Deploy and configure Red Hat Developer Hub with Ansible Automation Platform integration

We now have all the required pieces of our environment and are ready to install Red Hat Developer Hub (Developer Hub) to serve as our central interface. By mapping our OAuth credentials and Keycloak secrets into Developer Hub, we will create a unified platform in which developers can use templates to trigger automation playbooks with a single click.

Prerequisites:

To begin this lesson, make sure you have all of the required environment variables we have completed over the previous steps: 

• AAP_URL: Red Hat Ansible Automation platform gateway route.
• AAP_TOKEN: Generated when creating Ansible Automation Platform OAuth application.
• AAP_OAUTH_CLIENT_ID:  From Ansible Automation Platform OAuth application.
• AAP_OAUTH_CLIENT_SECRET: From Ansible Automation Platform OAuth application.
• KEYCLOAK_URL: Keycloak route.
• CLIENT_SECRET: From creating the Developer Hub client in the Red Hat build of Keycloak.

Optionally, check the loaded environment variables before proceeding:

echo "AAP_URL: $AAP_URL"
echo "AAP_TOKEN: $AAP_TOKEN"
echo "AAP_OAUTH_CLIENT_ID: $AAP_OAUTH_CLIENT_ID"
echo "AAP_OAUTH_CLIENT_SECRET: $AAP_OAUTH_CLIENT_SECRET"
echo "KEYCLOAK_URL: $KEYCLOAK_URL"
echo "CLIENT_SECRET: $CLIENT_SECRET"

In this lesson, you will:

• Configure Developer Hub using the above values.
• Create the Kubernetes secret structure.
• Generate backend encryption keys and API tokens for the Developer Hub internal database and communication.
• (Optional) Configure GitHub App integration to allow Developer Hub to read software templates from your repositories.

Install Developer Hub

Let’s get started with our installation and configuration of Developer Hub. 

For production: Use External Secrets Operator (ESO) or HashiCorp Vault.

1. Create the secrets directory structure for Developer Hub secrets or a specific overlay:

   mkdir -p clusters/demo/.secrets/instances/rhdh/secrets

2. Create the Ansible Automation Platform integration secret using the OAuth credentials we configured earlier:

   cat <<EOF > clusters/demo/.secrets/instances/rhdh/secrets/secret-ansible-platform.yaml
   apiVersion: v1
   kind: Secret
   metadata:
     name: ansible-platform
     namespace: rhdh
   type: Opaque
   stringData:
     AAP_BASE_URL: "${AAP_URL}"
     AAP_TOKEN: "${AAP_TOKEN}"
     AAP_OAUTH_CLIENT_ID: "${AAP_OAUTH_CLIENT_ID}"
     AAP_OAUTH_CLIENT_SECRET: "${AAP_OAUTH_CLIENT_SECRET}"
   EOF

3. Generate a token for Developer Hub internal API:

   export RHDH_API_TOKEN=$(openssl rand -base64 32)

4. Create the API token secret: 

   cat <<EOF > clusters/demo/.secrets/instances/rhdh/secrets/secret-api-token.yaml
   apiVersion: v1
   kind: Secret
   metadata:
     name: rhdh-api-token
     namespace: rhdh
   type: Opaque
   stringData:
     RHDH_API_TOKEN: "${RHDH_API_TOKEN}"
   EOF

5. Generate the backend encryption key: 

   export BACKEND_SECRET=$(openssl rand -base64 32)

6. Create backend secret:

   cat <<EOF > clusters/demo/.secrets/instances/rhdh/secrets/secret-backend.yaml
   apiVersion: v1
   kind: Secret
   metadata:
     name: my-rhdh-secrets
     namespace: rhdh
   type: Opaque
   stringData:
     BACKEND_SECRET: "${BACKEND_SECRET}"
   EOF

Optional: Create and configure GitHub App integration 

To pull catalog information and templates from GitHub, you’ll need to create a type of integration known as a GitHub App. Skip this step if you don’t need GitHub integration. 

1. Create a GitHub App by navigating to https://github.com/settings/apps/new.
2. Configure settings:
   1. Application name: Choose a descriptive name (e.g., “RHDH-Integration”).
   2. Homepage URL: Your Developer Hub instance URL.
   3. Webhook URL: Leave blank (unless needed).
   4. Permissions: Configure based on your requirements (typically Repository: Read, Pull requests: Read).

3. Create the GitHub secret, configuring the string data as follows: 

   cat <<EOF > clusters/demo/.secrets/instances/rhdh/secrets/secret-github-app-integration.yaml
   apiVersion: v1
   kind: Secret
   metadata:
     name: rhdh-secrets-github-app
     namespace: rhdh
   type: Opaque
   stringData:
     # Required: GitHub App ID (from General -> About)
     GITHUB_INTEGRATION_APP_ID: "${GITHUB_INTEGRATION_APP_ID}"
     # Required: GitHub Client ID (from General -> About)
     GITHUB_INTEGRATION_CLIENT_ID: "${GITHUB_INTEGRATION_CLIENT_ID}"
     # Required: GitHub Client Secret (generate in General -> Client secrets)
     GITHUB_INTEGRATION_CLIENT_SECRET: "${GITHUB_INTEGRATION_CLIENT_SECRET}"
     # Required: GitHub host domain
     GITHUB_INTEGRATION_HOST_DOMAIN: "${GITHUB_INTEGRATION_HOST_DOMAIN}"
     # Required: Your GitHub organization name
     GITHUB_INTEGRATION_ORGANIZATION: "${GITHUB_INTEGRATION_ORGANIZATION}"

4. Click Save and then generate a private key (select the drop-down private key under general) and note down the application ID, replacing the below with your actual private key content: 

   GITHUB_INTEGRATION_PRIVATE_KEY_FILE: |
   $(echo "$GITHUB_INTEGRATION_PRIVATE_KEY_FILE" | sed 's/^/    /')
   EOF

Success! These secrets provide the necessary permissions for Developer Hub to view your automation inventory and execute jobs on behalf of your users. Let’s set up our plugin registry before finally deploying our Developer Hub integration.