feat: Support autoscaling via HPA (#268)

* feat: expose autoscaling configuration using the HPA resource

Signed-off-by: Armel Soro <asoro@redhat.com>

* Set the Deployment replicas only if autoscaling is not enabled

When autoscaling is enabled, the HPA controller controls the number of replicas [1]

[1] https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/\#migrating-deployments-and-statefulsets-to-horizontal-autoscaling

Signed-off-by: Armel Soro <asoro@redhat.com>

* Add CI values file with autoscaling enabled

Signed-off-by: Armel Soro <asoro@redhat.com>

* Bump chart version

This is a backward-compatible change

Signed-off-by: Armel Soro <asoro@redhat.com>

* Update values schema

Signed-off-by: Armel Soro <asoro@redhat.com>

* Update README

Signed-off-by: Armel Soro <asoro@redhat.com>

---------

Signed-off-by: Armel Soro <asoro@redhat.com>

.codespellrc

@@ -0,0 +1,2 @@
+[codespell]
+ignore-words-list = NotIn,notin

.github/workflows/automate_stale.yml

@@ -0,0 +1,37 @@
+name: Automate staleness
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: "0 6 * * *"
+
+permissions:
+  contents: read
+
+jobs:
+  stale:
+    permissions:
+      issues: write # for actions/stale to close stale issues
+      pull-requests: write # for actions/stale to close stale PRs
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/stale@5bef64f19d7facfb25b37b414482c7164d639639 # v9.1.0
+        id: stale
+        with:
+          stale-issue-message: >
+            This issue has been automatically marked as stale because it has not had
+            recent activity. It will be closed if no further activity occurs. Thank you
+            for your contributions.
+          days-before-issue-stale: 60
+          days-before-issue-close: 7
+          exempt-issue-labels: after-vacations,will-fix
+          stale-issue-label: stale
+          stale-pr-message: >
+            This PR has been automatically marked as stale because it has not had
+            recent activity from the author. It will be closed if no further activity occurs.
+            If the PR was closed and you want it re-opened, let us know
+            and we'll re-open the PR so that you can continue the contribution!
+          days-before-pr-stale: 7
+          days-before-pr-close: 5
+          exempt-pr-labels: after-vacations,will-fix
+          stale-pr-label: stale
+          operations-per-run: 100

.github/workflows/lint.yaml

@@ -0,0 +1,27 @@
+name: Lint Charts
+
+on:
+  pull_request:
+
+jobs:
+  lint:
+    runs-on: ubuntu-latest
+    env:
+      GO111MODULE: on
+    steps:
+      - name: Checkout
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # pin@v3
+
+      - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # pin@v4
+        with:
+          python-version: 3.12
+
+      - uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # pin@v3
+        with:
+          go-version: ^1
+
+      - name: Setup helm-docs
+        run: go install github.com/norwoodj/helm-docs/cmd/helm-docs@latest
+
+      - name: Run pre-commit
+        uses: pre-commit/action@2c7b3805fd2a0fd8c1884dcaebf91fc102a13ecd # pin@v3.0.1

.github/workflows/release.yml

@@ -18,7 +18,7 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # pin@v3
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # pin@v3
         with:
           fetch-depth: 0
 
@@ -27,26 +27,25 @@ jobs:
           git config user.name "$GITHUB_ACTOR"
           git config user.email "$GITHUB_ACTOR@users.noreply.github.com"
 
-      - name: Add dependencies
-        run: |
-          helm repo add bitnami https://charts.bitnami.com/bitnami
-
       - name: Run chart-releaser
-        uses: helm/chart-releaser-action@be16258da8010256c6e82849661221415f031968 # pin@v1.5.0
+        uses: helm/chart-releaser-action@cae68fefc6b5f367a0275617c9f83181ba54714f # pin@v1.7.0
         with:
           config: cr.yaml
         env:
           CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
 
       - name: Login to GitHub Container Registry
-        uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a #pin@v2.1.0
+        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 #pin@v3.4.0
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Install Cosign
-        uses: sigstore/cosign-installer@c3667d99424e7e6047999fb6246c0da843953c65 #pin@v3.0.1
+        uses: sigstore/cosign-installer@398d4b0eeef1380460a10c8013a76f728fb906ac #pin@v3.9.1
+
+      - name: Install Oras
+        uses: oras-project/setup-oras@8d34698a59f5ffe24821f0b48ab62a3de8b64b20 # v1.2.3
 
       - name: Publish and Sign OCI Charts
         run: |
@@ -55,7 +54,9 @@ jobs:
             file_name=${chart##*/}
             chart_name=${file_name%-*}
             digest=$(awk -F "[, ]+" '/Digest/{print $NF}' < helm-push-output.log)
-            cosign sign "ghcr.io/${GITHUB_REPOSITORY}/${chart_name}@${digest}"
+            cosign sign -y "ghcr.io/${GITHUB_REPOSITORY}/${chart_name}@${digest}"
+
+            oras push "ghcr.io/${GITHUB_REPOSITORY}/${chart_name}:artifacthub.io" "./charts/${chart_name}/artifacthub-repo.yml:application/vnd.cncf.artifacthub.repository-metadata.layer.v1.yaml"
           done
         env:
           COSIGN_EXPERIMENTAL: 1

.github/workflows/spellcheck.yaml

@@ -0,0 +1,18 @@
+name: Codespell
+
+on:
+  pull_request:
+
+jobs:
+  codespell:
+    name: Codespell
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout Code
+        uses: actions/checkout@v4
+      - name: Codespell
+        uses: codespell-project/actions-codespell@v2
+        with:
+          skip: .git
+          check_filenames: true
+          check_hidden: true

.github/workflows/test.yml

@@ -1,64 +1,39 @@
-name: Lint Charts
+name: Test Charts
 
 on:
   pull_request:
-    paths:
-      - "charts/**"
 
 jobs:
-  check-readme:
-    runs-on: ubuntu-latest
-    env:
-      GO111MODULE: on
-    steps:
-      - name: Checkout
-        uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # pin@v3
-
-      - uses: actions/setup-python@d27e3f3d7c64b4bbf8e4abfb9b63b83e846e0435 # pin@v4
-        with:
-          python-version: 3.7
-
-      - uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # pin@v3
-        with:
-          go-version: ^1
-
-      - name: Setup helm-docs
-        run: go install github.com/norwoodj/helm-docs/cmd/helm-docs@latest
-
-      - name: Run pre-commit
-        uses: pre-commit/action@646c83fcd040023954eafda54b4db0192ce70507 # pin@v3.0.0
-
   test:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # pin@v3
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # pin@v3
         with:
           fetch-depth: 0
 
       - name: Set up Helm
-        uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # pin@v3.5
+        uses: azure/setup-helm@b9e51907a09c216f16ebe8536097933489208112 # pin@v4.3.0
         with:
           version: v3.10.0
 
-      - uses: actions/setup-python@d27e3f3d7c64b4bbf8e4abfb9b63b83e846e0435 # pin@v4
+      - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # pin@v4
         with:
-          python-version: 3.7
+          python-version: 3.12
 
       - name: Set up chart-testing
-        uses: helm/chart-testing-action@afea100a513515fbd68b0e72a7bb0ae34cb62aec # pin@v2.3.0
+        uses: helm/chart-testing-action@0d28d3144d3a25ea2cc349d6e59901c4ff469b3b # pin@v2.3.0
 
       - name: "Add NGINX Ingress and Bitnami Repository"
         run: |
           helm repo add ingress-nginx "https://kubernetes.github.io/ingress-nginx"
-          helm repo add bitnami "https://charts.bitnami.com/bitnami"
           helm repo update
 
       - name: Run chart-testing (lint)
         run: ct lint --config ct.yaml
 
       - name: Create KIND Cluster
-        uses: helm/kind-action@d8ccf8fb623ce1bb360ae2f45f323d9d5c5e9f00 # pin@v1.5.0
+        uses: helm/kind-action@a1b0e391336a6ee6713a0583f8c6240d70863de3 # pin@v1.12.0
 
       - name: Install Ingress Controller
         run: "helm install ingress-nginx/ingress-nginx --generate-name --set controller.service.type='NodePort' --set controller.admissionWebhooks.enabled=false"

.helmignore

@@ -21,3 +21,5 @@
 .idea/
 *.tmproj
 .vscode/
+
+values.schema.tmpl.json

.pre-commit-config.yaml

@@ -10,3 +10,16 @@ repos:
           - --template-files=./_templates.gotmpl
           # A base filename makes it relative to each chart directory found
           - --template-files=README.md.gotmpl
+  - repo: local
+    hooks:
+      - id: jsonschema-dereference
+        name: jsonschema-dereference
+        entry: python .pre-commit/jsonschema_dereference.py
+        additional_dependencies: [jsonref]
+        language: python
+        types_or: [yaml, json]
+
+  - repo: https://github.com/codespell-project/codespell
+    rev: v2.4.1
+    hooks:
+    - id: codespell

.pre-commit/jsonschema_dereference.py

@@ -0,0 +1,54 @@
+""" 
+This Python module:
+  - Searches for JSON Schema templates with the name values.schema.tmpl.json
+  - Dereferences any $refs contained in those files
+  - Outputs the new Schema to a values.schema.json file in the same directory
+"""
+
+import sys
+import json
+from typing import List, Dict, Any
+from pathlib import Path
+
+# External library dependency
+# Install with 'pip install jsonref'
+import jsonref
+
+# File to write the dereferenced JSON Schema to
+JSONSCHEMA_NAME = "values.schema.json"
+# File that contains the JSON Schema that needs dereferencing
+JSONSCHEMA_TEMPLATE_NAME = "values.schema.tmpl.json"
+
+def load_template_schema(schema_dir: Path) -> Dict[str, Any]:
+    """Load the schema template values.schema.tmpl.json"""
+    with open(schema_dir / JSONSCHEMA_TEMPLATE_NAME, "r", encoding="utf-8") as f:
+        return json.loads(f.read())
+
+def save(schema_dir: Path, schema_data: Any):
+    """Save the dereferenced schema to values.schema.json"""
+    with open(schema_dir / JSONSCHEMA_NAME, "w", encoding="utf-8") as f:
+        json.dump(schema_data, f, indent=4, sort_keys=True)
+
+if __name__ == '__main__':
+    # Search for all values.schema.tmpl.json files
+    schema_templates = [p.parent for p in Path(".").rglob(JSONSCHEMA_TEMPLATE_NAME)]
+
+    # Create a list to hold any exceptions
+    errors: List[BaseException] = []
+    # Iterate over the List of found schema templates
+    for schema_template in schema_templates:
+        try:
+            # Load the schema into a variable as JSON
+            st = load_template_schema(schema_template)
+            # Dereference all of the $refs
+            s = jsonref.replace_refs(st)
+            # Save the dereferenced JSON
+            save(schema_template, s)
+        except BaseException as e:
+            # Print any errors to the screen
+            print(f"Could not process schema for '{schema_template}': {e}")
+            # Append any exceptions to the errors List
+            errors.append(e)
+    if errors:
+        # Exit with status 1 if any exceptions were thrown
+        sys.exit(1)

CONTRIBUTING.md

@@ -0,0 +1,8 @@
+# Contributing to Backstage Charts
+
+Before making a contribution to the [Backstage Helm Chart](https://github.com/backstage/charts) you will need to ensure the following steps have been done:
+- [Sign your commits](https://docs.github.com/en/authentication/managing-commit-signature-verification/signing-commits)
+- Run `helm template` on the changes you're making to ensure they are correctly rendered into Kubernetes manifests.
+- Lint tests has been run for the Chart using the [Chart Testing](https://github.com/helm/chart-testing) tool and the `ct lint` command.
+- Ensure variables are documented in `values.yaml` and the [pre-commit](https://pre-commit.com/) hook has been run with `pre-commit run --all-files` to generate the `README.md` documentation. To preview the content, use `helm-docs --dry-run`.
+- If you are making changes to the Chart - remember to bump the Chart version following [SemVer](https://semver.org/). You will need to change the [Chart Version](https://github.com/backstage/charts/blob/main/charts/backstage/Chart.yaml#L41) and the [Chart Badge](https://github.com/backstage/charts/blob/main/charts/backstage/README.md?plain=1#L5) on the README.

README.md

@@ -4,8 +4,23 @@
 
 Backstage unifies all your infrastructure tooling, services, and documentation to create a streamlined development environment from end to end.
 
+> [!CAUTION]
+> This Helm chart deploys a pre-packaged container image which contains a vanilla Backstage instance for demo purposes. This image is probably not suitable for use in production. For further customization of the Backstage instance (plugin installation, UI changes, etc.) please create your own custom instance and container image. For details please consult the [Backstage documentation](https://backstage.io/docs)
+
+## Scope
+
+This chart focuses on providing users the same experience and functionality no matter what flavor of Kubernetes they use. This chart will support only patterns that are either customary for all Kubernetes flavors, are commonly used in the Bitnami charts ecosystem, and recognized as Backstage official patterns.
+
+We welcome other, more specialized, charts to use this canonical chart as a direct dependency, expanding the feature set further, beyond this scope.
+
+A list of derived charts:
+- OpenShift specialized chart: [Red Hat Developer Hub Helm chart](https://github.com/redhat-developer/rhdh-chart/tree/main/charts/backstage)
+
 ## Usage
 
+> [!NOTE]
+> Documentation for the Backstage chart can be found [here](charts/backstage)
+
 Charts are available in the following formats:
 
 * [Chart Repository](https://helm.sh/docs/topics/chart_repository/)
@@ -16,7 +31,6 @@ Charts are available in the following formats:
 The following command can be used to add the chart repository:
 
 ```console
-helm repo add bitnami https://charts.bitnami.com/bitnami
 helm repo add backstage https://backstage.github.io/charts
 ```
 

charts/backstage/Chart.lock

@@ -1,9 +1,9 @@
 dependencies:
 - name: common
-  repository: https://charts.bitnami.com/bitnami
-  version: 1.17.1
+  repository: oci://registry-1.docker.io/bitnamicharts
+  version: 2.10.0
 - name: postgresql
-  repository: https://charts.bitnami.com/bitnami
-  version: 11.9.13
-digest: sha256:e24333442ed7bee23fd4d0ae522d3e8c56fd212e4ff33f020ad12f1528ae78e9
-generated: "2023-02-09T14:22:13.567819+01:00"
+  repository: oci://registry-1.docker.io/bitnamicharts
+  version: 12.10.0
+digest: sha256:77630aa988cef5e3a9f64a9fc3427345f451534e973dbece805850be587cb59e
+generated: "2024-05-11T14:39:32.274594+01:00"

charts/backstage/Chart.yaml

@@ -1,29 +1,41 @@
+annotations:
+  artifacthub.io/category: integration-delivery
+  artifacthub.io/license: Apache-2.0
+  artifacthub.io/links: |
+    - name: support
+      url: https://github.com/backstage/charts/issues
+    - name: Chart Source
+      url: https://github.com/backstage/charts
+    - name: Default Image Source
+      url: https://github.com/backstage/backstage
 apiVersion: v2
-name: backstage
 description: A Helm chart for deploying a Backstage application
-
-# A chart can be either an 'application' or a 'library' chart.
-#
-# Application charts are a collection of templates that can be packaged into versioned archives
-# to be deployed.
-#
-# Library charts provide useful utilities or functions for the chart developer. They're included as
-# a dependency of application charts to inject those utilities and functions into the rendering
-# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+dependencies:
+  - name: common
+    repository: oci://registry-1.docker.io/bitnamicharts
+    tags:
+      - bitnami-common
+    version: 2.10.0
+  - condition: postgresql.enabled
+    name: postgresql
+    repository: oci://registry-1.docker.io/bitnamicharts
+    version: 12.10.0
+home: https://backstage.io
+icon: https://raw.githubusercontent.com/cncf/artwork/master/projects/backstage/icon/color/backstage-icon-color.svg
+keywords:
+  - backstage
+  - idp
+kubeVersion: ">= 1.19.0-0"
+maintainers:
+  - name: Backstage
+    url: https://backstage.io
+name: backstage
 type: application
+sources:
+  - https://github.com/backstage/charts
+  - https://github.com/backstage/backstage
 
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.17.1
-
-dependencies:
-  - name: common
-    repository: https://charts.bitnami.com/bitnami
-    tags:
-      - bitnami-common
-    version: 1.x.x
-  - condition: postgresql.enabled
-    name: postgresql
-    repository: https://charts.bitnami.com/bitnami
-    version: 11.x.x
+version: 2.6.0

charts/backstage/README.md

@@ -1,20 +1,36 @@
 
 # Backstage Helm Chart
 
-![Version: 0.17.1](https://img.shields.io/badge/Version-0.17.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
+[![Artifact Hub](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/backstage)](https://artifacthub.io/packages/search?repo=backstage)
+![Version: 2.6.0](https://img.shields.io/badge/Version-2.6.0-informational?style=flat-square)
+![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
 
 A Helm chart for deploying a Backstage application
 
+**Homepage:** <https://backstage.io>
+
+## Maintainers
+
+| Name | Email | Url |
+| ---- | ------ | --- |
+| Backstage |  | <https://backstage.io> |
+
+## Source Code
+
+* <https://github.com/backstage/charts>
+* <https://github.com/backstage/backstage>
+
 ---
 
 [Backstage](https://backstage.io) is an open platform for building developer portals. Powered by a centralized software catalog, Backstage restores order to your microservices and infrastructure and enables your product teams to ship high-quality code quickly — without compromising autonomy.
 
 Backstage unifies all your infrastructure tooling, services, and documentation to create a streamlined development environment from end to end.
 
+> Disclaimer: This Helm chart deploys a pre-packaged container image which contains a vanilla Backstage instance for demo purposes. This image is probably not suitable for use in production. For further customization of the Backstage instance (plugin installation, UI changes, etc.) please create your own custom instance and container image. For details please consult the [Backstage documentation](https://backstage.io/docs)
+
 ## TL;DR
 
 ```console
-helm repo add bitnami https://charts.bitnami.com/bitnami
 helm repo add backstage https://backstage.github.io/charts
 
 helm install my-release backstage/backstage
@@ -26,11 +42,20 @@ This chart bootstraps a [Backstage](https://backstage.io/docs/deployment/docker)
 
 ## Prerequisites
 
-- Kubernetes 1.19+
-- Helm 3.2.0+
+- Kubernetes 1.25+
+- Helm 3.10+ minimum, 3.14+ recommended
 - PV provisioner support in the underlying infrastructure
 - [Backstage container image](https://backstage.io/docs/deployment/docker)
 
+## Scope
+
+This chart focuses on providing users the same experience and functionality no matter what flavor of Kubernetes they use. This chart will support only patterns that are either customary for all Kubernetes flavors, are commonly used in the Bitnami charts ecosystem, and recognized as Backstage official patterns.
+
+We welcome other, more specialized, charts to use this canonical chart as a direct dependency, expanding the feature set further, beyond this scope.
+
+A list of derived charts:
+- OpenShift specialized chart: [Janus Backstage Helm chart](https://github.com/janus-idp/helm-backstage/tree/main/charts/backstage)
+
 ## Usage
 
 Chart is available in the following formats:
@@ -76,39 +101,56 @@ The command removes all the Kubernetes components associated with the chart and
 
 ## Requirements
 
+Kubernetes: `>= 1.19.0-0`
+
 | Repository | Name | Version |
 |------------|------|---------|
-| https://charts.bitnami.com/bitnami | common | 1.x.x |
-| https://charts.bitnami.com/bitnami | postgresql | 11.x.x |
+| oci://registry-1.docker.io/bitnamicharts | common | 2.10.0 |
+| oci://registry-1.docker.io/bitnamicharts | postgresql | 12.10.0 |
 
 ## Values
 
 | Key | Description | Type | Default |
 |-----|-------------|------|---------|
 | backstage | Backstage parameters | object | See below |
+| backstage.affinity | Affinity for pod assignment <br /> Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity | object | `{}` |
+| backstage.annotations | Additional custom annotations for the `Deployment` resource | object | `{}` |
 | backstage.appConfig | Generates ConfigMap and configures it in the Backstage pods | object | `{}` |
 | backstage.args | Backstage container command arguments | list | `[]` |
+| backstage.autoscaling | Autoscaling configuration. <br /> Ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/ | object | `{"enabled":false,"maxReplicas":100,"minReplicas":1,"targetCPUUtilizationPercentage":80}` |
 | backstage.command | Backstage container command | list | `["node","packages/backend"]` |
 | backstage.containerPorts | Container ports on the Deployment | object | `{"backend":7007}` |
 | backstage.containerSecurityContext | Security settings for a Container. <br /> Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container | object | `{}` |
 | backstage.extraAppConfig | Extra app configuration files to inline into command arguments | list | `[]` |
 | backstage.extraContainers | Deployment sidecars | list | `[]` |
 | backstage.extraEnvVars | Backstage container environment variables | list | `[]` |
-| backstage.extraEnvVarsSecrets | Backstage container environment variables from Secrets | list | `[]` |
+| backstage.extraEnvVarsCM | Backstage container environment variables from existing ConfigMaps | list | `[]` |
+| backstage.extraEnvVarsSecrets | Backstage container environment variables from existing Secrets | list | `[]` |
+| backstage.extraPorts | Backstage container additional ports | list | `[]` |
 | backstage.extraVolumeMounts | Backstage container additional volume mounts | list | `[]` |
 | backstage.extraVolumes | Backstage container additional volumes | list | `[]` |
-| backstage.image.debug | Set to true if you would like to see extra information on logs | bool | `false` |
-| backstage.image.pullPolicy | Specify a imagePullPolicy. Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' <br /> Ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images | string | `"Always"` |
+| backstage.hostAliases | Host Aliases for the pod <br /> Ref: https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ | list | `[]` |
+| backstage.image.digest | Backstage image digest (digest takes precedence over image tag) | string | `""` |
+| backstage.image.pullPolicy | Specify a imagePullPolicy. Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' <br /> Ref: https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy | string | `"Always"` |
 | backstage.image.pullSecrets | Optionally specify an array of imagePullSecrets.  Secrets must be manually created in the namespace. <br /> Ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ <br /> E.g: `pullSecrets: [myRegistryKeySecretName]` | list | `[]` |
 | backstage.image.registry | Backstage image registry | string | `"ghcr.io"` |
 | backstage.image.repository | Backstage image repository | string | `"backstage/backstage"` |
 | backstage.image.tag | Backstage image tag (immutable tags are recommended) | string | `"latest"` |
 | backstage.initContainers | Backstage container init containers | list | `[]` |
 | backstage.installDir | Directory containing the backstage installation | string | `"/app"` |
+| backstage.livenessProbe | Liveness Probe Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes <!-- E.g. livenessProbe:   failureThreshold: 3   httpGet:     path: /.backstage/health/v1/liveness     port: 7007     scheme: HTTP   initialDelaySeconds: 60   periodSeconds: 10   successThreshold: 1   timeoutSeconds: 2 | object | `{"httpGet":{"path":"/.backstage/health/v1/liveness","port":7007,"scheme":"HTTP"}}` |
+| backstage.nodeSelector | Node labels for pod assignment <br /> Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector | object | `{}` |
+| backstage.pdb | Pod Disruption Budget configuration ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ | object | `{"create":false,"maxUnavailable":"","minAvailable":""}` |
 | backstage.podAnnotations | Annotations to add to the backend deployment pods | object | `{}` |
+| backstage.podLabels | Labels to add to the backend deployment pods | object | `{}` |
 | backstage.podSecurityContext | Security settings for a Pod.  The security settings that you specify for a Pod apply to all Containers in the Pod. <br /> Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod | object | `{}` |
-| backstage.resources | Resource requests/limits <br /> Ref: https://kubernetes.io/docs/user-guide/compute-resources/ <!-- E.g. resources:   limits:     memory: 1Gi     cpu: 1000m   requests:     memory: 250Mi     cpu: 100m --> | object | `{}` |
-| backstage.tolerations | Node tolerations for server scheduling to nodes with taints <br /> Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ | list | `[]` |
+| backstage.readinessProbe | Readiness Probe Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes <!-- E.g. readinessProbe:   failureThreshold: 3   httpGet:     path: /.backstage/health/v1/readiness     port: 7007     scheme: HTTP   initialDelaySeconds: 30   periodSeconds: 10   successThreshold: 2   timeoutSeconds: 2 | object | `{"httpGet":{"path":"/.backstage/health/v1/readiness","port":7007,"scheme":"HTTP"}}` |
+| backstage.replicas | Number of deployment replicas | int | `1` |
+| backstage.resources | Resource requests/limits <br /> Ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-requests-and-limits-of-pod-and-container <!-- E.g. resources:   limits:     memory: 1Gi     cpu: 1000m   requests:     memory: 250Mi     cpu: 100m --> | object | `{}` |
+| backstage.revisionHistoryLimit | Define the [count of deployment revisions](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#clean-up-policy) to be kept. May be set to 0 in case of GitOps deployment approach. | int | `10` |
+| backstage.startupProbe | Startup Probe Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes <!-- E.g. startupProbe:   failureThreshold: 3   httpGet:     path: /.backstage/health/v1/liveness     port: 7007     scheme: HTTP   initialDelaySeconds: 60   periodSeconds: 10   successThreshold: 1   timeoutSeconds: 2 | object | `{"httpGet":{"path":"/.backstage/health/v1/liveness","port":7007,"scheme":"HTTP"}}` |
+| backstage.tolerations | Node tolerations for server scheduling to nodes with taints <br /> Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ | list | `[]` |
+| backstage.topologySpreadConstraints | Topology Spread Constraints for pod assignment <br /> Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#pod-topology-spread-constraints | list | `[]` |
 | clusterDomain | Default Kubernetes cluster domain | string | `"cluster.local"` |
 | commonAnnotations | Annotations to add to all deployed objects | object | `{}` |
 | commonLabels | Labels to add to all deployed objects | object | `{}` |
@@ -121,27 +163,33 @@ The command removes all the Kubernetes components associated with the chart and
 | global | Global parameters Global Docker image parameters Please, note that this will override the image parameters, including dependencies, configured to use the global value Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass | object | See below |
 | global.imagePullSecrets | Global Docker registry secret names as an array </br> E.g. `imagePullSecrets: [myRegistryKeySecretName]` | list | `[]` |
 | global.imageRegistry | Global Docker image registry | string | `""` |
-| ingress | Ingress parameters | object | `{"annotations":{},"className":"","enabled":false,"host":"","tls":{"enabled":false,"secretName":""}}` |
+| ingress | Ingress parameters | object | `{"annotations":{},"className":"","enabled":false,"extraHosts":[],"extraTls":[],"host":"","path":"/","tls":{"enabled":false,"secretName":""}}` |
 | ingress.annotations | Additional annotations for the Ingress resource | object | `{}` |
 | ingress.className | Name of the IngressClass cluster resource which defines which controller will implement the resource (e.g nginx) | string | `""` |
 | ingress.enabled | Enable the creation of the ingress resource | bool | `false` |
+| ingress.extraHosts | List of additional hostnames to be covered with this ingress record (e.g. a CNAME) <!-- E.g. extraHosts:   - name: backstage.env.example.com     path: / (Optional)     pathType: Prefix (Optional)     port: 7007 (Optional) --> | list | `[]` |
+| ingress.extraTls | The TLS configuration for additional hostnames to be covered with this ingress record. <br /> Ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls <!-- E.g. extraTls:   - hosts:     - backstage.env.example.com     secretName: backstage-env --> | list | `[]` |
 | ingress.host | Hostname to be used to expose the route to access the backstage application (e.g: backstage.IP.nip.io) | string | `""` |
+| ingress.path | Path to be used to expose the full route to access the backstage application (e.g: IP.nip.io/backstage) | string | `"/"` |
 | ingress.tls | Ingress TLS parameters | object | `{"enabled":false,"secretName":""}` |
 | ingress.tls.enabled | Enable TLS configuration for the host defined at `ingress.host` parameter | bool | `false` |
 | ingress.tls.secretName | The name to which the TLS Secret will be called | string | `""` |
 | kubeVersion | Override Kubernetes version | string | `""` |
-| metrics | Metrics configuration | object | `{"serviceMonitor":{"annotations":{},"enabled":false,"interval":null,"labels":{},"path":"/metrics"}}` |
-| metrics.serviceMonitor | ServiceMonitor configuration <br /> Allows configuring your backstage instance as a scrape target for [Prometheus](https://github.com/prometheus/prometheus) using a ServiceMonitor custom resource that [Prometheus Operator](https://github.com/prometheus-operator/prometheus-operator) can understand. | object | `{"annotations":{},"enabled":false,"interval":null,"labels":{},"path":"/metrics"}` |
+| metrics | Metrics configuration | object | `{"serviceMonitor":{"annotations":{},"enabled":false,"interval":null,"labels":{},"path":"/metrics","port":"http-backend"}}` |
+| metrics.serviceMonitor | ServiceMonitor configuration <br /> Allows configuring your backstage instance as a scrape target for [Prometheus](https://github.com/prometheus/prometheus) using a ServiceMonitor custom resource that [Prometheus Operator](https://github.com/prometheus-operator/prometheus-operator) can understand. | object | `{"annotations":{},"enabled":false,"interval":null,"labels":{},"path":"/metrics","port":"http-backend"}` |
 | metrics.serviceMonitor.annotations | ServiceMonitor annotations | object | `{}` |
 | metrics.serviceMonitor.enabled | If enabled, a ServiceMonitor resource for Prometheus Operator is created <br /> Prometheus Operator must be installed in your cluster prior to enabling. | bool | `false` |
 | metrics.serviceMonitor.interval | ServiceMonitor scrape interval | string | `nil` |
 | metrics.serviceMonitor.labels | Additional ServiceMonitor labels | object | `{}` |
 | metrics.serviceMonitor.path | ServiceMonitor endpoint path <br /> Note that the /metrics endpoint is NOT present in a freshly scaffolded Backstage app. To setup, follow the [Prometheus metrics tutorial](https://github.com/backstage/backstage/blob/master/contrib/docs/tutorials/prometheus-metrics.md). | string | `"/metrics"` |
+| metrics.serviceMonitor.port | ServiceMonitor endpoint port <br /> The port where the metrics are exposed. If using OpenTelemetry as [documented here](https://backstage.io/docs/tutorials/setup-opentelemetry/), then the port needs to be explicitly specified. OpenTelemetry's default port is 9464. | string | `"http-backend"` |
 | nameOverride | String to partially override common.names.fullname | string | `""` |
-| networkPolicy | Network policies <br /> Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/ | object | `{"egressRules":{"customRules":[]},"enabled":false,"externalAccess":{"from":[]}}` |
-| networkPolicy.egressRules | Custom network policy rule | object | `{"customRules":[]}` |
-| networkPolicy.egressRules.customRules | Additional custom egress rules e.g: customRules:   - to:       - namespaceSelector:           matchLabels:             label: example | list | `[]` |
-| networkPolicy.enabled | networkPolicy.enabled Specifies whether a NetworkPolicy should be created | bool | `false` |
+| networkPolicy.egressRules.customRules | Additional custom egress rules | list | `[]` |
+| networkPolicy.egressRules.denyConnectionsToExternal | Deny external connections. Should not be enabled when working with an external database. | bool | `false` |
+| networkPolicy.enabled | Specifies whether a NetworkPolicy should be created | bool | `false` |
+| networkPolicy.ingressRules.customRules | Additional custom ingress rules | list | `[]` |
+| networkPolicy.ingressRules.namespaceSelector | Namespace selector label allowed to access the Backstage instance | object | `{}` |
+| networkPolicy.ingressRules.podSelector | Pod selector label allowed to access the Backstage instance | object | `{}` |
 | postgresql | PostgreSQL [chart configuration](https://github.com/bitnami/charts/blob/master/bitnami/postgresql/values.yaml) | object | See below |
 | postgresql.architecture | PostgreSQL architecture (`standalone` or `replication`) | string | `"standalone"` |
 | postgresql.auth | The authentication details of the Postgres database | object | `{"existingSecret":"","password":"","secretKeys":{"adminPasswordKey":"admin-password","replicationPasswordKey":"replication-password","userPasswordKey":"user-password"},"username":"bn_backstage"}` |
@@ -158,12 +206,15 @@ The command removes all the Kubernetes components associated with the chart and
 | service.clusterIP | Backstage service Cluster IP  <br /> E.g `clusterIP: None` | string | `""` |
 | service.externalTrafficPolicy | Backstage service external traffic policy  Ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip | string | `"Cluster"` |
 | service.extraPorts | Extra ports to expose in the Backstage service (normally used with the `sidecar` value) | list | `[]` |
-| service.loadBalancerIP | Backstage service Load Balancer IP  <br /> Ref: https://kubernetes.io/docs/user-guide/services/#type-loadbalancer | string | `""` |
-| service.loadBalancerSourceRanges | Load Balancer sources  <br /> Ref: https://kubernetes.io/docs/tasks/access-application-cluster/cnfigure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service <br /> E.g `loadBalancerSourceRanges: [10.10.10.0/24]` | list | `[]` |
+| service.ipFamilies | IP Families  <br /> Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack | list | `[]` |
+| service.ipFamilyPolicy | IP Family Policy  <br /> Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack | string | `""` |
+| service.loadBalancerIP | Backstage service Load Balancer IP  <br /> Ref: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer | string | `""` |
+| service.loadBalancerSourceRanges | Load Balancer sources  <br /> Ref: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer <br /> E.g `loadBalancerSourceRanges: [10.10.10.0/24]` | list | `[]` |
 | service.nodePorts | Node port for the Backstage client connections Choose port between `30000-32767` | object | `{"backend":""}` |
-| service.ports | Backstage svc port for client connections | object | `{"backend":7007,"targetPort":"backend"}` |
+| service.ports | Backstage svc port for client connections | object | `{"backend":7007,"name":"http-backend","targetPort":"backend"}` |
+| service.ports.name | Backstage svc port name | string | `"http-backend"` |
 | service.ports.targetPort | Backstage svc target port referencing receiving pod container port | string | `"backend"` |
-| service.sessionAffinity | Control where client requests go, to the same pod or round-robin (values: `ClientIP` or `None`) <br /> Ref: https://kubernetes.io/docs/user-guide/services/ | string | `"None"` |
+| service.sessionAffinity | Control where client requests go, to the same pod or round-robin (values: `ClientIP` or `None`) <br /> Ref: https://kubernetes.io/docs/concepts/services-networking/service/#session-stickiness | string | `"None"` |
 | service.type | Kubernetes Service type | string | `"ClusterIP"` |
 | serviceAccount | Service Account Configuration | object | See below |
 | serviceAccount.annotations | Additional custom annotations for the ServiceAccount. | object | `{}` |

charts/backstage/README.md.gotmpl

@@ -2,7 +2,9 @@
 
 {{ template "chart.deprecationWarning" . }}
 
-{{ template "chart.badgesSection" . }}
+[![Artifact Hub](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/backstage)](https://artifacthub.io/packages/search?repo=backstage)
+{{ template "chart.versionBadge" . }}
+{{ template "chart.typeBadge" . }}
 
 {{ template "chart.description" . }}
 
@@ -18,10 +20,11 @@
 
 Backstage unifies all your infrastructure tooling, services, and documentation to create a streamlined development environment from end to end.
 
+> Disclaimer: This Helm chart deploys a pre-packaged container image which contains a vanilla Backstage instance for demo purposes. This image is probably not suitable for use in production. For further customization of the Backstage instance (plugin installation, UI changes, etc.) please create your own custom instance and container image. For details please consult the [Backstage documentation](https://backstage.io/docs)
+
 ## TL;DR
 
 ```console
-helm repo add bitnami https://charts.bitnami.com/bitnami
 helm repo add backstage https://backstage.github.io/charts
 
 helm install my-release backstage/backstage
@@ -33,11 +36,20 @@ This chart bootstraps a [Backstage](https://backstage.io/docs/deployment/docker)
 
 ## Prerequisites
 
-- Kubernetes 1.19+
-- Helm 3.2.0+
+- Kubernetes 1.25+
+- Helm 3.10+ minimum, 3.14+ recommended
 - PV provisioner support in the underlying infrastructure
 - [Backstage container image](https://backstage.io/docs/deployment/docker)
 
+## Scope
+
+This chart focuses on providing users the same experience and functionality no matter what flavor of Kubernetes they use. This chart will support only patterns that are either customary for all Kubernetes flavors, are commonly used in the Bitnami charts ecosystem, and recognized as Backstage official patterns.
+
+We welcome other, more specialized, charts to use this canonical chart as a direct dependency, expanding the feature set further, beyond this scope.
+
+A list of derived charts:
+- OpenShift specialized chart: [Janus Backstage Helm chart](https://github.com/janus-idp/helm-backstage/tree/main/charts/backstage)
+
 ## Usage
 
 Chart is available in the following formats:

charts/backstage/artifacthub-repo.yml

@@ -0,0 +1,12 @@
+# Artifact Hub repository metadata file
+#
+# Some settings like the verified publisher flag or the ignored packages won't
+# be applied until the next time the repository is processed. Please keep in
+# mind that the repository won't be processed if it has not changed since the
+# last time it was processed. Depending on the repository kind, this is checked
+# in a different way. For Helm http based repositories, we consider it has
+# changed if the `index.yaml` file changes. For git based repositories, it does
+# when the hash of the last commit in the branch you set up changes. This does
+# NOT apply to ownership claim operations, which are processed immediately.
+#
+repositoryID: b17b52d1-dd33-4328-84bf-259d5ee7546b

charts/backstage/ci/appConfig-values.yaml

@@ -1,5 +1,7 @@
 backstage:
   appConfig:
+    techdocs:
+      builder: "local"
     app:
       # Let's test that everything is fine with comments
       title: The very best Backstage Helm Chart! :D
@@ -8,3 +10,7 @@ backstage:
       baseUrl: https://somedomain.tl
       listen:
         port: 12345
+      auth:
+        keys:
+          # Is just a random b64 string for test purposes
+          - secret: N4+P+zJrErWRUGm0ZbVVhX1ZC81aSP81

charts/backstage/ci/autoscaling-values.yaml

@@ -0,0 +1,7 @@
+backstage:
+  autoscaling:
+    enabled: true
+    minReplicas: 1
+    maxReplicas: 3
+    targetCPUUtilizationPercentage: 75
+    targetMemoryUtilizationPercentage: 90

charts/backstage/ci/extraDeploy-values.yaml

@@ -0,0 +1,7 @@
+extraDeploy:
+- apiVersion: v1
+  kind: ConfigMap
+  metadata:
+    name: foo
+  data:
+    bar: baz

charts/backstage/ci/image-digest-values.yaml

@@ -0,0 +1,5 @@
+backstage:
+  image:
+    registry: ghcr.io
+    repository: backstage/backstage
+    digest: "sha256:f9ffa809e2c3f351699129d57edd6e64ca9ea5a4d4dd6339fed1ec80a30bc042"

charts/backstage/ci/ingress-extraHosts-values.yaml

@@ -0,0 +1,12 @@
+ingress:
+  enabled: true
+  host: backstage.example.com
+  tls:
+    enabled: true
+    secretName: "backstage-tls"
+  extraHosts:
+    - name: backstage.dev.example.com
+  extraTls:
+    - hosts:
+      - backstage.dev.example.com
+      secretName: "backstage-dev-tls"

charts/backstage/ci/ingress-values.yaml

@@ -0,0 +1,6 @@
+ingress:
+  enabled: true
+  host: backstage.example.com
+  tls:
+    enabled: true
+    secretName: "backstage-tls"

charts/backstage/ci/postgres-generated-creds-values.yaml

@@ -0,0 +1,8 @@
+postgresql:
+  enabled: true
+
+  # we enable postgres and allow the subchart to automatically generate the credentials
+  # that backstage will use
+  auth:
+    existingSecret: ""
+    password: ""

charts/backstage/ci/postgres-provided-creds-values.yaml

@@ -0,0 +1,8 @@
+postgresql:
+  enabled: true
+
+  auth:
+    existingSecret: ""
+    # we provide a password for the subchart to use.
+    # this is just a password for purposes of CI tests
+    password: "mytestpassword"

charts/backstage/ci/probes-values.yaml

@@ -0,0 +1,44 @@
+backstage:
+  appConfig:
+    techdocs:
+      builder: "local"
+    app:
+      # Let's test that everything is fine with comments
+      title: The very best Backstage Helm Chart! :D
+      baseUrl: https://somedomain.tl
+    backend:
+      baseUrl: https://somedomain.tl
+      auth:
+        keys:
+          # Is just a random b64 string for test purposes
+          - secret: N4+P+zJrErWRUGm0ZbVVhX1ZC81aSP81
+  readinessProbe:
+    failureThreshold: 3
+    httpGet:
+      path: /.backstage/health/v1/readiness
+      port: 7007
+      scheme: HTTP
+    initialDelaySeconds: 30
+    periodSeconds: 10
+    successThreshold: 2
+    timeoutSeconds: 2
+  livenessProbe:
+    failureThreshold: 3
+    httpGet:
+      path: /.backstage/health/v1/liveness
+      port: 7007
+      scheme: HTTP
+    initialDelaySeconds: 60
+    periodSeconds: 10
+    successThreshold: 1
+    timeoutSeconds: 2
+  startupProbe:
+    failureThreshold: 3
+    httpGet:
+      path: /.backstage/health/v1/liveness
+      port: 7007
+      scheme: HTTP
+    initialDelaySeconds: 60
+    periodSeconds: 10
+    successThreshold: 1
+    timeoutSeconds: 2

charts/backstage/ci/service-dualstack-ip-family-values.yaml

@@ -0,0 +1,4 @@
+service:
+  ipFamilyPolicy: PreferDualStack
+  ipFamilies:
+    - IPv4

charts/backstage/ci/service-monitor.yaml

@@ -0,0 +1,9 @@
+metrics:
+  serviceMonitor:
+    enabled: true
+    annotations:
+      test: test
+    labels:
+      test: test
+    path: /metrics
+    port: http-backend

charts/backstage/ci/topologySpreadConstraints-values.yaml

@@ -0,0 +1,10 @@
+backstage:
+  topologySpreadConstraints:
+  - maxSkew: 1
+    topologyKey: kubernetes.io/hostname
+    whenUnsatisfiable: DoNotSchedule
+    labelSelector:
+      matchLabels:
+        app.kubernetes.io/component: backstage
+    matchLabelKeys:
+      - pod-template-hash

charts/backstage/templates/_helpers.tpl

@@ -46,7 +46,9 @@ Return the Postgres Database hostname
 Return the Postgres Database Secret Name
 */}}
 {{- define "backstage.postgresql.databaseSecretName" -}}
-{{- if .Values.postgresql.auth.existingSecret }}
+{{- if ((((.Values).global).postgresql).auth).existingSecret }}
+    {{- tpl .Values.global.postgresql.auth.existingSecret $ -}}
+{{- else if .Values.postgresql.auth.existingSecret }}
     {{- tpl .Values.postgresql.auth.existingSecret $ -}}
 {{- else -}}
     {{- default (include "backstage.postgresql.fullname" .) (tpl .Values.postgresql.auth.existingSecret $) -}}
@@ -57,9 +59,16 @@ Return the Postgres Database Secret Name
 Return the Postgres databaseSecret key to retrieve credentials for database
 */}}
 {{- define "backstage.postgresql.databaseSecretKey" -}}
-{{- if .Values.postgresql.auth.existingSecret -}}
-    {{- .Values.postgresql.auth.secretKeys.userPasswordKey  -}}
+{{- $defaultDatabaseSecretKey := "password" -}}
+{{- if (or ((((.Values).global).postgresql).auth).existingSecret .Values.postgresql.auth.existingSecret) }}
+    {{- if (((((.Values).global).postgresql).auth).secretKeys).userPasswordKey -}}
+        {{- .Values.global.postgresql.auth.secretKeys.userPasswordKey  -}}
+    {{- else if ((((.Values).postgresql).auth).secretKeys).userPasswordKey -}}
+        {{- .Values.postgresql.auth.secretKeys.userPasswordKey  -}}
+    {{- else -}}
+        {{- print $defaultDatabaseSecretKey -}}
+    {{- end -}}
 {{- else -}}
-    {{- print "password" -}}
+    {{- print $defaultDatabaseSecretKey -}}
 {{- end -}}
 {{- end -}}

charts/backstage/templates/app-config-configmap.yaml

@@ -2,7 +2,8 @@
 apiVersion: v1
 kind: ConfigMap
 metadata:
-  name: backstage-app-config
+  name: {{ include "common.names.fullname" . }}-app-config
+  namespace: {{ .Release.Namespace | quote }}
 data:
   app-config.yaml: |
     {{- include "common.tplvalues.render" ( dict "value" .Values.backstage.appConfig "context" $) | nindent 4 }}

charts/backstage/templates/backstage-deployment.yaml

@@ -16,8 +16,14 @@ metadata:
     {{- if .Values.commonAnnotations }}
     {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
     {{- end }}
+    {{- if .Values.backstage.annotations }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.backstage.annotations "context" $) | nindent 4 }}
+    {{- end }}
 spec:
-  replicas: 1
+  {{- if not .Values.backstage.autoscaling.enabled }}
+  replicas: {{ .Values.backstage.replicas }}
+  {{- end }}
+  revisionHistoryLimit: {{ .Values.backstage.revisionHistoryLimit }}
   selector:
     matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }}
       app.kubernetes.io/component: backstage
@@ -25,6 +31,9 @@ spec:
     metadata:
       labels: {{- include "common.labels.standard" . | nindent 8 }}
         app.kubernetes.io/component: backstage
+        {{- if .Values.backstage.podLabels }}
+        {{- include "common.tplvalues.render" ( dict "value" .Values.backstage.podLabels "context" $ ) | nindent 8 }}
+        {{- end }}
       annotations:
         checksum/app-config: {{ include "common.tplvalues.render" ( dict "value" .Values.backstage.appConfig "context" $) | sha256sum }}
         {{- if .Values.backstage.podAnnotations }}
@@ -36,10 +45,26 @@ spec:
       securityContext:
         {{- include "common.tplvalues.render" ( dict "value" .Values.backstage.podSecurityContext "context" $) | nindent 8 }}
       {{- end }}
+      {{- if .Values.backstage.affinity }}
+      affinity:
+        {{- include "common.tplvalues.render" ( dict "value" .Values.backstage.affinity "context" $) | nindent 8 }}
+      {{- end }}
+      {{- if .Values.backstage.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{- include "common.tplvalues.render" ( dict "value" .Values.backstage.topologySpreadConstraints "context" $) | nindent 8 }}
+      {{- end }}
+      {{- if .Values.backstage.nodeSelector }}
+      nodeSelector:
+        {{- include "common.tplvalues.render" ( dict "value" .Values.backstage.nodeSelector "context" $) | nindent 8 }}
+      {{- end }}
       {{- if .Values.backstage.tolerations }}
       tolerations:
         {{- include "common.tplvalues.render" ( dict "value" .Values.backstage.tolerations "context" $) | nindent 8 }}
       {{- end }}
+      {{- if .Values.backstage.hostAliases }}
+      hostAliases:
+        {{- include "common.tplvalues.render" ( dict "value" .Values.backstage.hostAliases "context" $) | nindent 8 }}
+      {{- end }}
       volumes:
         {{- if (or .Values.backstage.extraAppConfig (and .Values.backstage.extraVolumeMounts .Values.backstage.extraVolumes)) }}
         {{- range .Values.backstage.extraAppConfig }}
@@ -54,7 +79,7 @@ spec:
         {{- if .Values.backstage.appConfig }}
         - name: backstage-app-config
           configMap:
-            name: backstage-app-config
+            name: {{ include "common.names.fullname" . }}-app-config
         {{- end }}
       {{- include "backstage.renderImagePullSecrets" . | nindent 6 }}
       {{- if .Values.backstage.initContainers }}
@@ -96,8 +121,21 @@ spec:
           {{- if .Values.backstage.resources }}
           resources: {{- include "common.tplvalues.render" (dict "value" .Values.backstage.resources "context" $) | nindent 12 }}
           {{- end }}
-          {{- if .Values.backstage.extraEnvVarsSecrets }}
+          {{- if .Values.backstage.readinessProbe }}
+          readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.backstage.readinessProbe "context" $) | nindent 12 }}
+          {{- end }}
+          {{- if .Values.backstage.livenessProbe }}
+          livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.backstage.livenessProbe "context" $) | nindent 12 }}
+          {{- end }}
+          {{- if .Values.backstage.startupProbe }}
+          startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.backstage.startupProbe "context" $) | nindent 12 }}
+          {{- end }}
+          {{- if (or .Values.backstage.extraEnvVarsCM .Values.backstage.extraEnvVarsSecrets) }}
           envFrom:
+            {{- range .Values.backstage.extraEnvVarsCM }}
+            - configMapRef:
+                name: {{ . }}
+            {{- end }}
             {{- range .Values.backstage.extraEnvVarsSecrets }}
             - secretRef:
                 name: {{ . }}
@@ -126,6 +164,9 @@ spec:
             - name: backend
               containerPort: {{ .Values.backstage.containerPorts.backend }}
               protocol: TCP
+            {{- if .Values.backstage.extraPorts }}
+            {{- include "common.tplvalues.render" ( dict "value" .Values.backstage.extraPorts "context" $) | nindent 12 }}
+            {{- end }}
           {{- if (or .Values.backstage.extraAppConfig .Values.backstage.appConfig (and .Values.backstage.extraVolumeMounts .Values.backstage.extraVolumes)) }}
           volumeMounts:
             {{- range .Values.backstage.extraAppConfig }}

charts/backstage/templates/extra-list.yaml

@@ -0,0 +1,4 @@
+{{- range .Values.extraDeploy }}
+---
+{{ include "common.tplvalues.render" (dict "value" . "context" $) }}
+{{- end }}

charts/backstage/templates/hpa.yaml

@@ -0,0 +1,43 @@
+{{- if .Values.backstage.autoscaling.enabled }}
+apiVersion: autoscaling/v2
+kind: HorizontalPodAutoscaler
+metadata:
+  name: {{ include "common.names.fullname" . }}
+  namespace: {{ .Release.Namespace | quote }}
+  labels: {{ include "common.labels.standard" . | nindent 4 }}
+    app.kubernetes.io/component: backstage
+    {{- if .Values.commonLabels }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
+    {{- end }}
+  annotations:
+    {{- if .Values.commonAnnotations }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+    {{- end }}
+    {{- if .Values.backstage.annotations }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.backstage.annotations "context" $) | nindent 4 }}
+    {{- end }}
+spec:
+  scaleTargetRef:
+    apiVersion: apps/v1
+    kind: Deployment
+    name: {{ include "common.names.fullname" . }}
+  minReplicas: {{ .Values.backstage.autoscaling.minReplicas }}
+  maxReplicas: {{ .Values.backstage.autoscaling.maxReplicas }}
+  metrics:
+    {{- if .Values.backstage.autoscaling.targetCPUUtilizationPercentage }}
+    - type: Resource
+      resource:
+        name: cpu
+        target:
+          type: Utilization
+          averageUtilization: {{ .Values.backstage.autoscaling.targetCPUUtilizationPercentage }}
+    {{- end }}
+    {{- if .Values.backstage.autoscaling.targetMemoryUtilizationPercentage }}
+    - type: Resource
+      resource:
+        name: memory
+        target:
+          type: Utilization
+          averageUtilization: {{ .Values.backstage.autoscaling.targetMemoryUtilizationPercentage }}
+    {{- end }}
+{{- end }}

charts/backstage/templates/ingress.yaml

@@ -20,21 +20,38 @@ spec:
   {{- if .Values.ingress.className }}
   ingressClassName: {{ .Values.ingress.className | quote }}
   {{- end }}
-  {{- if .Values.ingress.tls.enabled }}
+  {{- if or .Values.ingress.tls.enabled .Values.ingress.extraTls }}
   tls:
+    {{- if .Values.ingress.tls.enabled }}
     - hosts:
-      - {{ .Values.ingress.host }}
-      secretName: {{ .Values.ingress.tls.secretName }}
+      - {{ include "common.tplvalues.render" ( dict "value" .Values.ingress.host "context" $ ) }}
+      secretName: {{ include "common.tplvalues.render" ( dict "value" .Values.ingress.tls.secretName "context" $ ) }}
+    {{- end }}
+    {{- if .Values.ingress.extraTls }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.ingress.extraTls "context" $ ) | nindent 4 }}
+    {{- end }}
   {{- end }}
   rules:
-    - host: {{ .Values.ingress.host }}
+    - host: {{ include "common.tplvalues.render" ( dict "value" .Values.ingress.host "context" $ ) }}
       http:
         paths:
-          - path: /
+          - path: {{ .Values.ingress.path }}
             pathType: Prefix
             backend:
               service:
                 name: {{ include "common.names.fullname" . }}
                 port:
                   number: {{ .Values.service.ports.backend }}
+    {{- range .Values.ingress.extraHosts }}
+    - host: {{ .name | quote }}
+      http:
+        paths:
+          - path: {{ default $.Values.ingress.path .path }}
+            pathType: {{ default "Prefix" .pathType }}
+            backend:
+              service:
+                name: {{ include "common.names.fullname" $ }}
+                port:
+                  number: {{ default $.Values.service.ports.backend .port }}
+    {{- end }}
 {{- end }}

charts/backstage/templates/networkpolicy-egress.yaml

@@ -0,0 +1,38 @@
+{{- if and .Values.networkPolicy.enabled (or .Values.networkPolicy.egressRules.denyConnectionsToExternal .Values.networkPolicy.egressRules.customRules) }}
+apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }}
+kind: NetworkPolicy
+metadata:
+  name: {{ printf "%s-egress" (include "common.names.fullname" .) }}
+  namespace: {{ .Release.Namespace | quote }}
+  labels: {{ include "common.labels.standard" . | nindent 4 }}
+    app.kubernetes.io/component: backstage
+    {{- if .Values.commonLabels }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
+    {{- end }}
+  annotations:
+    {{- if .Values.commonAnnotations }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+    {{- end }}
+    {{- if .Values.backstage.annotations }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.backstage.annotations "context" $) | nindent 4 }}
+    {{- end }}
+spec:
+  podSelector:
+    matchLabels:  {{- include "common.labels.matchLabels" . | nindent 6 }}
+      app.kubernetes.io/component: backstage
+  policyTypes:
+    - Egress
+  egress:
+    {{- if .Values.networkPolicy.egressRules.denyConnectionsToExternal }}
+    - ports:
+        - port: 53
+          protocol: UDP
+        - port: 53
+          protocol: TCP
+    - to:
+        - namespaceSelector: {}
+    {{- end }}
+    {{- if .Values.networkPolicy.egressRules.customRules }}
+    {{- include "common.tplvalues.render" (dict "value" .Values.networkPolicy.egressRules.customRules "context" $) | nindent 4 }}
+    {{- end }}
+{{- end }}

charts/backstage/templates/networkpolicy.yaml

@@ -0,0 +1,40 @@
+{{- if and .Values.networkPolicy.enabled (or .Values.networkPolicy.ingressRules.namespaceSelector .Values.networkPolicy.ingressRules.podSelector .Values.networkPolicy.ingressRules.customRules) }}
+apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }}
+kind: NetworkPolicy
+metadata:
+  name: {{ include "common.names.fullname" . }}
+  namespace: {{ .Release.Namespace | quote }}
+  labels: {{ include "common.labels.standard" . | nindent 4 }}
+    app.kubernetes.io/component: backstage
+    {{- if .Values.commonLabels }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
+    {{- end }}
+  annotations:
+    {{- if .Values.commonAnnotations }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+    {{- end }}
+    {{- if .Values.backstage.annotations }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.backstage.annotations "context" $) | nindent 4 }}
+    {{- end }}
+spec:
+  podSelector:
+    matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }}
+      app.kubernetes.io/component: backstage
+  ingress:
+    {{- if or .Values.networkPolicy.ingressRules.namespaceSelector .Values.networkPolicy.ingressRules.podSelector }}
+    - from:
+        {{- if .Values.networkPolicy.ingressRules.namespaceSelector }}
+        - namespaceSelector:
+            matchLabels: {{- include "common.tplvalues.render" (dict "value" .Values.networkPolicy.ingressRules.namespaceSelector "context" $) | nindent 14 }}
+        {{- end }}
+        {{- if .Values.networkPolicy.ingressRules.podSelector }}
+        - podSelector:
+            matchLabels: {{- include "common.tplvalues.render" (dict "value" .Values.networkPolicy.ingressRules.podSelector "context" $) | nindent 14 }}
+        {{- end }}
+      ports:
+        - port: {{ .Values.backstage.containerPorts.backend }}
+    {{- end }}
+    {{- if .Values.networkPolicy.ingressRules.customRules }}
+    {{- include "common.tplvalues.render" (dict "value" .Values.networkPolicy.ingressRules.customRules "context" $) | nindent 4 }}
+    {{- end }}
+{{- end }}

charts/backstage/templates/pdb.yaml

@@ -0,0 +1,29 @@
+{{- if .Values.backstage.pdb.create }}
+apiVersion: policy/v1
+kind: PodDisruptionBudget
+metadata:
+  name: {{ include "common.names.fullname" . }}
+  namespace: {{ .Release.Namespace | quote }}
+  labels: {{ include "common.labels.standard" . | nindent 4 }}
+    app.kubernetes.io/component: backstage
+    {{- if .Values.commonLabels }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
+    {{- end }}
+  annotations:
+    {{- if .Values.commonAnnotations }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+    {{- end }}
+    {{- if .Values.backstage.annotations }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.backstage.annotations "context" $) | nindent 4 }}
+    {{- end }}
+spec:
+  {{- if .Values.backstage.pdb.minAvailable }}
+  minAvailable: {{ .Values.backstage.pdb.minAvailable }}
+  {{- end  }}
+  {{- if or .Values.backstage.pdb.maxUnavailable ( not .Values.backstage.pdb.minAvailable ) }}
+  maxUnavailable: {{ .Values.backstage.pdb.maxUnavailable | default 1 }}
+  {{- end  }}
+  selector:
+    matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }}
+      app.kubernetes.io/component: backstage
+{{- end }}

charts/backstage/templates/service.yaml

@@ -34,8 +34,15 @@ spec:
   {{- if .Values.service.sessionAffinity }}
   sessionAffinity: {{ .Values.service.sessionAffinity }}
   {{- end }}
+  {{- if .Values.service.ipFamilyPolicy }}
+  ipFamilyPolicy: {{ .Values.service.ipFamilyPolicy }}
+  {{- end }}
+  {{- with .Values.service.ipFamilies }}
+  ipFamilies:
+  {{- toYaml . | nindent 4 }}
+  {{- end }}
   ports:
-    - name: http-backend
+    - name: {{ .Values.service.ports.name }}
       port: {{ .Values.service.ports.backend }}
       targetPort: {{ .Values.service.ports.targetPort }}
       protocol: TCP

charts/backstage/templates/servicemonitor.yaml

@@ -29,7 +29,7 @@ spec:
     matchLabels: {{ include "common.labels.standard" . | nindent 6 }}
       app.kubernetes.io/component: backstage
   endpoints:
-  - port: http-backend
+  - port: {{ .Values.metrics.serviceMonitor.port | quote }}
     path: {{ .Values.metrics.serviceMonitor.path }}
     {{- with .Values.metrics.serviceMonitor.interval }}
     interval: {{ . }}

charts/backstage/values.schema.tmpl.json

@@ -0,0 +1,986 @@
+{
+    "$schema": "https://json-schema.org/draft/2020-12/schema",
+    "type": "object",
+    "title": "Backstage chart schema",
+    "properties": {
+        "global": {
+            "title": "Global parameters.",
+            "type": "object",
+            "properties": {
+                "imageRegistry": {
+                    "title": "Global Docker image registry",
+                    "type": "string",
+                    "default": ""
+                },
+                "imagePullSecrets": {
+                    "title": "Global Docker registry secret names as an array",
+                    "type": "array",
+                    "default": [],
+                    "items": {
+                        "type": "string"
+                    },
+                    "uniqueItems": true,
+                    "examples": [
+                        [
+                            "myRegistryKeySecretName"
+                        ]
+                    ]
+                }
+            }
+        },
+        "kubeVersion": {
+            "title": "Override Kubernetes version",
+            "type": "string",
+            "default": ""
+        },
+        "nameOverride": {
+            "title": "String to partially override common.names.fullname",
+            "type": "string",
+            "default": ""
+        },
+        "fullnameOverride": {
+            "title": "String to fully override common.names.fullname",
+            "type": "string",
+            "default": ""
+        },
+        "clusterDomain": {
+            "title": "Default Kubernetes cluster domain",
+            "type": "string",
+            "default": "cluster.local"
+        },
+        "commonLabels": {
+            "title": "Labels to add to all deployed objects",
+            "type": "object",
+            "additionalProperties": {
+                "type": "string"
+            },
+            "default": {}
+        },
+        "commonAnnotations": {
+            "title": "Annotations to add to all deployed objects",
+            "type": "object",
+            "additionalProperties": {
+                "type": "string"
+            },
+            "default": {}
+        },
+        "extraDeploy": {
+            "title": "Array of extra objects to deploy with the release",
+            "type": "array",
+            "default": [],
+            "items": {
+                "type": [
+                    "string",
+                    "object"
+                ]
+            },
+            "uniqueItems": true
+        },
+        "diagnosticMode": {
+            "title": "Enable diagnostic mode in the Deployment",
+            "type": "object",
+            "additionalProperties": false,
+            "properties": {
+                "enabled": {
+                    "title": "Enable diagnostic mode",
+                    "description": "All probes will be disabled and the command will be overridden",
+                    "type": "boolean",
+                    "default": false
+                },
+                "command": {
+                    "title": "Command to override all containers in the Deployment",
+                    "type": "array",
+                    "items": {
+                        "type": "string"
+                    },
+                    "default": [
+                        "sleep"
+                    ]
+                },
+                "args": {
+                    "title": "Args to override all containers in the Deployment",
+                    "type": "array",
+                    "items": {
+                        "type": "string"
+                    },
+                    "default": [
+                        "infinity"
+                    ]
+                }
+            }
+        },
+        "ingress": {
+            "title": "Ingress parameters",
+            "type": "object",
+            "additionalProperties": false,
+            "properties": {
+                "enabled": {
+                    "title": "Enable the creation of the ingress resource",
+                    "type": "boolean",
+                    "default": false
+                },
+                "className": {
+                    "title": "Name of the IngressClass cluster resource which defines which controller will implement the resource.",
+                    "type": "string",
+                    "default": "",
+                    "examples": [
+                        "nginx"
+                    ]
+                },
+                "annotations": {
+                    "title": "Additional annotations for the Ingress resource",
+                    "type": "object",
+                    "default": {},
+                    "additionalProperties": {
+                        "type": "string"
+                    }
+                },
+                "host": {
+                    "title": "Hostname to be used to expose the route to access the backstage application.",
+                    "type": "string",
+                    "default": "",
+                    "examples": [
+                        "backstage.10.0.0.1.nip.io"
+                    ]
+                },
+                "extraHosts": {
+                    "title": "List of additional hostnames to be covered with this ingress record",
+                    "type": "array",
+                    "default": [],
+                    "items": {
+                        "type": "object",
+                        "additionalProperties": false,
+                        "properties": {
+                            "name": {
+                                "type": "string"
+                            },
+                            "path": {
+                                "type": "string"
+                            },
+                            "pathType": {
+                                "type": "string"
+                            },
+                            "port": {
+                                "type": "integer"
+                            }
+                        }
+                    }
+                },
+                "path": {
+                    "title": "Path to be used to expose the full route to access the backstage application.",
+                    "type": "string",
+                    "default": "/",
+                    "examples": [
+                        "/backstage"
+                    ]
+                },
+                "tls": {
+                    "title": "Ingress TLS parameters",
+                    "type": "object",
+                    "additionalProperties": false,
+                    "properties": {
+                        "enabled": {
+                            "title": "Enable TLS configuration",
+                            "description": "TLS for the host defined at `ingress.host` parameter",
+                            "type": "boolean",
+                            "default": false
+                        },
+                        "secretName": {
+                            "title": "The name to which the TLS Secret will be called",
+                            "type": "string",
+                            "default": ""
+                        }
+                    }
+                },
+                "extraTls": {
+                    "title": "The TLS configuration for additional hostnames to be covered with this ingress record.",
+                    "type": "array",
+                    "items": {
+                        "$ref": "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/master/_definitions.json#/definitions/io.k8s.api.networking.v1.IngressTLS"
+                    },
+                    "default": []
+                }
+            }
+        },
+        "backstage": {
+            "title": "Backstage parameters",
+            "type": "object",
+            "additionalProperties": false,
+            "properties": {
+                "replicas": {
+                    "title": "Number of deployment replicas",
+                    "type": "integer",
+                    "minimum": 0,
+                    "default": 1
+                },
+                "revisionHistoryLimit": {
+                    "title": "The count of deployment revisions",
+                    "type": "integer",
+                    "minimum": 0,
+                    "default": 10
+                },
+                "image": {
+                    "title": "Image parameters",
+                    "type": "object",
+                    "additionalProperties": false,
+                    "properties": {
+                        "digest": {
+                            "default": "",
+                            "description": "digest takes precedence over image tag",
+                            "title": "Backstage image digest",
+                            "type": "string"
+                        },
+                        "registry": {
+                            "title": "Backstage image registry",
+                            "type": "string",
+                            "default": "ghcr.io",
+                            "examples": [
+                                "ghcr.io",
+                                "quay.io",
+                                "docker.io"
+                            ]
+                        },
+                        "repository": {
+                            "title": "Backstage image repository",
+                            "type": "string",
+                            "default": "backstage/backstage"
+                        },
+                        "tag": {
+                            "title": "Backstage image tag",
+                            "description": "Immutable tags are recommended.",
+                            "type": "string",
+                            "default": "latest"
+                        },
+                        "pullPolicy": {
+                            "title": "Specify a imagePullPolicy.",
+                            "description": "Ref: https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy",
+                            "type": "string",
+                            "default": "Always",
+                            "enum": [
+                                "Always",
+                                "IfNotPresent"
+                            ]
+                        },
+                        "pullSecrets": {
+                            "title": "Optionally specify an array of imagePullSecrets.",
+                            "description": "Ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/",
+                            "type": "array",
+                            "items": {
+                                "type": "string"
+                            },
+                            "default": [],
+                            "examples": [
+                                "myRegistryKeySecretName"
+                            ]
+                        }
+                    }
+                },
+                "autoscaling": {
+                    "title": "Autoscaling parameters",
+                    "type": "object",
+                    "additionalProperties": false,
+                    "properties": {
+                        "enabled": {
+                            "description": "Enable autoscaling",
+                            "title": "Backstage Autoscaling",
+                            "type": "boolean",
+                            "default": false
+                        },
+                        "minReplicas": {
+                            "title": "Minimum number of Backstage pod replicas that the autoscaler is allowed to scale down to",
+                            "type": "integer",
+                            "default": 1
+                        },
+                        "maxReplicas": {
+                            "title": "Maximum number of Backstage pod replicas that the autoscaler is allowed to scale up to",
+                            "type": "integer",
+                            "default": 100
+                        },
+                        "targetCPUUtilizationPercentage": {
+                            "title": "Percentage of CPU that each Backstage pod should be using on average before the autoscaler decides to scale",
+                            "type": "integer",
+                            "default": 80
+                        },
+                        "targetMemoryUtilizationPercentage": {
+                            "title": "Percentage of memory that each Backstage pod should be using on average before the autoscaler decides to scale",
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pdb": {
+                    "title": "PDB parameters",
+                    "type": "object",
+                    "additionalProperties": false,
+                    "properties": {
+                        "create": {
+                            "description": "Create a PDB",
+                            "title": "Backstage PDB",
+                            "type": "boolean",
+                            "default": false
+                        },
+                        "minAvailable": {
+                            "title": "Backstage PDB minAvailable",
+                            "type": [
+                                "string",
+                                "integer"
+                            ],
+                            "default": ""
+                        },
+                        "maxUnavailable": {
+                            "title": "Backstage PDB maxUnavailable",
+                            "type": [
+                                "string",
+                                "integer"
+                            ],
+                            "default": ""
+                        }
+                    }
+                },
+                "containerPorts": {
+                    "title": "Container ports on the Deployment",
+                    "type": "object",
+                    "additionalProperties": false,
+                    "properties": {
+                        "backend": {
+                            "title": "Backstage backend port.",
+                            "type": "integer",
+                            "default": 7007
+                        }
+                    }
+                },
+                "command": {
+                    "title": "Backstage container command",
+                    "type": "array",
+                    "items": {
+                        "type": "string"
+                    },
+                    "default": [
+                        "node",
+                        "packages/backend"
+                    ]
+                },
+                "affinity": {
+                    "default": {},
+                    "description": "Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity",
+                    "properties": {
+                        "nodeAffinity": {
+                            "$ref": "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/master/_definitions.json#/definitions/io.k8s.api.core.v1.NodeAffinity",
+                            "description": "Describes node affinity scheduling rules for the pod."
+                        },
+                        "podAffinity": {
+                            "$ref": "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/master/_definitions.json#/definitions/io.k8s.api.core.v1.PodAffinity",
+                            "description": "Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s))."
+                        },
+                        "podAntiAffinity": {
+                            "$ref": "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/master/_definitions.json#/definitions/io.k8s.api.core.v1.PodAntiAffinity",
+                            "description": "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s))."
+                        }
+                    },
+                    "title": "Affinity for pod assignment",
+                    "type": "object"
+                },
+                "topologySpreadConstraints": {
+                    "default": [],
+                    "description": "Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#pod-topology-spread-constraints",
+                    "items": {
+                        "$ref": "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/master/_definitions.json#/definitions/io.k8s.api.core.v1.TopologySpreadConstraint"
+                    },
+                    "title": "Topology Spread Constraint for pod assignment",
+                    "type": "array"
+                },
+                "args": {
+                    "title": "Backstage container command arguments",
+                    "type": "array",
+                    "items": {
+                        "type": "string"
+                    },
+                    "default": []
+                },
+                "extraAppConfig": {
+                    "title": "Extra app configuration files to inline into command arguments",
+                    "type": "array",
+                    "items": {
+                        "type": "object",
+                        "additionalProperties": false,
+                        "properties": {
+                            "filename": {
+                                "type": "string"
+                            },
+                            "configMapRef": {
+                                "type": "string"
+                            }
+                        }
+                    },
+                    "default": []
+                },
+                "extraContainers": {
+                    "title": "Deployment sidecars.",
+                    "type": "array",
+                    "items": {
+                        "$ref": "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/master/_definitions.json#/definitions/io.k8s.api.core.v1.Container"
+                    },
+                    "default": []
+                },
+                "extraEnvVars": {
+                    "title": "Backstage container environment variables",
+                    "type": "array",
+                    "items": {
+                        "$ref": "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/master/_definitions.json#/definitions/io.k8s.api.core.v1.EnvVar"
+                    },
+                    "default": [],
+                    "examples": [
+                        [
+                            {
+                                "name": "APP_CONFIG_backend_cache_store",
+                                "value": "memory"
+                            }
+                        ]
+                    ]
+                },
+                "extraEnvVarsCM": {
+                    "title": "Backstage container environment variables from existing ConfigMaps",
+                    "type": "array",
+                    "description": "Translates into array of `envFrom.[].configMapRef.name`",
+                    "items": {
+                        "type": "string"
+                    },
+                    "default": [],
+                    "examples": [
+                        [
+                            "my-backstage-configmap"
+                        ]
+                    ]
+                },
+                "extraEnvVarsSecrets": {
+                    "title": "Backstage container environment variables from existing Secrets",
+                    "type": "array",
+                    "description": "Translates into array of `envFrom.[].secretRef.name`",
+                    "items": {
+                        "type": "string"
+                    },
+                    "default": [],
+                    "examples": [
+                        [
+                            "my-backstage-secrets"
+                        ]
+                    ]
+                },
+                "extraPorts": {
+                    "title": "Extra ports to expose in the Backstage container",
+                    "type": "array",
+                    "items": {
+                        "$ref": "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/master/_definitions.json#/definitions/io.k8s.api.core.v1.ContainerPort"
+                    },
+                    "default": []
+                },
+                "extraVolumeMounts": {
+                    "title": "Backstage container additional volume mounts",
+                    "type": "array",
+                    "items": {
+                        "$ref": "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/master/_definitions.json#/definitions/io.k8s.api.core.v1.VolumeMount"
+                    },
+                    "default": []
+                },
+                "extraVolumes": {
+                    "title": "Backstage container additional volumes",
+                    "type": "array",
+                    "items": {
+                        "$ref": "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/master/_definitions.json#/definitions/io.k8s.api.core.v1.Volume"
+                    },
+                    "default": []
+                },
+                "initContainers": {
+                    "title": "Backstage container init containers",
+                    "type": "array",
+                    "items": {
+                        "$ref": "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/master/_definitions.json#/definitions/io.k8s.api.core.v1.Container"
+                    },
+                    "default": []
+                },
+                "installDir": {
+                    "title": "Directory containing the backstage installation",
+                    "type": "string",
+                    "default": "/app"
+                },
+                "resources": {
+                    "title": "Resource requests/limits",
+                    "description": "Ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-requests-and-limits-of-pod-and-container",
+                    "$ref": "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/master/_definitions.json#/definitions/io.k8s.api.core.v1.ResourceRequirements",
+                    "default": {},
+                    "examples": [
+                        {
+                            "limits": {
+                                "memory": "1Gi",
+                                "cpu": "1000m"
+                            },
+                            "requests": {
+                                "memory": "250Mi",
+                                "cpu": "100m"
+                            }
+                        }
+                    ]
+                },
+                "readinessProbe": {
+                    "title": "Readiness probe",
+                    "description": "Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/",
+                    "$ref": "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/master/_definitions.json#/definitions/io.k8s.api.core.v1.Probe",
+                    "default": {
+                        "httpGet": {
+                            "path": "/.backstage/health/v1/readiness",
+                            "port": 7007,
+                            "scheme": "HTTP"
+                        }
+                    },
+                    "examples": [
+                        {
+                            "failureThreshold": 3,
+                            "httpGet": {
+                                "path": "/.backstage/health/v1/readiness",
+                                "port": 7007,
+                                "scheme": "HTTP"
+                            },
+                            "initialDelaySeconds": 30,
+                            "periodSeconds": 10,
+                            "successThreshold": 2,
+                            "timeoutSeconds": 2
+                        }
+                    ]
+                },
+                "livenessProbe": {
+                    "title": "Liveness probe",
+                    "description": "Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/",
+                    "$ref": "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/master/_definitions.json#/definitions/io.k8s.api.core.v1.Probe",
+                    "default": {
+                        "httpGet": {
+                            "path": "/.backstage/health/v1/liveness",
+                            "port": 7007,
+                            "scheme": "HTTP"
+                        }
+                    },
+                    "examples": [
+                        {
+                            "failureThreshold": 3,
+                            "httpGet": {
+                                "path": "/.backstage/health/v1/liveness",
+                                "port": 7007,
+                                "scheme": "HTTP"
+                            },
+                            "initialDelaySeconds": 60,
+                            "periodSeconds": 10,
+                            "successThreshold": 1,
+                            "timeoutSeconds": 2
+                        }
+                    ]
+                },
+                "startupProbe": {
+                    "title": "Startup probe",
+                    "description": "Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/",
+                    "$ref": "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/master/_definitions.json#/definitions/io.k8s.api.core.v1.Probe",
+                    "default": {
+                        "httpGet": {
+                            "path": "/.backstage/health/v1/liveness",
+                            "port": 7007,
+                            "scheme": "HTTP"
+                        }
+                    },
+                    "examples": [
+                        {
+                            "failureThreshold": 3,
+                            "httpGet": {
+                                "path": "/.backstage/health/v1/liveness",
+                                "port": 7007,
+                                "scheme": "HTTP"
+                            },
+                            "initialDelaySeconds": 60,
+                            "periodSeconds": 10,
+                            "successThreshold": 1,
+                            "timeoutSeconds": 2
+                        }
+                    ]
+                },
+                "podSecurityContext": {
+                    "title": "Security settings for a Pod.",
+                    "description": "The security settings that you specify for a Pod apply to all Containers in the Pod. Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod",
+                    "$ref": "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/master/_definitions.json#/definitions/io.k8s.api.core.v1.SecurityContext",
+                    "default": {}
+                },
+                "containerSecurityContext": {
+                    "title": "Security settings for a Container.",
+                    "description": "Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container",
+                    "$ref": "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/master/_definitions.json#/definitions/io.k8s.api.core.v1.SecurityContext",
+                    "default": {}
+                },
+                "appConfig": {
+                    "title": "Generates ConfigMap and configures it in the Backstage pods",
+                    "type": [
+                        "object",
+                        "string"
+                    ],
+                    "default": {},
+                    "examples": [
+                        {
+                            "app": {
+                                "baseUrl": "https://somedomain.tld"
+                            }
+                        }
+                    ]
+                },
+                "nodeSelector": {
+                    "title": "Node labels for pod assignment",
+                    "description": "Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector",
+                    "type": "object",
+                    "additionalProperties": {
+                        "type": "string"
+                    },
+                    "default": {}
+                },
+                "tolerations": {
+                    "title": "Node tolerations for server scheduling to nodes with taints",
+                    "description": "Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/",
+                    "type": "array",
+                    "items": {
+                        "$ref": "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/master/_definitions.json#/definitions/io.k8s.api.core.v1.Toleration"
+                    },
+                    "default": []
+                },
+                "hostAliases": {
+                    "title": "Adding entries to a Pod's /etc/hosts file provides Pod-level override of hostname resolution when DNS and other options are not applicable",
+                    "description": "Ref: https://kubernetes.io/docs/tasks/network/customize-hosts-file-for-pods/#adding-additional-entries-with-hostaliases",
+                    "type": "array",
+                    "items": {
+                        "$ref": "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/master/_definitions.json#/definitions/io.k8s.api.core.v1.HostAlias"
+                    },
+                    "default": []
+                },
+                "podAnnotations": {
+                    "title": "Annotations to add to the backend deployment pods",
+                    "type": "object",
+                    "additionalProperties": {
+                        "type": "string"
+                    },
+                    "default": {}
+                },
+                "podLabels": {
+                    "title": "Labels to add to the backend deployment pods",
+                    "type": "object",
+                    "additionalProperties": {
+                        "type": "string"
+                    },
+                    "default": {}
+                },
+                "annotations": {
+                    "title": "Additional custom annotations for the `Deployment` resource",
+                    "type": "object",
+                    "additionalProperties": {
+                        "type": "string"
+                    },
+                    "default": {}
+                }
+            }
+        },
+        "service": {
+            "title": "Service parameters",
+            "type": "object",
+            "additionalProperties": false,
+            "properties": {
+                "type": {
+                    "title": "Kubernetes Service type",
+                    "type": "string",
+                    "default": "ClusterIP",
+                    "enum": [
+                        "ClusterIP",
+                        "NodePort",
+                        "LoadBalancer",
+                        "ExternalName"
+                    ]
+                },
+                "ports": {
+                    "title": "Backstage svc port for client connections",
+                    "type": "object",
+                    "additionalProperties": false,
+                    "properties": {
+                        "backend": {
+                            "title": "Backstage svc port number",
+                            "type": "integer",
+                            "default": 7007
+                        },
+                        "name": {
+                            "title": "Backstage svc port name",
+                            "type": "string",
+                            "default": "http-backend"
+                        },
+                        "targetPort": {
+                            "title": "Backstage svc target port referencing receiving pod container port",
+                            "type": "string",
+                            "default": "backend"
+                        }
+                    }
+                },
+                "nodePorts": {
+                    "title": "Node port for the Backstage client connections",
+                    "type": "object",
+                    "additionalProperties": false,
+                    "properties": {
+                        "backend": {
+                            "title": "Node port for backend",
+                            "type": [
+                                "string",
+                                "integer"
+                            ],
+                            "default": "",
+                            "minimum": 30000,
+                            "maximum": 32767
+                        }
+                    }
+                },
+                "sessionAffinity": {
+                    "title": "Control where client requests go, to the same pod or round-robin",
+                    "description": "Ref: https://kubernetes.io/docs/concepts/services-networking/service/#session-stickiness",
+                    "type": "string",
+                    "default": "None",
+                    "enum": [
+                        "None",
+                        "ClientIP"
+                    ]
+                },
+                "clusterIP": {
+                    "title": "Backstage service Cluster IP",
+                    "type": "string",
+                    "default": ""
+                },
+                "loadBalancerIP": {
+                    "title": "Backstage service Load Balancer IP",
+                    "description": "Ref: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer",
+                    "type": "string",
+                    "default": ""
+                },
+                "loadBalancerSourceRanges": {
+                    "title": "Load Balancer sources",
+                    "description": "Ref: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer",
+                    "type": "array",
+                    "items": {
+                        "type": "string"
+                    },
+                    "default": [],
+                    "examples": [
+                        "10.10.10.0/24"
+                    ]
+                },
+                "externalTrafficPolicy": {
+                    "title": "Backstage service external traffic policy",
+                    "description": "Ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip",
+                    "type": "string",
+                    "default": "Cluster",
+                    "enum": [
+                        "Cluster",
+                        "Local"
+                    ]
+                },
+                "annotations": {
+                    "title": "Additional custom annotations for Backstage service",
+                    "type": "object",
+                    "additionalProperties": {
+                        "type": "string"
+                    },
+                    "default": {}
+                },
+                "extraPorts": {
+                    "title": "Extra ports to expose in the Backstage service",
+                    "type": "array",
+                    "items": {
+                        "type": "object"
+                    },
+                    "default": []
+                },
+                "ipFamilyPolicy": {
+                    "title": "Backstage service IP family policy",
+                    "description": "Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services",
+                    "type": "string",
+                    "default": "",
+                    "enum": [
+                        "",
+                        "SingleStack",
+                        "PreferDualStack",
+                        "RequireDualStack"
+                    ]
+                },
+                "ipFamilies": {
+                    "title": "Backstage service IP families",
+                    "description": "Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services",
+                    "type": "array",
+                    "items": {
+                        "type": "string",
+                        "enum": ["IPv4", "IPv6"]
+                    },
+                    "default": []
+                }
+            }
+        },
+        "networkPolicy": {
+            "title": "Network policies",
+            "type": "object",
+            "additionalProperties": false,
+            "properties": {
+                "enabled": {
+                    "title": "Specifies whether a NetworkPolicy should be created",
+                    "type": "boolean",
+                    "default": false
+                },
+                "ingressRules": {
+                    "title": "Custom egress rules for the network policy",
+                    "type": "object",
+                    "additionalProperties": false,
+                    "properties": {
+                        "customRules": {
+                            "title": "",
+                            "type": "array",
+                            "items": {
+                                "$ref": "https://kubernetesjsonschema.dev/v1.8.7/_definitions.json#/definitions/io.k8s.api.networking.v1.NetworkPolicyIngressRule"
+                            }
+                        },
+                        "namespaceSelector": {
+                            "title": "Namespace Selector.",
+                            "description": "Selects Namespaces using cluster scoped-labels.",
+                            "$ref": "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/master/_definitions.json#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector",
+                            "default": {}
+                        },
+                        "podSelector": {
+                            "title": "Pod Selector.",
+                            "description": "Selects selects Pods in this namespace.",
+                            "$ref": "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/master/_definitions.json#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector",
+                            "default": {}
+                        }
+                    }
+                },
+                "egressRules": {
+                    "title": "Custom egress rules for the network policy",
+                    "type": "object",
+                    "additionalProperties": false,
+                    "properties": {
+                        "customRules": {
+                            "title": "",
+                            "type": "array",
+                            "items": {
+                                "$ref": "https://kubernetesjsonschema.dev/v1.8.7/_definitions.json#/definitions/io.k8s.api.networking.v1.NetworkPolicyEgressRule"
+                            }
+                        },
+                        "denyConnectionsToExternal": {
+                            "title": "Deny external connections. Should not be enabled when working with an external database.",
+                            "type": "boolean",
+                            "default": false
+                        }
+                    }
+                }
+            }
+        },
+        "postgresql": {
+            "title": "PostgreSQL chart configuration",
+            "description": "Ref. https://github.com/bitnami/charts/blob/master/bitnami/postgresql/values.yaml",
+            "$ref": "https://raw.githubusercontent.com/bitnami/charts/main/bitnami/postgresql/values.schema.json"
+        },
+        "serviceAccount": {
+            "title": "Service Account Configuration",
+            "type": "object",
+            "additionalProperties": false,
+            "properties": {
+                "create": {
+                    "title": "Enable the creation of a ServiceAccount for Backstage pods",
+                    "type": "boolean",
+                    "default": false
+                },
+                "name": {
+                    "title": "Name of the ServiceAccount to use",
+                    "description": "If not set and `serviceAccount.create` is true, a name is generated",
+                    "type": "string",
+                    "default": ""
+                },
+                "labels": {
+                    "title": "Additional custom labels to the service ServiceAccount.",
+                    "type": "object",
+                    "additionalProperties": {
+                        "type": "string"
+                    },
+                    "default": {}
+                },
+                "annotations": {
+                    "title": "Additional custom annotations for the ServiceAccount.",
+                    "type": "object",
+                    "additionalProperties": {
+                        "type": "string"
+                    },
+                    "default": {}
+                },
+                "automountServiceAccountToken": {
+                    "title": "Auto-mount the service account token in the pod",
+                    "type": "boolean",
+                    "default": true
+                }
+            }
+        },
+        "metrics": {
+            "title": "Metrics configuration",
+            "description": "Allows configuring your backstage instance as a scrape target for Prometheus. Ref: https://github.com/prometheus/prometheus",
+            "type": "object",
+            "additionalProperties": false,
+            "properties": {
+                "serviceMonitor": {
+                    "title": "ServiceMonitor configuration",
+                    "description": "A custom resource that is consumed by Prometheus Operator. Ref: https://github.com/prometheus-operator/prometheus-operator",
+                    "type": "object",
+                    "additionalProperties": false,
+                    "properties": {
+                        "enabled": {
+                            "title": "If enabled, a ServiceMonitor resource for Prometheus Operator is created",
+                            "description": "Prometheus Operator must be installed in your cluster prior to enabling.",
+                            "type": "boolean",
+                            "default": false
+                        },
+                        "annotations": {
+                            "title": "ServiceMonitor annotations",
+                            "type": "object",
+                            "additionalProperties": {
+                                "type": "string"
+                            },
+                            "default": {}
+                        },
+                        "labels": {
+                            "title": "Additional ServiceMonitor labels",
+                            "type": "object",
+                            "additionalProperties": {
+                                "type": "string"
+                            },
+                            "default": {}
+                        },
+                        "interval": {
+                            "title": "ServiceMonitor scrape interval",
+                            "type": [
+                                "string",
+                                "null"
+                            ],
+                            "default": null
+                        },
+                        "path": {
+                            "title": "ServiceMonitor endpoint path",
+                            "description": "ote that the /metrics endpoint is NOT present in a freshly scaffolded Backstage app. To setup, follow the Prometheus metrics tutorial. https://github.com/backstage/backstage/blob/master/contrib/docs/tutorials/prometheus-metrics.md",
+                            "type": "string",
+                            "default": "/metrics"
+                        },
+                        "port": {
+                            "default": "http-backend",
+                            "description": "The port where the metrics are exposed. If using OpenTelemetry as [documented here](https://backstage.io/docs/tutorials/setup-opentelemetry/), then the port needs to be explicitly specified. OpenTelemetry's default port is 9464.",
+                            "title": "ServiceMonitor endpoint port",
+                            "anyOf": [
+                                {
+                                    "type": "string"
+                                },
+                                {
+                                    "type": "integer"
+                                }
+                            ]
+                        }
+                    }
+                }
+            }
+        }
+    }
+}

charts/backstage/values.yaml

@@ -67,6 +67,18 @@ ingress:
   # -- Hostname to be used to expose the route to access the backstage application (e.g: backstage.IP.nip.io)
   host: ""
 
+  # -- List of additional hostnames to be covered with this ingress record (e.g. a CNAME)
+  # <!-- E.g.
+  # extraHosts:
+  #   - name: backstage.env.example.com
+  #     path: / (Optional)
+  #     pathType: Prefix (Optional)
+  #     port: 7007 (Optional) -->
+  extraHosts: []
+
+  # -- Path to be used to expose the full route to access the backstage application (e.g: IP.nip.io/backstage)
+  path: "/"
+
   # -- Ingress TLS parameters
   tls:
 
@@ -76,9 +88,26 @@ ingress:
     # -- The name to which the TLS Secret will be called
     secretName: ""
 
+  # -- The TLS configuration for additional hostnames to be covered with this ingress record.
+  # <br /> Ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls
+  # <!-- E.g.
+  # extraTls:
+  #   - hosts:
+  #     - backstage.env.example.com
+  #     secretName: backstage-env -->
+  extraTls: []
+
 # -- Backstage parameters
 # @default -- See below
 backstage:
+
+  # -- Number of deployment replicas
+  replicas: 1
+
+  # -- Define the [count of deployment revisions](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#clean-up-policy) to be kept.
+  # May be set to 0 in case of GitOps deployment approach.
+  revisionHistoryLimit: 10
+
   image:
 
     # -- Backstage image registry
@@ -90,9 +119,12 @@ backstage:
     # -- Backstage image tag (immutable tags are recommended)
     tag: latest
 
+    # -- Backstage image digest (digest takes precedence over image tag)
+    digest: ""
+
     # -- Specify a imagePullPolicy.
     # Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
-    # <br /> Ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images
+    # <br /> Ref: https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy
     pullPolicy: Always
 
     # -- Optionally specify an array of imagePullSecrets.
@@ -101,8 +133,21 @@ backstage:
     # <br /> E.g: `pullSecrets: [myRegistryKeySecretName]`
     pullSecrets: []
 
-    # -- Set to true if you would like to see extra information on logs
-    debug: false
+  # -- Pod Disruption Budget configuration
+  # ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
+  pdb:
+    create: false
+    minAvailable: ""
+    maxUnavailable: ""
+
+  # -- Autoscaling configuration.
+  # <br /> Ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/
+  autoscaling:
+    enabled: false
+    minReplicas: 1
+    maxReplicas: 100
+    targetCPUUtilizationPercentage: 80
+    # targetMemoryUtilizationPercentage: 80
 
   # -- Container ports on the Deployment
   containerPorts:
@@ -123,9 +168,15 @@ backstage:
   # -- Backstage container environment variables
   extraEnvVars: []
 
-  # -- Backstage container environment variables from Secrets
+  # -- Backstage container environment variables from existing ConfigMaps
+  extraEnvVarsCM: []
+
+  # -- Backstage container environment variables from existing Secrets
   extraEnvVarsSecrets: []
 
+  # -- Backstage container additional ports
+  extraPorts: []
+
   # -- Backstage container additional volume mounts
   extraVolumeMounts: []
 
@@ -139,7 +190,7 @@ backstage:
   installDir: /app
 
   # -- Resource requests/limits
-  # <br /> Ref: https://kubernetes.io/docs/user-guide/compute-resources/
+  # <br /> Ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-requests-and-limits-of-pod-and-container
   # <!-- E.g.
   # resources:
   #   limits:
@@ -150,6 +201,63 @@ backstage:
   #     cpu: 100m -->
   resources: {}
 
+  # -- Readiness Probe
+  # Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes
+  # <!-- E.g.
+  # readinessProbe:
+  #   failureThreshold: 3
+  #   httpGet:
+  #     path: /.backstage/health/v1/readiness
+  #     port: 7007
+  #     scheme: HTTP
+  #   initialDelaySeconds: 30
+  #   periodSeconds: 10
+  #   successThreshold: 2
+  #   timeoutSeconds: 2
+  readinessProbe:
+    httpGet:
+      path: /.backstage/health/v1/readiness
+      port: 7007
+      scheme: HTTP
+
+  # -- Liveness Probe
+  # Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes
+  # <!-- E.g.
+  # livenessProbe:
+  #   failureThreshold: 3
+  #   httpGet:
+  #     path: /.backstage/health/v1/liveness
+  #     port: 7007
+  #     scheme: HTTP
+  #   initialDelaySeconds: 60
+  #   periodSeconds: 10
+  #   successThreshold: 1
+  #   timeoutSeconds: 2
+  livenessProbe:
+    httpGet:
+      path: /.backstage/health/v1/liveness
+      port: 7007
+      scheme: HTTP
+
+  # -- Startup Probe
+  # Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes
+  # <!-- E.g.
+  # startupProbe:
+  #   failureThreshold: 3
+  #   httpGet:
+  #     path: /.backstage/health/v1/liveness
+  #     port: 7007
+  #     scheme: HTTP
+  #   initialDelaySeconds: 60
+  #   periodSeconds: 10
+  #   successThreshold: 1
+  #   timeoutSeconds: 2
+  startupProbe:
+    httpGet:
+      path: /.backstage/health/v1/liveness
+      port: 7007
+      scheme: HTTP
+
   # -- Security settings for a Pod.
   #  The security settings that you specify for a Pod apply to all Containers in the Pod.
   # <br /> Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
@@ -169,17 +277,39 @@ backstage:
   # -- Generates ConfigMap and configures it in the Backstage pods
   appConfig: {}
 
+  # -- Affinity for pod assignment
+  # <br /> Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
+  affinity: {}
+
+  # -- Topology Spread Constraints for pod assignment
+  # <br /> Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#pod-topology-spread-constraints
+  topologySpreadConstraints: []
+
+  # -- Node labels for pod assignment
+  # <br /> Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector
+  nodeSelector: {}
+
   # -- Node tolerations for server scheduling to nodes with taints
-  # <br /> Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
+  # <br /> Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/
   tolerations: []
   #  - key: "key"
   #    operator: "Equal|Exists"
   #    value: "value"
   #    effect: "NoSchedule|PreferNoSchedule|NoExecute"
 
+  # -- Host Aliases for the pod
+  # <br /> Ref: https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
+  hostAliases: []
+
   # -- Annotations to add to the backend deployment pods
   podAnnotations: {}
 
+  # -- Labels to add to the backend deployment pods
+  podLabels: {}
+
+  # -- Additional custom annotations for the `Deployment` resource
+  annotations: {}
+
 ## @section Traffic Exposure parameters
 
 ## Service parameters
@@ -195,6 +325,9 @@ service:
   ports:
     backend: 7007
 
+    # -- Backstage svc port name
+    name: http-backend
+
     # -- Backstage svc target port referencing receiving pod container port
     targetPort: backend
 
@@ -205,7 +338,7 @@ service:
 
   # -- Control where client requests go, to the same pod or round-robin
   # (values: `ClientIP` or `None`)
-  # <br /> Ref: https://kubernetes.io/docs/user-guide/services/
+  # <br /> Ref: https://kubernetes.io/docs/concepts/services-networking/service/#session-stickiness
   sessionAffinity: None
 
   # -- Backstage service Cluster IP
@@ -215,12 +348,12 @@ service:
 
   # -- Backstage service Load Balancer IP
   #
-  # <br /> Ref: https://kubernetes.io/docs/user-guide/services/#type-loadbalancer
+  # <br /> Ref: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer
   loadBalancerIP: ""
 
   # -- Load Balancer sources
   #
-  # <br /> Ref: https://kubernetes.io/docs/tasks/access-application-cluster/cnfigure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
+  # <br /> Ref: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer
   # <br /> E.g `loadBalancerSourceRanges: [10.10.10.0/24]`
   loadBalancerSourceRanges: []
 
@@ -235,27 +368,52 @@ service:
   # -- Extra ports to expose in the Backstage service (normally used with the `sidecar` value)
   extraPorts: []
 
-# -- Network policies
-# <br /> Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/
-networkPolicy:
+  # -- IP Family Policy
+  #
+  # <br /> Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack
+  ipFamilyPolicy: ""
 
-  # -- networkPolicy.enabled Specifies whether a NetworkPolicy should be created
+  # -- IP Families
+  #
+  # <br /> Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack
+  ipFamilies: []
+
+## @section NetworkPolicy parameters
+##
+networkPolicy:
+  # -- Specifies whether a NetworkPolicy should be created
   enabled: false
 
-  externalAccess:
-    from: []
+  ## Ingress Rules
+  ##
+  ingressRules:
 
-  # -- Custom network policy rule
-  egressRules:
+    # -- Namespace selector label allowed to access the Backstage instance
+    namespaceSelector: {}
 
-    # -- Additional custom egress rules
-    # e.g:
-    # customRules:
+    # -- Pod selector label allowed to access the Backstage instance
+    podSelector: {}
+
+    # -- Additional custom ingress rules
+    customRules: []
     #   - to:
     #       - namespaceSelector:
     #           matchLabels:
     #             label: example
+
+  ## Egress Rules
+  ##
+  egressRules:
+
+    # -- Deny external connections. Should not be enabled when working with an external database.
+    denyConnectionsToExternal: false
+
+    # -- Additional custom egress rules
     customRules: []
+    #   - to:
+    #       - namespaceSelector:
+    #           matchLabels:
+    #             label: example
 
 
 # -- PostgreSQL [chart configuration](https://github.com/bitnami/charts/blob/master/bitnami/postgresql/values.yaml)
@@ -335,3 +493,7 @@ metrics:
     # -- ServiceMonitor endpoint path
     # <br /> Note that the /metrics endpoint is NOT present in a freshly scaffolded Backstage app. To setup, follow the [Prometheus metrics tutorial](https://github.com/backstage/backstage/blob/master/contrib/docs/tutorials/prometheus-metrics.md).
     path: /metrics
+
+    # -- ServiceMonitor endpoint port
+    # <br /> The port where the metrics are exposed. If using OpenTelemetry as [documented here](https://backstage.io/docs/tutorials/setup-opentelemetry/), then the port needs to be explicitly specified. OpenTelemetry's default port is 9464.
+    port: http-backend