgreSQL server + ports: + - port: 5432 + protocol: TCP +---- +==== + +.. Create a Kubernetes Secret containing your external database credentials: ++ +[source,yaml,subs="+attributes,+quotes"] +---- +apiVersion: v1 +kind: Secret +metadata: + name: external-db-credentials # Use this name in subsequent steps where is referenced +type: Opaque +stringData: + POSTGRES_HOST: "____" # Hostname or IP address (must match the Service configuration) + POSTGRES_PORT: "____" # Port number, typically 5432 + POSTGRES_USER: "____" # Database user with permissions to create databases and tables + POSTGRES_PASSWORD: "____" +---- + +. Create the `backstage_plugin_orchestrator` database on your external PostgreSQL server by applying the following Job: ++ +[source,yaml,subs="+attributes,+quotes"] +---- +apiVersion: batch/v1 +kind: Job +metadata: + name: create-sonataflow-database-developer-hub +spec: + ttlSecondsAfterFinished: 30 + activeDeadlineSeconds: 120 + template: + spec: + containers: + - name: psql + image: quay.io/fedora/postgresql-15:latest + resources: + limits: + cpu: "100m" + memory: "128Mi" + requests: + cpu: "100m" + memory: "64Mi" + securityContext: + readOnlyRootFilesystem: true + allowPrivilegeEscalation: false + runAsNonRoot: true + capabilities: + drop: + - ALL + envFrom: + - secretRef: + name: ____ # Name of the Secret created in step 1 + command: [ "sh", "-c" ] + args: + - | + set -e + # Check if the backstage_plugin_orchestrator database exists + DB_EXISTS=$(PGPASSWORD=${POSTGRES_PASSWORD} psql -h ${POSTGRES_HOST} -p ${POSTGRES_PORT} -U ${POSTGRES_USER} -tAc "SELECT 1 FROM pg_database WHERE datname='backstage_plugin_orchestrator'" postgres) + if [ -z "$DB_EXISTS" ]; then + # Create the database if it does not exist + PGPASSWORD=${POSTGRES_PASSWORD} psql -h ${POSTGRES_HOST} -p ${POSTGRES_PORT} -U ${POSTGRES_USER} -c "CREATE DATABASE backstage_plugin_orchestrator;" postgres + fi + restartPolicy: Never +---- + +. Create a `SonataFlowPlatform` CR that references your external PostgreSQL service: ++ +[source,yaml,subs="+attributes,+quotes"] +---- +apiVersion: sonataflow.org/v1alpha08 +kind: SonataFlowPlatform +metadata: + name: sonataflow-platform +spec: + monitoring: + enabled: true + services: + dataIndex: + enabled: true + persistence: + postgresql: + secretRef: + name: ____ # Secret created in step 1 + userKey: POSTGRES_USER + passwordKey: POSTGRES_PASSWORD + serviceRef: + name: ____ # Service created in step 1 + namespace: __<{product-very-short}-NAMESPACE>__ # Namespace where you deploy the {product-custom-resource-type} CR + databaseName: backstage_plugin_orchestrator + jobService: + enabled: true + persistence: + postgresql: + secretRef: + name: ____ # Secret created in step 1 + userKey: POSTGRES_USER + passwordKey: POSTGRES_PASSWORD + serviceRef: + name: ____ # Service created in step 1 + namespace: __<{product-very-short}-NAMESPACE>__ # Namespace where you deploy the {product-custom-resource-type} CR + databaseName: backstage_plugin_orchestrator +---- ++ +[IMPORTANT] +==== +Unlike the default configuration that uses the `dependencies: - ref: sonataflow` field to automatically provision database resources with specific naming patterns, this configuration explicitly references your external database Service and Secret. The `SonataFlowPlatform` CR will use these resources to connect to your external database instead of creating new database resources. +==== + +. Configure the Orchestrator plugins in your dynamic plugins ConfigMap to remove the default `sonataflow` dependency and explicitly reference the SonataFlowPlatform services: ++ +[source,yaml,subs="+attributes,+quotes"] +---- +apiVersion: v1 +kind: ConfigMap +metadata: + name: orchestrator-plugin +data: + dynamic-plugins.yaml: | + includes: + - dynamic-plugins.default.yaml + plugins: + # Orchestrator plugins + - package: "oci://registry.access.redhat.com/rhdh/red-hat-developer-hub-backstage-plugin-orchestrator:{{inherit}}" + disabled: false + - package: "oci://registry.access.redhat.com/rhdh/red-hat-developer-hub-backstage-plugin-orchestrator-backend:{{inherit}}" + disabled: false + pluginConfig: + orchestrator: + dataIndexService: + url: http://____ # Typically sonataflow-platform-data-index-service + dependencies: [{}] # Empty array removes default 'ref: sonataflow' to prevent automatic database provisioning + - package: "oci://registry.access.redhat.com/rhdh/red-hat-developer-hub-backstage-plugin-scaffolder-backend-module-orchestrator:{{inherit}}" + disabled: false + pluginConfig: + orchestrator: + dataIndexService: + url: http://____ # Typically sonataflow-platform-data-index-service + dependencies: [{}] # Empty array removes default 'ref: sonataflow' to prevent automatic database provisioning + - package: "oci://registry.access.redhat.com/rhdh/red-hat-developer-hub-backstage-plugin-orchestrator-form-widgets:{{inherit}}" + disabled: false +---- + +. Update your {product-custom-resource-type} CR to reference the orchestrator plugin ConfigMap and inject the database credentials Secret: ++ +[source,yaml,subs="+attributes,+quotes"] +---- +apiVersion: rhdh.redhat.com/v1alpha5 +kind: {product-custom-resource-type} +metadata: + name: orchestrator +spec: + application: + appConfig: + configMaps: + - name: app-config-rhdh + dynamicPluginsConfigMapName: orchestrator-plugin + extraEnvs: + secrets: + - name: ____ # Secret created in step 1 +---- + +.Verification + +. Verify that the `SonataFlowPlatform` CR is running: ++ +[source,terminal] +---- +$ oc get sonataflowplatform sonataflow-platform -o jsonpath='{.status.conditions[?(@.type=="Ready")].status}' +True +---- + +. In the {product-very-short} console, confirm that the Orchestrator frontend and backend features are available and can connect to your external database. From 168657201657cde0c2564573878e30d4cd61a068 Mon Sep 17 00:00:00 2001 From: GitHub Actions Date: Mon, 18 May 2026 12:00:07 +0200 Subject: [PATCH 02/11] Apply peer suggestions and fix gaps --- ...tgresql-instance-using-the-helm-chart.adoc | 56 +++++++++++ ...ostgresql-instance-using-the-operator.adoc | 56 +++++++++++ ...to-existing-postgresql-infrastructure.adoc | 97 +++---------------- 3 files changed, 123 insertions(+), 86 deletions(-) diff --git a/modules/configure_configuring-rhdh/proc-configure-an-external-postgresql-instance-using-the-helm-chart.adoc b/modules/configure_configuring-rhdh/proc-configure-an-external-postgresql-instance-using-the-helm-chart.adoc index b27acae4d8a..10896ac03dd 100644 --- a/modules/configure_configuring-rhdh/proc-configure-an-external-postgresql-instance-using-the-helm-chart.adoc +++ b/modules/configure_configuring-rhdh/proc-configure-an-external-postgresql-instance-using-the-helm-chart.adoc @@ -87,6 +87,62 @@ Where: ``:: Optional: For TLS connections, the required SSL mode. ``:: Optional: For TLS connections, the absolute path to the Privacy-Enhanced Mail (PEM) file, for example `/opt/app-root/src/postgres-crt.pem`. +. Create a Kubernetes Service that points to your external PostgreSQL database: ++ +[source,yaml,subs="+attributes,+quotes"] +---- +apiVersion: v1 +kind: Service +metadata: + name: external-postgresql-service +spec: + type: ExternalName + externalName: ____ + ports: + - port: 5432 + targetPort: 5432 + protocol: TCP +---- ++ +Where: + +`external-postgresql-service`:: Name of the Service to reference in plugin configurations. +`ExternalName`:: Service type that creates a CNAME record to the external database hostname. +`____`:: FQDN of your external PostgreSQL server, for example, `postgres.example.com`. ++ +[NOTE] +==== +If your external database is outside the cluster or uses an IP address instead of a hostname, create a Service with Endpoints: + +[source,yaml,subs="+attributes,+quotes"] +---- +apiVersion: v1 +kind: Service +metadata: + name: external-postgresql-service +spec: + ports: + - port: 5432 + targetPort: 5432 + protocol: TCP +--- +apiVersion: v1 +kind: Endpoints +metadata: + name: external-postgresql-service +subsets: + - addresses: + - ip: ____ + ports: + - port: 5432 + protocol: TCP +---- + +Where: + +`____`:: IP address of your external PostgreSQL server. +==== + . Configure your PostgreSQL instance in the Helm configuration file named `values.yaml`: + [source,yaml,subs="+quotes,+attributes"] diff --git a/modules/configure_configuring-rhdh/proc-configure-an-external-postgresql-instance-using-the-operator.adoc b/modules/configure_configuring-rhdh/proc-configure-an-external-postgresql-instance-using-the-operator.adoc index 99076753d58..c00c0b51665 100644 --- a/modules/configure_configuring-rhdh/proc-configure-an-external-postgresql-instance-using-the-operator.adoc +++ b/modules/configure_configuring-rhdh/proc-configure-an-external-postgresql-instance-using-the-operator.adoc @@ -87,6 +87,62 @@ Where: ``:: Optional: For TLS connections, the required SSL mode. ``:: Optional: For TLS connections, the absolute path to the Privacy-Enhanced Mail (PEM) file, for example `/opt/app-root/src/postgres-crt.pem`. +. Create a Kubernetes Service that points to your external PostgreSQL database: ++ +[source,yaml,subs="+attributes,+quotes"] +---- +apiVersion: v1 +kind: Service +metadata: + name: external-postgresql-service +spec: + type: ExternalName + externalName: ____ + ports: + - port: 5432 + targetPort: 5432 + protocol: TCP +---- ++ +Where: + +`external-postgresql-service`:: Name of the Service to reference in plugin configurations. +`ExternalName`:: Service type that creates a CNAME record to the external database hostname. +`____`:: FQDN of your external PostgreSQL server, for example, `postgres.example.com`. ++ +[NOTE] +==== +If your external database is outside the cluster or uses an IP address instead of a hostname, create a Service with Endpoints: + +[source,yaml,subs="+attributes,+quotes"] +---- +apiVersion: v1 +kind: Service +metadata: + name: external-postgresql-service +spec: + ports: + - port: 5432 + targetPort: 5432 + protocol: TCP +--- +apiVersion: v1 +kind: Endpoints +metadata: + name: external-postgresql-service +subsets: + - addresses: + - ip: ____ + ports: + - port: 5432 + protocol: TCP +---- + +Where: + +`____`:: IP address of your external PostgreSQL server. +==== + . Optional: Ensure your external PostgreSQL instance is configured with recommended performance tuning parameters. + Set `shared_buffers` to approximately 1/4 and `effective_cache_size` to approximately 1/2 of the allocated database memory. diff --git a/modules/extend_orchestrator-in-rhdh/proc-configure-orchestrator-to-connect-to-existing-postgresql-infrastructure.adoc b/modules/extend_orchestrator-in-rhdh/proc-configure-orchestrator-to-connect-to-existing-postgresql-infrastructure.adoc index be66090c64f..ae945d63b0b 100644 --- a/modules/extend_orchestrator-in-rhdh/proc-configure-orchestrator-to-connect-to-existing-postgresql-infrastructure.adoc +++ b/modules/extend_orchestrator-in-rhdh/proc-configure-orchestrator-to-connect-to-existing-postgresql-infrastructure.adoc @@ -4,94 +4,19 @@ = Configure Orchestrator to connect to existing PostgreSQL infrastructure [role="_abstract"] -Connect the Orchestrator plugins to your existing PostgreSQL database infrastructure to leverage centralized database management and meet compliance requirements. This configuration bypasses the default operator-managed database and integrates with external PostgreSQL services. +Connect the Orchestrator plugins to your existing PostgreSQL database to leverage centralized database management and meet compliance requirements. -By default, when you enable the Orchestrator plugin using the Operator, the `dependencies: - ref: sonataflow` field automatically provisions a `SonataFlowPlatform` CR and creates the required PostgreSQL database resources. The Operator uses specific naming patterns for these resources (such as `backstage-psql-{{backstage-name}}` for the Service and `backstage-psql-secret-{{backstage-name}}` for the Secret). +By default, when you enable the Orchestrator plugin using the Operator, the `dependencies: - ref: sonataflow` field automatically provisions a `SonataFlowPlatform` custom resource (CR) and creates the required PostgreSQL database resources. The Operator uses specific naming patterns for these resources (such as `backstage-psql-{{backstage-name}}` for the Service and `backstage-psql-secret-{{backstage-name}}` for the Secret). However, when you use an external PostgreSQL database that the Operator does not manage, these default resources and naming patterns do not exist. You must explicitly configure the `SonataFlowPlatform` CR to reference your external database resources and remove the automatic dependency provisioning. .Prerequisites * You have installed {product-very-short} on {ocp-short}. -* You have an external PostgreSQL database available and accessible from your {ocp-short} cluster. -* You have created a Kubernetes Service object in your namespace that points to the external PostgreSQL database. The cluster must resolve this Service from within. -+ -[NOTE] -==== -If your external database is outside the cluster, you can create a Service with an `ExternalName` type or an `Endpoints` object that maps to the external database IP address. -==== -* You have created a Kubernetes Secret containing the following database credentials: -** `POSTGRES_HOST`: The hostname or IP address of the external PostgreSQL server -** `POSTGRES_PORT`: The port number of the PostgreSQL service -** `POSTGRES_USER`: The database user name -** `POSTGRES_PASSWORD`: The database user password +* You have {configuring-book-link}#configure-external-postgresql-databases_configuring-rhdh[configured an external PostgreSQL database] that is available and accessible from your {ocp-short} cluster, including a Kubernetes Service and Secret for the database connection. * You have access to create Jobs, Secrets, ConfigMaps, and custom resources in the namespace where you deploy the {product-custom-resource-type} CR. .Procedure -. Create the required Kubernetes resources for your external database connection. You can create the Service and `Secret` in parallel: -+ -.. Create a Kubernetes Service that points to your external PostgreSQL database: -+ -[source,yaml,subs="+attributes,+quotes"] ----- -apiVersion: v1 -kind: Service -metadata: - name: external-postgresql-service # Use this name in subsequent steps where is referenced -spec: - type: ExternalName # Creates a CNAME record to the external database hostname - externalName: ____ # FQDN of your external PostgreSQL server, for example, postgres.example.com - ports: - - port: 5432 - targetPort: 5432 - protocol: TCP ----- -+ -[NOTE] -==== -If your external database uses an IP address instead of a hostname, create a Service with Endpoints: - -[source,yaml,subs="+attributes,+quotes"] ----- -apiVersion: v1 -kind: Service -metadata: - name: external-postgresql-service -spec: - ports: - - port: 5432 - targetPort: 5432 - protocol: TCP ---- -apiVersion: v1 -kind: Endpoints -metadata: - name: external-postgresql-service -subsets: - - addresses: - - ip: ____ # IP address of your external PostgreSQL server - ports: - - port: 5432 - protocol: TCP ----- -==== - -.. Create a Kubernetes Secret containing your external database credentials: -+ -[source,yaml,subs="+attributes,+quotes"] ----- -apiVersion: v1 -kind: Secret -metadata: - name: external-db-credentials # Use this name in subsequent steps where is referenced -type: Opaque -stringData: - POSTGRES_HOST: "____" # Hostname or IP address (must match the Service configuration) - POSTGRES_PORT: "____" # Port number, typically 5432 - POSTGRES_USER: "____" # Database user with permissions to create databases and tables - POSTGRES_PASSWORD: "____" ----- - . Create the `backstage_plugin_orchestrator` database on your external PostgreSQL server by applying the following Job: + [source,yaml,subs="+attributes,+quotes"] @@ -124,7 +49,7 @@ spec: - ALL envFrom: - secretRef: - name: ____ # Name of the Secret created in step 1 + name: ____ command: [ "sh", "-c" ] args: - | @@ -155,24 +80,24 @@ spec: persistence: postgresql: secretRef: - name: ____ # Secret created in step 1 + name: ____ userKey: POSTGRES_USER passwordKey: POSTGRES_PASSWORD serviceRef: - name: ____ # Service created in step 1 - namespace: __<{product-very-short}-NAMESPACE>__ # Namespace where you deploy the {product-custom-resource-type} CR + name: ____ + namespace: __<{product-very-short}-NAMESPACE>__ databaseName: backstage_plugin_orchestrator jobService: enabled: true persistence: postgresql: secretRef: - name: ____ # Secret created in step 1 + name: ____ userKey: POSTGRES_USER passwordKey: POSTGRES_PASSWORD serviceRef: - name: ____ # Service created in step 1 - namespace: __<{product-very-short}-NAMESPACE>__ # Namespace where you deploy the {product-custom-resource-type} CR + name: ____ + namespace: __<{product-very-short}-NAMESPACE>__ databaseName: backstage_plugin_orchestrator ---- + @@ -231,7 +156,7 @@ spec: dynamicPluginsConfigMapName: orchestrator-plugin extraEnvs: secrets: - - name: ____ # Secret created in step 1 + - name: ____ ---- .Verification From 10573b236837d84d1154468d52b77434d65d5725 Mon Sep 17 00:00:00 2001 From: GitHub Actions Date: Mon, 18 May 2026 12:04:57 +0200 Subject: [PATCH 03/11] Apply peer suggestions and fix gaps --- ...tgresql-instance-using-the-helm-chart.adoc | 56 +----------------- ...ostgresql-instance-using-the-operator.adoc | 56 +----------------- ...netes-service-for-external-postgresql.adoc | 57 +++++++++++++++++++ 3 files changed, 59 insertions(+), 110 deletions(-) create mode 100644 modules/shared/snip-create-kubernetes-service-for-external-postgresql.adoc diff --git a/modules/configure_configuring-rhdh/proc-configure-an-external-postgresql-instance-using-the-helm-chart.adoc b/modules/configure_configuring-rhdh/proc-configure-an-external-postgresql-instance-using-the-helm-chart.adoc index 10896ac03dd..bfe40ace6bc 100644 --- a/modules/configure_configuring-rhdh/proc-configure-an-external-postgresql-instance-using-the-helm-chart.adoc +++ b/modules/configure_configuring-rhdh/proc-configure-an-external-postgresql-instance-using-the-helm-chart.adoc @@ -87,61 +87,7 @@ Where: ``:: Optional: For TLS connections, the required SSL mode. ``:: Optional: For TLS connections, the absolute path to the Privacy-Enhanced Mail (PEM) file, for example `/opt/app-root/src/postgres-crt.pem`. -. Create a Kubernetes Service that points to your external PostgreSQL database: -+ -[source,yaml,subs="+attributes,+quotes"] ----- -apiVersion: v1 -kind: Service -metadata: - name: external-postgresql-service -spec: - type: ExternalName - externalName: ____ - ports: - - port: 5432 - targetPort: 5432 - protocol: TCP ----- -+ -Where: - -`external-postgresql-service`:: Name of the Service to reference in plugin configurations. -`ExternalName`:: Service type that creates a CNAME record to the external database hostname. -`____`:: FQDN of your external PostgreSQL server, for example, `postgres.example.com`. -+ -[NOTE] -==== -If your external database is outside the cluster or uses an IP address instead of a hostname, create a Service with Endpoints: - -[source,yaml,subs="+attributes,+quotes"] ----- -apiVersion: v1 -kind: Service -metadata: - name: external-postgresql-service -spec: - ports: - - port: 5432 - targetPort: 5432 - protocol: TCP ---- -apiVersion: v1 -kind: Endpoints -metadata: - name: external-postgresql-service -subsets: - - addresses: - - ip: ____ - ports: - - port: 5432 - protocol: TCP ----- - -Where: - -`____`:: IP address of your external PostgreSQL server. -==== +include::../shared/snip-create-kubernetes-service-for-external-postgresql.adoc[leveloffset=+1] . Configure your PostgreSQL instance in the Helm configuration file named `values.yaml`: + diff --git a/modules/configure_configuring-rhdh/proc-configure-an-external-postgresql-instance-using-the-operator.adoc b/modules/configure_configuring-rhdh/proc-configure-an-external-postgresql-instance-using-the-operator.adoc index c00c0b51665..cbfa32d5e13 100644 --- a/modules/configure_configuring-rhdh/proc-configure-an-external-postgresql-instance-using-the-operator.adoc +++ b/modules/configure_configuring-rhdh/proc-configure-an-external-postgresql-instance-using-the-operator.adoc @@ -87,61 +87,7 @@ Where: ``:: Optional: For TLS connections, the required SSL mode. ``:: Optional: For TLS connections, the absolute path to the Privacy-Enhanced Mail (PEM) file, for example `/opt/app-root/src/postgres-crt.pem`. -. Create a Kubernetes Service that points to your external PostgreSQL database: -+ -[source,yaml,subs="+attributes,+quotes"] ----- -apiVersion: v1 -kind: Service -metadata: - name: external-postgresql-service -spec: - type: ExternalName - externalName: ____ - ports: - - port: 5432 - targetPort: 5432 - protocol: TCP ----- -+ -Where: - -`external-postgresql-service`:: Name of the Service to reference in plugin configurations. -`ExternalName`:: Service type that creates a CNAME record to the external database hostname. -`____`:: FQDN of your external PostgreSQL server, for example, `postgres.example.com`. -+ -[NOTE] -==== -If your external database is outside the cluster or uses an IP address instead of a hostname, create a Service with Endpoints: - -[source,yaml,subs="+attributes,+quotes"] ----- -apiVersion: v1 -kind: Service -metadata: - name: external-postgresql-service -spec: - ports: - - port: 5432 - targetPort: 5432 - protocol: TCP ---- -apiVersion: v1 -kind: Endpoints -metadata: - name: external-postgresql-service -subsets: - - addresses: - - ip: ____ - ports: - - port: 5432 - protocol: TCP ----- - -Where: - -`____`:: IP address of your external PostgreSQL server. -==== +include::../shared/snip-create-kubernetes-service-for-external-postgresql.adoc[leveloffset=+1] . Optional: Ensure your external PostgreSQL instance is configured with recommended performance tuning parameters. + diff --git a/modules/shared/snip-create-kubernetes-service-for-external-postgresql.adoc b/modules/shared/snip-create-kubernetes-service-for-external-postgresql.adoc new file mode 100644 index 00000000000..37a35d42440 --- /dev/null +++ b/modules/shared/snip-create-kubernetes-service-for-external-postgresql.adoc @@ -0,0 +1,57 @@ +:_mod-docs-content-type: SNIPPET + +. Create a Kubernetes Service that points to your external PostgreSQL database: ++ +[source,yaml,subs="+attributes,+quotes"] +---- +apiVersion: v1 +kind: Service +metadata: + name: external-postgresql-service +spec: + type: ExternalName + externalName: ____ + ports: + - port: 5432 + targetPort: 5432 + protocol: TCP +---- ++ +Where: + +`external-postgresql-service`:: Name of the Service to reference in plugin configurations. +`ExternalName`:: Service type that creates a CNAME record to the external database hostname. +`____`:: FQDN of your external PostgreSQL server, for example, `postgres.example.com`. ++ +[NOTE] +==== +If your external database is outside the cluster or uses an IP address instead of a hostname, create a Service with Endpoints: + +[source,yaml,subs="+attributes,+quotes"] +---- +apiVersion: v1 +kind: Service +metadata: + name: external-postgresql-service +spec: + ports: + - port: 5432 + targetPort: 5432 + protocol: TCP +--- +apiVersion: v1 +kind: Endpoints +metadata: + name: external-postgresql-service +subsets: + - addresses: + - ip: ____ + ports: + - port: 5432 + protocol: TCP +---- + +Where: + +`____`:: IP address of your external PostgreSQL server. +==== From 9a1f50b25a4e8b0871be3771b84bf9f460aba952 Mon Sep 17 00:00:00 2001 From: GitHub Actions Date: Mon, 18 May 2026 13:17:18 +0200 Subject: [PATCH 04/11] Apply suggestions --- ...or-to-connect-to-existing-postgresql-infrastructure.adoc | 6 +++--- ...p-create-kubernetes-service-for-external-postgresql.adoc | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/modules/extend_orchestrator-in-rhdh/proc-configure-orchestrator-to-connect-to-existing-postgresql-infrastructure.adoc b/modules/extend_orchestrator-in-rhdh/proc-configure-orchestrator-to-connect-to-existing-postgresql-infrastructure.adoc index ae945d63b0b..074c9376aba 100644 --- a/modules/extend_orchestrator-in-rhdh/proc-configure-orchestrator-to-connect-to-existing-postgresql-infrastructure.adoc +++ b/modules/extend_orchestrator-in-rhdh/proc-configure-orchestrator-to-connect-to-existing-postgresql-infrastructure.adoc @@ -13,7 +13,7 @@ However, when you use an external PostgreSQL database that the Operator does not .Prerequisites * You have installed {product-very-short} on {ocp-short}. * You have {configuring-book-link}#configure-external-postgresql-databases_configuring-rhdh[configured an external PostgreSQL database] that is available and accessible from your {ocp-short} cluster, including a Kubernetes Service and Secret for the database connection. -* You have access to create Jobs, Secrets, ConfigMaps, and custom resources in the namespace where you deploy the {product-custom-resource-type} CR. +* You have access to create jobs, secrets, config maps, and custom resources in the namespace where you deploy the {product-custom-resource-type} CR. .Procedure @@ -106,7 +106,7 @@ spec: Unlike the default configuration that uses the `dependencies: - ref: sonataflow` field to automatically provision database resources with specific naming patterns, this configuration explicitly references your external database Service and Secret. The `SonataFlowPlatform` CR will use these resources to connect to your external database instead of creating new database resources. ==== -. Configure the Orchestrator plugins in your dynamic plugins ConfigMap to remove the default `sonataflow` dependency and explicitly reference the SonataFlowPlatform services: +. Configure the Orchestrator plugins in your dynamic plugins config map to remove the default `sonataflow` dependency and explicitly reference the SonataFlowPlatform services: + [source,yaml,subs="+attributes,+quotes"] ---- @@ -140,7 +140,7 @@ data: disabled: false ---- -. Update your {product-custom-resource-type} CR to reference the orchestrator plugin ConfigMap and inject the database credentials Secret: +. Update your {product-custom-resource-type} CR to reference the orchestrator plugin config map and inject the database credentials secret: + [source,yaml,subs="+attributes,+quotes"] ---- diff --git a/modules/shared/snip-create-kubernetes-service-for-external-postgresql.adoc b/modules/shared/snip-create-kubernetes-service-for-external-postgresql.adoc index 37a35d42440..6d04dff401a 100644 --- a/modules/shared/snip-create-kubernetes-service-for-external-postgresql.adoc +++ b/modules/shared/snip-create-kubernetes-service-for-external-postgresql.adoc @@ -1,6 +1,6 @@ :_mod-docs-content-type: SNIPPET -. Create a Kubernetes Service that points to your external PostgreSQL database: +. Create a Kubernetes service that points to your external PostgreSQL database: + [source,yaml,subs="+attributes,+quotes"] ---- @@ -19,13 +19,13 @@ spec: + Where: -`external-postgresql-service`:: Name of the Service to reference in plugin configurations. +`external-postgresql-service`:: Name of the service to reference in plugin configurations. `ExternalName`:: Service type that creates a CNAME record to the external database hostname. `____`:: FQDN of your external PostgreSQL server, for example, `postgres.example.com`. + [NOTE] ==== -If your external database is outside the cluster or uses an IP address instead of a hostname, create a Service with Endpoints: +If your external database is outside the cluster or uses an IP address instead of a hostname, create a service with endpoints: [source,yaml,subs="+attributes,+quotes"] ---- From b3b739e5a98e35a444fcd11e5f733c9c68c70a63 Mon Sep 17 00:00:00 2001 From: GitHub Actions Date: Mon, 18 May 2026 13:31:30 +0200 Subject: [PATCH 05/11] Apply suggestions --- ...-to-connect-to-existing-postgresql-infrastructure.adoc | 4 ++-- ...create-kubernetes-service-for-external-postgresql.adoc | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/modules/extend_orchestrator-in-rhdh/proc-configure-orchestrator-to-connect-to-existing-postgresql-infrastructure.adoc b/modules/extend_orchestrator-in-rhdh/proc-configure-orchestrator-to-connect-to-existing-postgresql-infrastructure.adoc index 074c9376aba..b15cd4320e9 100644 --- a/modules/extend_orchestrator-in-rhdh/proc-configure-orchestrator-to-connect-to-existing-postgresql-infrastructure.adoc +++ b/modules/extend_orchestrator-in-rhdh/proc-configure-orchestrator-to-connect-to-existing-postgresql-infrastructure.adoc @@ -11,8 +11,8 @@ By default, when you enable the Orchestrator plugin using the Operator, the `dep However, when you use an external PostgreSQL database that the Operator does not manage, these default resources and naming patterns do not exist. You must explicitly configure the `SonataFlowPlatform` CR to reference your external database resources and remove the automatic dependency provisioning. .Prerequisites -* You have installed {product-very-short} on {ocp-short}. -* You have {configuring-book-link}#configure-external-postgresql-databases_configuring-rhdh[configured an external PostgreSQL database] that is available and accessible from your {ocp-short} cluster, including a Kubernetes Service and Secret for the database connection. +* You have installed {product-very-short} using the Operator. +* You have {configuring-book-link}#configure-external-postgresql-databases_configuring-rhdh[configured {product-short} to use an external PostgreSQL database]. * You have access to create jobs, secrets, config maps, and custom resources in the namespace where you deploy the {product-custom-resource-type} CR. .Procedure diff --git a/modules/shared/snip-create-kubernetes-service-for-external-postgresql.adoc b/modules/shared/snip-create-kubernetes-service-for-external-postgresql.adoc index 6d04dff401a..33cc2ef3225 100644 --- a/modules/shared/snip-create-kubernetes-service-for-external-postgresql.adoc +++ b/modules/shared/snip-create-kubernetes-service-for-external-postgresql.adoc @@ -10,7 +10,7 @@ metadata: name: external-postgresql-service spec: type: ExternalName - externalName: ____ + externalName: ____ ports: - port: 5432 targetPort: 5432 @@ -20,12 +20,12 @@ spec: Where: `external-postgresql-service`:: Name of the service to reference in plugin configurations. -`ExternalName`:: Service type that creates a CNAME record to the external database hostname. -`____`:: FQDN of your external PostgreSQL server, for example, `postgres.example.com`. +`ExternalName`:: Service type that creates a CNAME record to the external database host name. +`____`:: FQDN of your external PostgreSQL server, for example, `postgres.example.com`. + [NOTE] ==== -If your external database is outside the cluster or uses an IP address instead of a hostname, create a service with endpoints: +If your external database is outside the cluster or uses an IP address instead of a host name, create a service with endpoints: [source,yaml,subs="+attributes,+quotes"] ---- From ad6b3082c61f782fd9e221347c1111ef2b2d044f Mon Sep 17 00:00:00 2001 From: GitHub Actions Date: Mon, 18 May 2026 13:35:18 +0200 Subject: [PATCH 06/11] Apply suggestions --- ...trator-to-connect-to-existing-postgresql-infrastructure.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/extend_orchestrator-in-rhdh/proc-configure-orchestrator-to-connect-to-existing-postgresql-infrastructure.adoc b/modules/extend_orchestrator-in-rhdh/proc-configure-orchestrator-to-connect-to-existing-postgresql-infrastructure.adoc index b15cd4320e9..9e9deadcb44 100644 --- a/modules/extend_orchestrator-in-rhdh/proc-configure-orchestrator-to-connect-to-existing-postgresql-infrastructure.adoc +++ b/modules/extend_orchestrator-in-rhdh/proc-configure-orchestrator-to-connect-to-existing-postgresql-infrastructure.adoc @@ -11,7 +11,7 @@ By default, when you enable the Orchestrator plugin using the Operator, the `dep However, when you use an external PostgreSQL database that the Operator does not manage, these default resources and naming patterns do not exist. You must explicitly configure the `SonataFlowPlatform` CR to reference your external database resources and remove the automatic dependency provisioning. .Prerequisites -* You have installed {product-very-short} using the Operator. +* You have installed {product-very-short} by using the Operator. * You have {configuring-book-link}#configure-external-postgresql-databases_configuring-rhdh[configured {product-short} to use an external PostgreSQL database]. * You have access to create jobs, secrets, config maps, and custom resources in the namespace where you deploy the {product-custom-resource-type} CR. From 1f5a2c9f94b22cd0df7e3b6598b49ba84220c196 Mon Sep 17 00:00:00 2001 From: GitHub Actions Date: Mon, 18 May 2026 13:41:07 +0200 Subject: [PATCH 07/11] Apply suggestions --- .../snip-create-kubernetes-service-for-external-postgresql.adoc | 1 - 1 file changed, 1 deletion(-) diff --git a/modules/shared/snip-create-kubernetes-service-for-external-postgresql.adoc b/modules/shared/snip-create-kubernetes-service-for-external-postgresql.adoc index 33cc2ef3225..36d896a4cc1 100644 --- a/modules/shared/snip-create-kubernetes-service-for-external-postgresql.adoc +++ b/modules/shared/snip-create-kubernetes-service-for-external-postgresql.adoc @@ -1,5 +1,4 @@ :_mod-docs-content-type: SNIPPET - . Create a Kubernetes service that points to your external PostgreSQL database: + [source,yaml,subs="+attributes,+quotes"] From a02e363451a03ae4a6e739ebb54ae21cbc4fba6c Mon Sep 17 00:00:00 2001 From: GitHub Actions Date: Mon, 18 May 2026 13:44:41 +0200 Subject: [PATCH 08/11] Apply peer suggestions --- ...ator-to-connect-to-existing-postgresql-infrastructure.adoc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/extend_orchestrator-in-rhdh/proc-configure-orchestrator-to-connect-to-existing-postgresql-infrastructure.adoc b/modules/extend_orchestrator-in-rhdh/proc-configure-orchestrator-to-connect-to-existing-postgresql-infrastructure.adoc index 9e9deadcb44..51ad0149cf6 100644 --- a/modules/extend_orchestrator-in-rhdh/proc-configure-orchestrator-to-connect-to-existing-postgresql-infrastructure.adoc +++ b/modules/extend_orchestrator-in-rhdh/proc-configure-orchestrator-to-connect-to-existing-postgresql-infrastructure.adoc @@ -6,7 +6,7 @@ [role="_abstract"] Connect the Orchestrator plugins to your existing PostgreSQL database to leverage centralized database management and meet compliance requirements. -By default, when you enable the Orchestrator plugin using the Operator, the `dependencies: - ref: sonataflow` field automatically provisions a `SonataFlowPlatform` custom resource (CR) and creates the required PostgreSQL database resources. The Operator uses specific naming patterns for these resources (such as `backstage-psql-{{backstage-name}}` for the Service and `backstage-psql-secret-{{backstage-name}}` for the Secret). +By default, when you enable the Orchestrator plugin using the Operator, the `dependencies: - ref: sonataflow` field automatically provisions a `SonataFlowPlatform` custom resource (CR) and creates the required PostgreSQL database resources. The Operator uses specific naming patterns for these resources (such as `backstage-psql-{{backstage-name}}` for the service and `backstage-psql-secret-{{backstage-name}}` for the secret). However, when you use an external PostgreSQL database that the Operator does not manage, these default resources and naming patterns do not exist. You must explicitly configure the `SonataFlowPlatform` CR to reference your external database resources and remove the automatic dependency provisioning. @@ -17,7 +17,7 @@ However, when you use an external PostgreSQL database that the Operator does not .Procedure -. Create the `backstage_plugin_orchestrator` database on your external PostgreSQL server by applying the following Job: +. Create the `backstage_plugin_orchestrator` database on your external PostgreSQL server by applying the following job: + [source,yaml,subs="+attributes,+quotes"] ---- From 9956a09a9ca01f285eabf34c8c44c1056de9aeba Mon Sep 17 00:00:00 2001 From: GitHub Actions Date: Tue, 19 May 2026 07:13:54 +0200 Subject: [PATCH 09/11] Include Helm Chart deployments --- ...estrator-by-using-the-rhdh-helm-chart.adoc | 2 + ...-postgresql-infrastructure-using-helm.adoc | 59 +++++++++++++++++++ ...to-existing-postgresql-infrastructure.adoc | 48 +-------------- ...h-the-orchestrator-using-the-helm-cli.adoc | 14 +---- .../snip-create-orchestrator-database.adoc | 46 +++++++++++++++ 5 files changed, 110 insertions(+), 59 deletions(-) create mode 100644 modules/extend_orchestrator-in-rhdh/proc-configure-orchestrator-to-connect-to-existing-postgresql-infrastructure-using-helm.adoc create mode 100644 modules/shared/snip-create-orchestrator-database.adoc diff --git a/assemblies/extend_orchestrator-in-rhdh/assembly-install-rhdh-with-orchestrator-by-using-the-rhdh-helm-chart.adoc b/assemblies/extend_orchestrator-in-rhdh/assembly-install-rhdh-with-orchestrator-by-using-the-rhdh-helm-chart.adoc index f47c6a1a1d7..75d7ae71311 100644 --- a/assemblies/extend_orchestrator-in-rhdh/assembly-install-rhdh-with-orchestrator-by-using-the-rhdh-helm-chart.adoc +++ b/assemblies/extend_orchestrator-in-rhdh/assembly-install-rhdh-with-orchestrator-by-using-the-rhdh-helm-chart.adoc @@ -13,6 +13,8 @@ include::../modules/extend_orchestrator-in-rhdh/proc-install-rhdh-on-ocp-with-th include::../modules/extend_orchestrator-in-rhdh/proc-install-rhdh-using-helm-from-the-ocp-web-console.adoc[leveloffset=+1] +include::../modules/extend_orchestrator-in-rhdh/proc-configure-orchestrator-to-connect-to-existing-postgresql-infrastructure-using-helm.adoc[leveloffset=+1] + include::../modules/extend_orchestrator-in-rhdh/ref-resource-limits-for-installing-rhdh-with-the-orchestrator-plugin-when-using-helm.adoc[leveloffset=+1] // manual installation diff --git a/modules/extend_orchestrator-in-rhdh/proc-configure-orchestrator-to-connect-to-existing-postgresql-infrastructure-using-helm.adoc b/modules/extend_orchestrator-in-rhdh/proc-configure-orchestrator-to-connect-to-existing-postgresql-infrastructure-using-helm.adoc new file mode 100644 index 00000000000..78a27733782 --- /dev/null +++ b/modules/extend_orchestrator-in-rhdh/proc-configure-orchestrator-to-connect-to-existing-postgresql-infrastructure-using-helm.adoc @@ -0,0 +1,59 @@ +:_mod-docs-content-type: PROCEDURE + +[id="configure-orchestrator-to-connect-to-existing-postgresql-infrastructure-using-helm_{context}"] += Configure Orchestrator to connect to existing PostgreSQL infrastructure using Helm + +[role="_abstract"] +Connect the Orchestrator plugins to your existing PostgreSQL database when deploying with the Helm Chart to leverage centralized database management and meet compliance requirements. + +By default, when you enable the Orchestrator plugin using the Helm Chart with `orchestrator.enabled=true`, the chart automatically provisions a `SonataFlowPlatform` custom resource (CR) and creates the required PostgreSQL database resources. The chart uses the `orchestrator.sonataflowPlatform` values to configure these resources. + +However, when you use an external PostgreSQL database that the Helm Chart does not manage, you must explicitly configure the `orchestrator.sonataflowPlatform` values to reference your external database resources. + +.Prerequisites +* You have installed {product-very-short} by using the Helm Chart. +* You have {configuring-book-link}#configure-postgresql-instance-using-helm_configuring-external-postgresql-databases[configured {product-short} to use an external PostgreSQL database]. +* You have access to create jobs, secrets, services, and custom resources in the namespace where you deploy {product-very-short}. + +.Procedure +include::../shared/snip-create-orchestrator-database.adoc[leveloffset=+1] +include::../shared/snip-create-kubernetes-service-for-external-postgresql.adoc[leveloffset=+1] +. Configure your external PostgreSQL database for Orchestrator in your Helm configuration file `values.yaml`: ++ +[source,yaml,subs="+quotes,+attributes"] +---- +orchestrator: + enabled: true + sonataflowPlatform: + externalDBsecretRef: ____ + externalDBName: backstage_plugin_orchestrator + externalDBHost: ____ # Typically external-postgresql-service + externalDBPort: "5432" +---- ++ +Where: +`orchestrator.enabled`:: Set to `true` to enable the Orchestrator plugin. +`orchestrator.sonataflowPlatform.externalDBsecretRef`:: The secret name containing database credentials with `POSTGRES_USER`, `POSTGRES_PASSWORD`, `POSTGRES_HOST`, and `POSTGRES_PORT` keys. +`orchestrator.sonataflowPlatform.externalDBName`:: The database name for Orchestrator data (must be `backstage_plugin_orchestrator`). +`orchestrator.sonataflowPlatform.externalDBHost`:: The Kubernetes Service name pointing to your external database. +`orchestrator.sonataflowPlatform.externalDBPort`:: The PostgreSQL port (typically `5432`). ++ +[IMPORTANT] +==== +Unlike the default configuration where the Helm Chart automatically provisions database resources, this configuration explicitly references your external database Service and Secret. The `SonataFlowPlatform` CR will use these resources to connect to your external database instead of creating new database resources. +==== +. Apply the configuration changes in your Helm configuration file `values.yaml`: ++ +[source,terminal,subs="+attributes"] +---- +$ helm upgrade -n openshift-helm-charts/redhat-developer-hub -f values.yaml --version {product-chart-version} +---- +.Verification +. Verify that the `SonataFlowPlatform` CR is running: ++ +[source,terminal] +---- +$ oc get sonataflowplatform sonataflow-platform -o jsonpath='{.status.conditions[?(@.type=="Ready")].status}' +True +---- +. In the {product-very-short} console, confirm that the Orchestrator frontend and backend features are available and can connect to your external database. diff --git a/modules/extend_orchestrator-in-rhdh/proc-configure-orchestrator-to-connect-to-existing-postgresql-infrastructure.adoc b/modules/extend_orchestrator-in-rhdh/proc-configure-orchestrator-to-connect-to-existing-postgresql-infrastructure.adoc index 51ad0149cf6..4cd29384af2 100644 --- a/modules/extend_orchestrator-in-rhdh/proc-configure-orchestrator-to-connect-to-existing-postgresql-infrastructure.adoc +++ b/modules/extend_orchestrator-in-rhdh/proc-configure-orchestrator-to-connect-to-existing-postgresql-infrastructure.adoc @@ -16,53 +16,7 @@ However, when you use an external PostgreSQL database that the Operator does not * You have access to create jobs, secrets, config maps, and custom resources in the namespace where you deploy the {product-custom-resource-type} CR. .Procedure - -. Create the `backstage_plugin_orchestrator` database on your external PostgreSQL server by applying the following job: -+ -[source,yaml,subs="+attributes,+quotes"] ----- -apiVersion: batch/v1 -kind: Job -metadata: - name: create-sonataflow-database-developer-hub -spec: - ttlSecondsAfterFinished: 30 - activeDeadlineSeconds: 120 - template: - spec: - containers: - - name: psql - image: quay.io/fedora/postgresql-15:latest - resources: - limits: - cpu: "100m" - memory: "128Mi" - requests: - cpu: "100m" - memory: "64Mi" - securityContext: - readOnlyRootFilesystem: true - allowPrivilegeEscalation: false - runAsNonRoot: true - capabilities: - drop: - - ALL - envFrom: - - secretRef: - name: ____ - command: [ "sh", "-c" ] - args: - - | - set -e - # Check if the backstage_plugin_orchestrator database exists - DB_EXISTS=$(PGPASSWORD=${POSTGRES_PASSWORD} psql -h ${POSTGRES_HOST} -p ${POSTGRES_PORT} -U ${POSTGRES_USER} -tAc "SELECT 1 FROM pg_database WHERE datname='backstage_plugin_orchestrator'" postgres) - if [ -z "$DB_EXISTS" ]; then - # Create the database if it does not exist - PGPASSWORD=${POSTGRES_PASSWORD} psql -h ${POSTGRES_HOST} -p ${POSTGRES_PORT} -U ${POSTGRES_USER} -c "CREATE DATABASE backstage_plugin_orchestrator;" postgres - fi - restartPolicy: Never ----- - +include::../shared/snip-create-orchestrator-database.adoc[leveloffset=+1] . Create a `SonataFlowPlatform` CR that references your external PostgreSQL service: + [source,yaml,subs="+attributes,+quotes"] diff --git a/modules/extend_orchestrator-in-rhdh/proc-install-rhdh-on-ocp-with-the-orchestrator-using-the-helm-cli.adoc b/modules/extend_orchestrator-in-rhdh/proc-install-rhdh-on-ocp-with-the-orchestrator-using-the-helm-cli.adoc index 5a3f8823ac8..aff6e3cf07f 100644 --- a/modules/extend_orchestrator-in-rhdh/proc-install-rhdh-on-ocp-with-the-orchestrator-using-the-helm-cli.adoc +++ b/modules/extend_orchestrator-in-rhdh/proc-install-rhdh-on-ocp-with-the-orchestrator-using-the-helm-cli.adoc @@ -71,21 +71,11 @@ $ helm install openshift-helm-charts/redhat-developer-hub \ --set orchestrator.serverlessLogicOperator=false ---- -. (Optional) If you are using an external database, add the following configuration under `orchestrator.sonataflowPlatform` in your `values.yaml` file: -+ -[source,yaml] ----- -orchestrator: - sonataflowPlatform: - externalDBsecretRef: "" - externalDBName: "" # The name of the user-configured existing database (Not the database that the orchestrator and sonataflow resources use). - externalDBHost: "" - externalDBPort: "" ----- +. (Optional) To configure Orchestrator to use an external PostgreSQL database, follow the detailed instructions in xref:configure-orchestrator-to-connect-to-existing-postgresql-infrastructure-using-helm_{context}[Configure Orchestrator to connect to existing PostgreSQL infrastructure using Helm]. + [NOTE] ==== -This step only configures the Orchestrators use of an external database. To configure {product} to use an external PostgreSQL instance, follow the steps in {configuring-book-link}#configure-postgresql-instance-using-helm_configuring-external-postgresql-databases[Configure a PostgreSQL instance using Helm]. +Configuring an external database for Orchestrator requires additional steps beyond standard {product-very-short} external database configuration. You must create the `backstage_plugin_orchestrator` database, configure the `orchestrator.sonataflowPlatform` values, and ensure proper service connectivity. See the detailed procedure for complete instructions. ==== .Verification diff --git a/modules/shared/snip-create-orchestrator-database.adoc b/modules/shared/snip-create-orchestrator-database.adoc new file mode 100644 index 00000000000..4e08719d6df --- /dev/null +++ b/modules/shared/snip-create-orchestrator-database.adoc @@ -0,0 +1,46 @@ +:_mod-docs-content-type: SNIPPET +. Create the `backstage_plugin_orchestrator` database on your external PostgreSQL server by applying the following job: ++ +[source,yaml,subs="+attributes,+quotes"] +---- +apiVersion: batch/v1 +kind: Job +metadata: + name: create-sonataflow-database-developer-hub +spec: + ttlSecondsAfterFinished: 30 + activeDeadlineSeconds: 120 + template: + spec: + containers: + - name: psql + image: quay.io/fedora/postgresql-15:latest + resources: + limits: + cpu: "100m" + memory: "128Mi" + requests: + cpu: "100m" + memory: "64Mi" + securityContext: + readOnlyRootFilesystem: true + allowPrivilegeEscalation: false + runAsNonRoot: true + capabilities: + drop: + - ALL + envFrom: + - secretRef: + name: ____ + command: [ "sh", "-c" ] + args: + - | + set -e + # Check if the backstage_plugin_orchestrator database exists + DB_EXISTS=$(PGPASSWORD=${POSTGRES_PASSWORD} psql -h ${POSTGRES_HOST} -p ${POSTGRES_PORT} -U ${POSTGRES_USER} -tAc "SELECT 1 FROM pg_database WHERE datname='backstage_plugin_orchestrator'" postgres) + if [ -z "$DB_EXISTS" ]; then + # Create the database if it does not exist + PGPASSWORD=${POSTGRES_PASSWORD} psql -h ${POSTGRES_HOST} -p ${POSTGRES_PORT} -U ${POSTGRES_USER} -c "CREATE DATABASE backstage_plugin_orchestrator;" postgres + fi + restartPolicy: Never +---- From 38a7b486f68add9101595f812a5d3bdcd06e447d Mon Sep 17 00:00:00 2001 From: GitHub Actions Date: Tue, 19 May 2026 08:42:45 +0200 Subject: [PATCH 10/11] Apply technical reviewers suggestions --- ...-postgresql-instance-using-the-helm-chart.adoc | 5 ++--- ...al-postgresql-instance-using-the-operator.adoc | 5 ++--- ...ting-postgresql-infrastructure-using-helm.adoc | 11 +++++++---- ...ect-to-existing-postgresql-infrastructure.adoc | 15 +++++++-------- ...ubernetes-service-for-external-postgresql.adoc | 2 +- .../shared/snip-create-orchestrator-database.adoc | 2 +- 6 files changed, 20 insertions(+), 20 deletions(-) diff --git a/modules/configure_configuring-rhdh/proc-configure-an-external-postgresql-instance-using-the-helm-chart.adoc b/modules/configure_configuring-rhdh/proc-configure-an-external-postgresql-instance-using-the-helm-chart.adoc index bfe40ace6bc..0396678d0b2 100644 --- a/modules/configure_configuring-rhdh/proc-configure-an-external-postgresql-instance-using-the-helm-chart.adoc +++ b/modules/configure_configuring-rhdh/proc-configure-an-external-postgresql-instance-using-the-helm-chart.adoc @@ -86,9 +86,8 @@ Where: ``:: Your PostgreSQL instance DNS or IP address. ``:: Optional: For TLS connections, the required SSL mode. ``:: Optional: For TLS connections, the absolute path to the Privacy-Enhanced Mail (PEM) file, for example `/opt/app-root/src/postgres-crt.pem`. - -include::../shared/snip-create-kubernetes-service-for-external-postgresql.adoc[leveloffset=+1] - ++ +include::../shared/snip-create-kubernetes-service-for-external-postgresql.adoc[] . Configure your PostgreSQL instance in the Helm configuration file named `values.yaml`: + [source,yaml,subs="+quotes,+attributes"] diff --git a/modules/configure_configuring-rhdh/proc-configure-an-external-postgresql-instance-using-the-operator.adoc b/modules/configure_configuring-rhdh/proc-configure-an-external-postgresql-instance-using-the-operator.adoc index cbfa32d5e13..c7710ed6406 100644 --- a/modules/configure_configuring-rhdh/proc-configure-an-external-postgresql-instance-using-the-operator.adoc +++ b/modules/configure_configuring-rhdh/proc-configure-an-external-postgresql-instance-using-the-operator.adoc @@ -86,9 +86,8 @@ Where: ``:: Your PostgreSQL instance DNS or IP address. ``:: Optional: For TLS connections, the required SSL mode. ``:: Optional: For TLS connections, the absolute path to the Privacy-Enhanced Mail (PEM) file, for example `/opt/app-root/src/postgres-crt.pem`. - -include::../shared/snip-create-kubernetes-service-for-external-postgresql.adoc[leveloffset=+1] - ++ +include::../shared/snip-create-kubernetes-service-for-external-postgresql.adoc[] . Optional: Ensure your external PostgreSQL instance is configured with recommended performance tuning parameters. + Set `shared_buffers` to approximately 1/4 and `effective_cache_size` to approximately 1/2 of the allocated database memory. diff --git a/modules/extend_orchestrator-in-rhdh/proc-configure-orchestrator-to-connect-to-existing-postgresql-infrastructure-using-helm.adoc b/modules/extend_orchestrator-in-rhdh/proc-configure-orchestrator-to-connect-to-existing-postgresql-infrastructure-using-helm.adoc index 78a27733782..54496b30e93 100644 --- a/modules/extend_orchestrator-in-rhdh/proc-configure-orchestrator-to-connect-to-existing-postgresql-infrastructure-using-helm.adoc +++ b/modules/extend_orchestrator-in-rhdh/proc-configure-orchestrator-to-connect-to-existing-postgresql-infrastructure-using-helm.adoc @@ -6,7 +6,7 @@ [role="_abstract"] Connect the Orchestrator plugins to your existing PostgreSQL database when deploying with the Helm Chart to leverage centralized database management and meet compliance requirements. -By default, when you enable the Orchestrator plugin using the Helm Chart with `orchestrator.enabled=true`, the chart automatically provisions a `SonataFlowPlatform` custom resource (CR) and creates the required PostgreSQL database resources. The chart uses the `orchestrator.sonataflowPlatform` values to configure these resources. +By default, when you enable the Orchestrator plugin by using the Helm Chart with `orchestrator.enabled=true`, the chart automatically provisions a `SonataFlowPlatform` custom resource (CR) and creates the required PostgreSQL database resources. The chart uses the `orchestrator.sonataflowPlatform` values to configure these resources. However, when you use an external PostgreSQL database that the Helm Chart does not manage, you must explicitly configure the `orchestrator.sonataflowPlatform` values to reference your external database resources. @@ -16,8 +16,7 @@ However, when you use an external PostgreSQL database that the Helm Chart does n * You have access to create jobs, secrets, services, and custom resources in the namespace where you deploy {product-very-short}. .Procedure -include::../shared/snip-create-orchestrator-database.adoc[leveloffset=+1] -include::../shared/snip-create-kubernetes-service-for-external-postgresql.adoc[leveloffset=+1] +include::../shared/snip-create-orchestrator-database.adoc[] . Configure your external PostgreSQL database for Orchestrator in your Helm configuration file `values.yaml`: + [source,yaml,subs="+quotes,+attributes"] @@ -27,11 +26,12 @@ orchestrator: sonataflowPlatform: externalDBsecretRef: ____ externalDBName: backstage_plugin_orchestrator - externalDBHost: ____ # Typically external-postgresql-service + externalDBHost: ____ externalDBPort: "5432" ---- + Where: + `orchestrator.enabled`:: Set to `true` to enable the Orchestrator plugin. `orchestrator.sonataflowPlatform.externalDBsecretRef`:: The secret name containing database credentials with `POSTGRES_USER`, `POSTGRES_PASSWORD`, `POSTGRES_HOST`, and `POSTGRES_PORT` keys. `orchestrator.sonataflowPlatform.externalDBName`:: The database name for Orchestrator data (must be `backstage_plugin_orchestrator`). @@ -42,12 +42,14 @@ Where: ==== Unlike the default configuration where the Helm Chart automatically provisions database resources, this configuration explicitly references your external database Service and Secret. The `SonataFlowPlatform` CR will use these resources to connect to your external database instead of creating new database resources. ==== ++ . Apply the configuration changes in your Helm configuration file `values.yaml`: + [source,terminal,subs="+attributes"] ---- $ helm upgrade -n openshift-helm-charts/redhat-developer-hub -f values.yaml --version {product-chart-version} ---- + .Verification . Verify that the `SonataFlowPlatform` CR is running: + @@ -56,4 +58,5 @@ $ helm upgrade -n openshift-helm-charts/redh $ oc get sonataflowplatform sonataflow-platform -o jsonpath='{.status.conditions[?(@.type=="Ready")].status}' True ---- ++ . In the {product-very-short} console, confirm that the Orchestrator frontend and backend features are available and can connect to your external database. diff --git a/modules/extend_orchestrator-in-rhdh/proc-configure-orchestrator-to-connect-to-existing-postgresql-infrastructure.adoc b/modules/extend_orchestrator-in-rhdh/proc-configure-orchestrator-to-connect-to-existing-postgresql-infrastructure.adoc index 4cd29384af2..1a5755593d2 100644 --- a/modules/extend_orchestrator-in-rhdh/proc-configure-orchestrator-to-connect-to-existing-postgresql-infrastructure.adoc +++ b/modules/extend_orchestrator-in-rhdh/proc-configure-orchestrator-to-connect-to-existing-postgresql-infrastructure.adoc @@ -6,7 +6,7 @@ [role="_abstract"] Connect the Orchestrator plugins to your existing PostgreSQL database to leverage centralized database management and meet compliance requirements. -By default, when you enable the Orchestrator plugin using the Operator, the `dependencies: - ref: sonataflow` field automatically provisions a `SonataFlowPlatform` custom resource (CR) and creates the required PostgreSQL database resources. The Operator uses specific naming patterns for these resources (such as `backstage-psql-{{backstage-name}}` for the service and `backstage-psql-secret-{{backstage-name}}` for the secret). +By default, when you enable the Orchestrator plugin by using the Operator, the `dependencies: - ref: sonataflow` field automatically provisions a `SonataFlowPlatform` custom resource (CR) and creates the required PostgreSQL database resources. The Operator uses specific naming patterns for these resources (such as `backstage-psql-{{backstage-name}}` for the service and `backstage-psql-secret-{{backstage-name}}` for the secret). However, when you use an external PostgreSQL database that the Operator does not manage, these default resources and naming patterns do not exist. You must explicitly configure the `SonataFlowPlatform` CR to reference your external database resources and remove the automatic dependency provisioning. @@ -16,7 +16,7 @@ However, when you use an external PostgreSQL database that the Operator does not * You have access to create jobs, secrets, config maps, and custom resources in the namespace where you deploy the {product-custom-resource-type} CR. .Procedure -include::../shared/snip-create-orchestrator-database.adoc[leveloffset=+1] +include::../shared/snip-create-orchestrator-database.adoc[] . Create a `SonataFlowPlatform` CR that references your external PostgreSQL service: + [source,yaml,subs="+attributes,+quotes"] @@ -59,7 +59,7 @@ spec: ==== Unlike the default configuration that uses the `dependencies: - ref: sonataflow` field to automatically provision database resources with specific naming patterns, this configuration explicitly references your external database Service and Secret. The `SonataFlowPlatform` CR will use these resources to connect to your external database instead of creating new database resources. ==== - ++ . Configure the Orchestrator plugins in your dynamic plugins config map to remove the default `sonataflow` dependency and explicitly reference the SonataFlowPlatform services: + [source,yaml,subs="+attributes,+quotes"] @@ -81,19 +81,19 @@ data: pluginConfig: orchestrator: dataIndexService: - url: http://____ # Typically sonataflow-platform-data-index-service + url: http://____ dependencies: [{}] # Empty array removes default 'ref: sonataflow' to prevent automatic database provisioning - package: "oci://registry.access.redhat.com/rhdh/red-hat-developer-hub-backstage-plugin-scaffolder-backend-module-orchestrator:{{inherit}}" disabled: false pluginConfig: orchestrator: dataIndexService: - url: http://____ # Typically sonataflow-platform-data-index-service + url: http://____ dependencies: [{}] # Empty array removes default 'ref: sonataflow' to prevent automatic database provisioning - package: "oci://registry.access.redhat.com/rhdh/red-hat-developer-hub-backstage-plugin-orchestrator-form-widgets:{{inherit}}" disabled: false ---- - ++ . Update your {product-custom-resource-type} CR to reference the orchestrator plugin config map and inject the database credentials secret: + [source,yaml,subs="+attributes,+quotes"] @@ -114,7 +114,6 @@ spec: ---- .Verification - . Verify that the `SonataFlowPlatform` CR is running: + [source,terminal] @@ -122,5 +121,5 @@ spec: $ oc get sonataflowplatform sonataflow-platform -o jsonpath='{.status.conditions[?(@.type=="Ready")].status}' True ---- - ++ . In the {product-very-short} console, confirm that the Orchestrator frontend and backend features are available and can connect to your external database. diff --git a/modules/shared/snip-create-kubernetes-service-for-external-postgresql.adoc b/modules/shared/snip-create-kubernetes-service-for-external-postgresql.adoc index 36d896a4cc1..637c67edca7 100644 --- a/modules/shared/snip-create-kubernetes-service-for-external-postgresql.adoc +++ b/modules/shared/snip-create-kubernetes-service-for-external-postgresql.adoc @@ -53,4 +53,4 @@ subsets: Where: `____`:: IP address of your external PostgreSQL server. -==== +==== \ No newline at end of file diff --git a/modules/shared/snip-create-orchestrator-database.adoc b/modules/shared/snip-create-orchestrator-database.adoc index 4e08719d6df..e8d5187cf8d 100644 --- a/modules/shared/snip-create-orchestrator-database.adoc +++ b/modules/shared/snip-create-orchestrator-database.adoc @@ -43,4 +43,4 @@ spec: PGPASSWORD=${POSTGRES_PASSWORD} psql -h ${POSTGRES_HOST} -p ${POSTGRES_PORT} -U ${POSTGRES_USER} -c "CREATE DATABASE backstage_plugin_orchestrator;" postgres fi restartPolicy: Never ----- +---- \ No newline at end of file From f6e2850a3cc31e2f72d0ffd27d44f37908c0b177 Mon Sep 17 00:00:00 2001 From: GitHub Actions Date: Tue, 19 May 2026 09:15:09 +0200 Subject: [PATCH 11/11] Apply peer suggestions --- ...ernal-postgresql-instance-using-the-helm-chart.adoc | 6 +++--- ...-existing-postgresql-infrastructure-using-helm.adoc | 10 +++++----- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/modules/configure_configuring-rhdh/proc-configure-an-external-postgresql-instance-using-the-helm-chart.adoc b/modules/configure_configuring-rhdh/proc-configure-an-external-postgresql-instance-using-the-helm-chart.adoc index 0396678d0b2..dea7ca4b34d 100644 --- a/modules/configure_configuring-rhdh/proc-configure-an-external-postgresql-instance-using-the-helm-chart.adoc +++ b/modules/configure_configuring-rhdh/proc-configure-an-external-postgresql-instance-using-the-helm-chart.adoc @@ -1,10 +1,10 @@ :_mod-docs-content-type: PROCEDURE [id="configure-an-external-postgresql-instance-using-the-helm-chart_{context}"] -= Configure an external PostgreSQL instance using the Helm Chart += Configure an external PostgreSQL instance using the Helm chart [role="_abstract"] -Configure an external PostgreSQL instance by using the Helm Chart instead of the default local PostgreSQL instance. +Configure an external PostgreSQL instance by using the Helm chart instead of the default local PostgreSQL instance. .Prerequisites @@ -15,7 +15,7 @@ Configure an external PostgreSQL instance by using the Helm Chart instead of the ** `db_port`: Denotes your PostgreSQL instance port number, such as `5432` ** `username`: Denotes the user name to connect to your PostgreSQL instance ** `password`: Denotes the password to connect to your PostgreSQL instance -* You have installed the {product-very-short} application by using the Helm Chart. +* You have installed the {product-very-short} application by using the Helm chart. * Optional: You have a CA certificate, Transport Layer Security (TLS) private key, and TLS certificate so that you can secure your database connection by using the TLS protocol. For more information, refer to your PostgreSQL vendor documentation. [NOTE] diff --git a/modules/extend_orchestrator-in-rhdh/proc-configure-orchestrator-to-connect-to-existing-postgresql-infrastructure-using-helm.adoc b/modules/extend_orchestrator-in-rhdh/proc-configure-orchestrator-to-connect-to-existing-postgresql-infrastructure-using-helm.adoc index 54496b30e93..38a1323b22c 100644 --- a/modules/extend_orchestrator-in-rhdh/proc-configure-orchestrator-to-connect-to-existing-postgresql-infrastructure-using-helm.adoc +++ b/modules/extend_orchestrator-in-rhdh/proc-configure-orchestrator-to-connect-to-existing-postgresql-infrastructure-using-helm.adoc @@ -4,14 +4,14 @@ = Configure Orchestrator to connect to existing PostgreSQL infrastructure using Helm [role="_abstract"] -Connect the Orchestrator plugins to your existing PostgreSQL database when deploying with the Helm Chart to leverage centralized database management and meet compliance requirements. +Connect the Orchestrator plugins to your existing PostgreSQL database when deploying with the Helm chart to leverage centralized database management and meet compliance requirements. -By default, when you enable the Orchestrator plugin by using the Helm Chart with `orchestrator.enabled=true`, the chart automatically provisions a `SonataFlowPlatform` custom resource (CR) and creates the required PostgreSQL database resources. The chart uses the `orchestrator.sonataflowPlatform` values to configure these resources. +By default, when you enable the Orchestrator plugin by using the Helm chart with `orchestrator.enabled=true`, the chart automatically provisions a `SonataFlowPlatform` custom resource (CR) and creates the required PostgreSQL database resources. The chart uses the `orchestrator.sonataflowPlatform` values to configure these resources. -However, when you use an external PostgreSQL database that the Helm Chart does not manage, you must explicitly configure the `orchestrator.sonataflowPlatform` values to reference your external database resources. +However, when you use an external PostgreSQL database that the Helm chart does not manage, you must explicitly configure the `orchestrator.sonataflowPlatform` values to reference your external database resources. .Prerequisites -* You have installed {product-very-short} by using the Helm Chart. +* You have installed {product-very-short} by using the Helm chart. * You have {configuring-book-link}#configure-postgresql-instance-using-helm_configuring-external-postgresql-databases[configured {product-short} to use an external PostgreSQL database]. * You have access to create jobs, secrets, services, and custom resources in the namespace where you deploy {product-very-short}. @@ -40,7 +40,7 @@ Where: + [IMPORTANT] ==== -Unlike the default configuration where the Helm Chart automatically provisions database resources, this configuration explicitly references your external database Service and Secret. The `SonataFlowPlatform` CR will use these resources to connect to your external database instead of creating new database resources. +Unlike the default configuration where the Helm chart automatically provisions database resources, this configuration explicitly references your external database Service and Secret. The `SonataFlowPlatform` CR will use these resources to connect to your external database instead of creating new database resources. ==== + . Apply the configuration changes in your Helm configuration file `values.yaml`: