feat: Support autoscaling via HPA (#268)

* feat: expose autoscaling configuration using the HPA resource

Signed-off-by: Armel Soro <asoro@redhat.com>

* Set the Deployment replicas only if autoscaling is not enabled

When autoscaling is enabled, the HPA controller controls the number of replicas [1]

[1] https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/\#migrating-deployments-and-statefulsets-to-horizontal-autoscaling

Signed-off-by: Armel Soro <asoro@redhat.com>

* Add CI values file with autoscaling enabled

Signed-off-by: Armel Soro <asoro@redhat.com>

* Bump chart version

This is a backward-compatible change

Signed-off-by: Armel Soro <asoro@redhat.com>

* Update values schema

Signed-off-by: Armel Soro <asoro@redhat.com>

* Update README

Signed-off-by: Armel Soro <asoro@redhat.com>

---------

Signed-off-by: Armel Soro <asoro@redhat.com>

.codespellrc

@@ -0,0 +1,2 @@
+[codespell]
+ignore-words-list = NotIn,notin

.github/dependabot.yml

@@ -0,0 +1,6 @@
+version: 2
+updates:
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"

.github/pull_request_template.md

@@ -0,0 +1,28 @@
+<!--
+Thank you for your contribution! Complete the following fields to provide insight into the changes being requested as well as steps that you can take to ensure it meets all of the requirements
+
+Please remember to:
+- mention any issue(s) that this PR closes using a closing keyword as well as the issue number, such as "Closes #XYZ" or "Resolves backstage/repo-name#XYZ", cf.
+  [documentation](https://docs.github.com/en/github/managing-your-work-on-github/linking-a-pull-request-to-an-issue#linking-a-pull-request-to-an-issue-using-a-keyword)
+- ensure there are no merge commits!
+
+ -->
+
+## Description of the change
+
+<!-- Describe the change being requested. -->
+
+## Existing or Associated Issue(s)
+
+<!-- List any related issues. -->
+
+## Additional Information
+
+ <!-- Provide as much information that you feel would be helpful for those reviewing the proposed changes. -->
+
+## Checklist
+
+- [ ] Chart version bumped in `Chart.yaml` according to [semver](http://semver.org/).
+- [ ] Variables are documented in the `values.yaml` and added to the README.md. The [helm-docs](https://github.com/norwoodj/helm-docs) utility can be used to generate the necessary content. Use `helm-docs --dry-run` to preview the content.
+- [ ] JSON Schema generated.
+- [ ] List tests pass for Chart using the [Chart Testing](https://github.com/helm/chart-testing) tool and the `ct lint` command.

.github/workflows/automate_stale.yml

@@ -0,0 +1,37 @@
+name: Automate staleness
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: "0 6 * * *"
+
+permissions:
+  contents: read
+
+jobs:
+  stale:
+    permissions:
+      issues: write # for actions/stale to close stale issues
+      pull-requests: write # for actions/stale to close stale PRs
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/stale@5bef64f19d7facfb25b37b414482c7164d639639 # v9.1.0
+        id: stale
+        with:
+          stale-issue-message: >
+            This issue has been automatically marked as stale because it has not had
+            recent activity. It will be closed if no further activity occurs. Thank you
+            for your contributions.
+          days-before-issue-stale: 60
+          days-before-issue-close: 7
+          exempt-issue-labels: after-vacations,will-fix
+          stale-issue-label: stale
+          stale-pr-message: >
+            This PR has been automatically marked as stale because it has not had
+            recent activity from the author. It will be closed if no further activity occurs.
+            If the PR was closed and you want it re-opened, let us know
+            and we'll re-open the PR so that you can continue the contribution!
+          days-before-pr-stale: 7
+          days-before-pr-close: 5
+          exempt-pr-labels: after-vacations,will-fix
+          stale-pr-label: stale
+          operations-per-run: 100

.github/workflows/lint.yaml

@@ -0,0 +1,27 @@
+name: Lint Charts
+
+on:
+  pull_request:
+
+jobs:
+  lint:
+    runs-on: ubuntu-latest
+    env:
+      GO111MODULE: on
+    steps:
+      - name: Checkout
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # pin@v3
+
+      - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # pin@v4
+        with:
+          python-version: 3.12
+
+      - uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # pin@v3
+        with:
+          go-version: ^1
+
+      - name: Setup helm-docs
+        run: go install github.com/norwoodj/helm-docs/cmd/helm-docs@latest
+
+      - name: Run pre-commit
+        uses: pre-commit/action@2c7b3805fd2a0fd8c1884dcaebf91fc102a13ecd # pin@v3.0.1

.github/workflows/release.yml

@@ -4,13 +4,21 @@ on:
   push:
     branches:
       - main
+    paths:
+      - "charts/**"
 
 jobs:
   release:
     runs-on: ubuntu-latest
+
+    permissions:
+      contents: write
+      packages: write
+      id-token: write
+
     steps:
       - name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # pin@v3
         with:
           fetch-depth: 0
 
@@ -18,10 +26,37 @@ jobs:
         run: |
           git config user.name "$GITHUB_ACTOR"
           git config user.email "$GITHUB_ACTOR@users.noreply.github.com"
-      - name: Add dependencies
-        run: |
-          helm repo add bitnami https://charts.bitnami.com/bitnami
+
       - name: Run chart-releaser
-        uses: helm/chart-releaser-action@v1.4.0
+        uses: helm/chart-releaser-action@cae68fefc6b5f367a0275617c9f83181ba54714f # pin@v1.7.0
+        with:
+          config: cr.yaml
         env:
           CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
+
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 #pin@v3.4.0
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Install Cosign
+        uses: sigstore/cosign-installer@398d4b0eeef1380460a10c8013a76f728fb906ac #pin@v3.9.1
+
+      - name: Install Oras
+        uses: oras-project/setup-oras@8d34698a59f5ffe24821f0b48ab62a3de8b64b20 # v1.2.3
+
+      - name: Publish and Sign OCI Charts
+        run: |
+          for chart in `find .cr-release-packages -name '*.tgz' -print`; do
+            helm push ${chart} oci://ghcr.io/${GITHUB_REPOSITORY} |& tee helm-push-output.log
+            file_name=${chart##*/}
+            chart_name=${file_name%-*}
+            digest=$(awk -F "[, ]+" '/Digest/{print $NF}' < helm-push-output.log)
+            cosign sign -y "ghcr.io/${GITHUB_REPOSITORY}/${chart_name}@${digest}"
+
+            oras push "ghcr.io/${GITHUB_REPOSITORY}/${chart_name}:artifacthub.io" "./charts/${chart_name}/artifacthub-repo.yml:application/vnd.cncf.artifacthub.repository-metadata.layer.v1.yaml"
+          done
+        env:
+          COSIGN_EXPERIMENTAL: 1

.github/workflows/spellcheck.yaml

@@ -0,0 +1,18 @@
+name: Codespell
+
+on:
+  pull_request:
+
+jobs:
+  codespell:
+    name: Codespell
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout Code
+        uses: actions/checkout@v4
+      - name: Codespell
+        uses: codespell-project/actions-codespell@v2
+        with:
+          skip: .git
+          check_filenames: true
+          check_hidden: true

.github/workflows/test.yml

@@ -0,0 +1,42 @@
+name: Test Charts
+
+on:
+  pull_request:
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # pin@v3
+        with:
+          fetch-depth: 0
+
+      - name: Set up Helm
+        uses: azure/setup-helm@b9e51907a09c216f16ebe8536097933489208112 # pin@v4.3.0
+        with:
+          version: v3.10.0
+
+      - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # pin@v4
+        with:
+          python-version: 3.12
+
+      - name: Set up chart-testing
+        uses: helm/chart-testing-action@0d28d3144d3a25ea2cc349d6e59901c4ff469b3b # pin@v2.3.0
+
+      - name: "Add NGINX Ingress and Bitnami Repository"
+        run: |
+          helm repo add ingress-nginx "https://kubernetes.github.io/ingress-nginx"
+          helm repo update
+
+      - name: Run chart-testing (lint)
+        run: ct lint --config ct.yaml
+
+      - name: Create KIND Cluster
+        uses: helm/kind-action@a1b0e391336a6ee6713a0583f8c6240d70863de3 # pin@v1.12.0
+
+      - name: Install Ingress Controller
+        run: "helm install ingress-nginx/ingress-nginx --generate-name --set controller.service.type='NodePort' --set controller.admissionWebhooks.enabled=false"
+
+      - name: Run chart-testing (install)
+        run: ct install --config ct-install.yaml

.gitignore

@@ -0,0 +1,9 @@
+### macOS ###
+.DS_Store
+.AppleDouble
+.LSOverride
+.idea
+
+# helm chart dependencies
+charts/*/charts/
+**/charts/*.tgz

.helmignore

@@ -21,3 +21,5 @@
 .idea/
 *.tmproj
 .vscode/
+
+values.schema.tmpl.json

.pre-commit-config.yaml

@@ -0,0 +1,25 @@
+repos:
+  - repo: https://github.com/norwoodj/helm-docs
+    rev: v1.2.0
+    hooks:
+      - id: helm-docs
+        args:
+          # Make the tool search for charts only under the ``charts` directory
+          - --chart-search-root=charts
+          # The `./` makes it relative to the chart-search-root set above
+          - --template-files=./_templates.gotmpl
+          # A base filename makes it relative to each chart directory found
+          - --template-files=README.md.gotmpl
+  - repo: local
+    hooks:
+      - id: jsonschema-dereference
+        name: jsonschema-dereference
+        entry: python .pre-commit/jsonschema_dereference.py
+        additional_dependencies: [jsonref]
+        language: python
+        types_or: [yaml, json]
+
+  - repo: https://github.com/codespell-project/codespell
+    rev: v2.4.1
+    hooks:
+    - id: codespell

.pre-commit/jsonschema_dereference.py

@@ -0,0 +1,54 @@
+""" 
+This Python module:
+  - Searches for JSON Schema templates with the name values.schema.tmpl.json
+  - Dereferences any $refs contained in those files
+  - Outputs the new Schema to a values.schema.json file in the same directory
+"""
+
+import sys
+import json
+from typing import List, Dict, Any
+from pathlib import Path
+
+# External library dependency
+# Install with 'pip install jsonref'
+import jsonref
+
+# File to write the dereferenced JSON Schema to
+JSONSCHEMA_NAME = "values.schema.json"
+# File that contains the JSON Schema that needs dereferencing
+JSONSCHEMA_TEMPLATE_NAME = "values.schema.tmpl.json"
+
+def load_template_schema(schema_dir: Path) -> Dict[str, Any]:
+    """Load the schema template values.schema.tmpl.json"""
+    with open(schema_dir / JSONSCHEMA_TEMPLATE_NAME, "r", encoding="utf-8") as f:
+        return json.loads(f.read())
+
+def save(schema_dir: Path, schema_data: Any):
+    """Save the dereferenced schema to values.schema.json"""
+    with open(schema_dir / JSONSCHEMA_NAME, "w", encoding="utf-8") as f:
+        json.dump(schema_data, f, indent=4, sort_keys=True)
+
+if __name__ == '__main__':
+    # Search for all values.schema.tmpl.json files
+    schema_templates = [p.parent for p in Path(".").rglob(JSONSCHEMA_TEMPLATE_NAME)]
+
+    # Create a list to hold any exceptions
+    errors: List[BaseException] = []
+    # Iterate over the List of found schema templates
+    for schema_template in schema_templates:
+        try:
+            # Load the schema into a variable as JSON
+            st = load_template_schema(schema_template)
+            # Dereference all of the $refs
+            s = jsonref.replace_refs(st)
+            # Save the dereferenced JSON
+            save(schema_template, s)
+        except BaseException as e:
+            # Print any errors to the screen
+            print(f"Could not process schema for '{schema_template}': {e}")
+            # Append any exceptions to the errors List
+            errors.append(e)
+    if errors:
+        # Exit with status 1 if any exceptions were thrown
+        sys.exit(1)

CONTRIBUTING.md

@@ -0,0 +1,8 @@
+# Contributing to Backstage Charts
+
+Before making a contribution to the [Backstage Helm Chart](https://github.com/backstage/charts) you will need to ensure the following steps have been done:
+- [Sign your commits](https://docs.github.com/en/authentication/managing-commit-signature-verification/signing-commits)
+- Run `helm template` on the changes you're making to ensure they are correctly rendered into Kubernetes manifests.
+- Lint tests has been run for the Chart using the [Chart Testing](https://github.com/helm/chart-testing) tool and the `ct lint` command.
+- Ensure variables are documented in `values.yaml` and the [pre-commit](https://pre-commit.com/) hook has been run with `pre-commit run --all-files` to generate the `README.md` documentation. To preview the content, use `helm-docs --dry-run`.
+- If you are making changes to the Chart - remember to bump the Chart version following [SemVer](https://semver.org/). You will need to change the [Chart Version](https://github.com/backstage/charts/blob/main/charts/backstage/Chart.yaml#L41) and the [Chart Badge](https://github.com/backstage/charts/blob/main/charts/backstage/README.md?plain=1#L5) on the README.

LICENSE

@@ -0,0 +1,201 @@
+                              Apache License
+                        Version 2.0, January 2004
+                     http://www.apache.org/licenses/
+
+TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+1. Definitions.
+
+   "License" shall mean the terms and conditions for use, reproduction,
+   and distribution as defined by Sections 1 through 9 of this document.
+
+   "Licensor" shall mean the copyright owner or entity authorized by
+   the copyright owner that is granting the License.
+
+   "Legal Entity" shall mean the union of the acting entity and all
+   other entities that control, are controlled by, or are under common
+   control with that entity. For the purposes of this definition,
+   "control" means (i) the power, direct or indirect, to cause the
+   direction or management of such entity, whether by contract or
+   otherwise, or (ii) ownership of fifty percent (50%) or more of the
+   outstanding shares, or (iii) beneficial ownership of such entity.
+
+   "You" (or "Your") shall mean an individual or Legal Entity
+   exercising permissions granted by this License.
+
+   "Source" form shall mean the preferred form for making modifications,
+   including but not limited to software source code, documentation
+   source, and configuration files.
+
+   "Object" form shall mean any form resulting from mechanical
+   transformation or translation of a Source form, including but
+   not limited to compiled object code, generated documentation,
+   and conversions to other media types.
+
+   "Work" shall mean the work of authorship, whether in Source or
+   Object form, made available under the License, as indicated by a
+   copyright notice that is included in or attached to the work
+   (an example is provided in the Appendix below).
+
+   "Derivative Works" shall mean any work, whether in Source or Object
+   form, that is based on (or derived from) the Work and for which the
+   editorial revisions, annotations, elaborations, or other modifications
+   represent, as a whole, an original work of authorship. For the purposes
+   of this License, Derivative Works shall not include works that remain
+   separable from, or merely link (or bind by name) to the interfaces of,
+   the Work and Derivative Works thereof.
+
+   "Contribution" shall mean any work of authorship, including
+   the original version of the Work and any modifications or additions
+   to that Work or Derivative Works thereof, that is intentionally
+   submitted to Licensor for inclusion in the Work by the copyright owner
+   or by an individual or Legal Entity authorized to submit on behalf of
+   the copyright owner. For the purposes of this definition, "submitted"
+   means any form of electronic, verbal, or written communication sent
+   to the Licensor or its representatives, including but not limited to
+   communication on electronic mailing lists, source code control systems,
+   and issue tracking systems that are managed by, or on behalf of, the
+   Licensor for the purpose of discussing and improving the Work, but
+   excluding communication that is conspicuously marked or otherwise
+   designated in writing by the copyright owner as "Not a Contribution."
+
+   "Contributor" shall mean Licensor and any individual or Legal Entity
+   on behalf of whom a Contribution has been received by Licensor and
+   subsequently incorporated within the Work.
+
+2. Grant of Copyright License. Subject to the terms and conditions of
+   this License, each Contributor hereby grants to You a perpetual,
+   worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+   copyright license to reproduce, prepare Derivative Works of,
+   publicly display, publicly perform, sublicense, and distribute the
+   Work and such Derivative Works in Source or Object form.
+
+3. Grant of Patent License. Subject to the terms and conditions of
+   this License, each Contributor hereby grants to You a perpetual,
+   worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+   (except as stated in this section) patent license to make, have made,
+   use, offer to sell, sell, import, and otherwise transfer the Work,
+   where such license applies only to those patent claims licensable
+   by such Contributor that are necessarily infringed by their
+   Contribution(s) alone or by combination of their Contribution(s)
+   with the Work to which such Contribution(s) was submitted. If You
+   institute patent litigation against any entity (including a
+   cross-claim or counterclaim in a lawsuit) alleging that the Work
+   or a Contribution incorporated within the Work constitutes direct
+   or contributory patent infringement, then any patent licenses
+   granted to You under this License for that Work shall terminate
+   as of the date such litigation is filed.
+
+4. Redistribution. You may reproduce and distribute copies of the
+   Work or Derivative Works thereof in any medium, with or without
+   modifications, and in Source or Object form, provided that You
+   meet the following conditions:
+
+   (a) You must give any other recipients of the Work or
+       Derivative Works a copy of this License; and
+
+   (b) You must cause any modified files to carry prominent notices
+       stating that You changed the files; and
+
+   (c) You must retain, in the Source form of any Derivative Works
+       that You distribute, all copyright, patent, trademark, and
+       attribution notices from the Source form of the Work,
+       excluding those notices that do not pertain to any part of
+       the Derivative Works; and
+
+   (d) If the Work includes a "NOTICE" text file as part of its
+       distribution, then any Derivative Works that You distribute must
+       include a readable copy of the attribution notices contained
+       within such NOTICE file, excluding those notices that do not
+       pertain to any part of the Derivative Works, in at least one
+       of the following places: within a NOTICE text file distributed
+       as part of the Derivative Works; within the Source form or
+       documentation, if provided along with the Derivative Works; or,
+       within a display generated by the Derivative Works, if and
+       wherever such third-party notices normally appear. The contents
+       of the NOTICE file are for informational purposes only and
+       do not modify the License. You may add Your own attribution
+       notices within Derivative Works that You distribute, alongside
+       or as an addendum to the NOTICE text from the Work, provided
+       that such additional attribution notices cannot be construed
+       as modifying the License.
+
+   You may add Your own copyright statement to Your modifications and
+   may provide additional or different license terms and conditions
+   for use, reproduction, or distribution of Your modifications, or
+   for any such Derivative Works as a whole, provided Your use,
+   reproduction, and distribution of the Work otherwise complies with
+   the conditions stated in this License.
+
+5. Submission of Contributions. Unless You explicitly state otherwise,
+   any Contribution intentionally submitted for inclusion in the Work
+   by You to the Licensor shall be under the terms and conditions of
+   this License, without any additional terms or conditions.
+   Notwithstanding the above, nothing herein shall supersede or modify
+   the terms of any separate license agreement you may have executed
+   with Licensor regarding such Contributions.
+
+6. Trademarks. This License does not grant permission to use the trade
+   names, trademarks, service marks, or product names of the Licensor,
+   except as required for reasonable and customary use in describing the
+   origin of the Work and reproducing the content of the NOTICE file.
+
+7. Disclaimer of Warranty. Unless required by applicable law or
+   agreed to in writing, Licensor provides the Work (and each
+   Contributor provides its Contributions) on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+   implied, including, without limitation, any warranties or conditions
+   of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+   PARTICULAR PURPOSE. You are solely responsible for determining the
+   appropriateness of using or redistributing the Work and assume any
+   risks associated with Your exercise of permissions under this License.
+
+8. Limitation of Liability. In no event and under no legal theory,
+   whether in tort (including negligence), contract, or otherwise,
+   unless required by applicable law (such as deliberate and grossly
+   negligent acts) or agreed to in writing, shall any Contributor be
+   liable to You for damages, including any direct, indirect, special,
+   incidental, or consequential damages of any character arising as a
+   result of this License or out of the use or inability to use the
+   Work (including but not limited to damages for loss of goodwill,
+   work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses), even if such Contributor
+   has been advised of the possibility of such damages.
+
+9. Accepting Warranty or Additional Liability. While redistributing
+   the Work or Derivative Works thereof, You may choose to offer,
+   and charge a fee for, acceptance of support, warranty, indemnity,
+   or other liability obligations and/or rights consistent with this
+   License. However, in accepting such obligations, You may act only
+   on Your own behalf and on Your sole responsibility, not on behalf
+   of any other Contributor, and only if You agree to indemnify,
+   defend, and hold each Contributor harmless for any liability
+   incurred by, or claims asserted against, such Contributor by reason
+   of your accepting any such warranty or additional liability.
+
+END OF TERMS AND CONDITIONS
+
+APPENDIX: How to apply the Apache License to your work.
+
+   To apply the Apache License to your work, attach the following
+   boilerplate notice, with the fields enclosed by brackets "[]"
+   replaced with your own identifying information. (Don't include
+   the brackets!)  The text should be enclosed in the appropriate
+   comment syntax for the file format. We also recommend that a
+   file or class name and description of purpose be included on the
+   same "printed page" as the copyright notice for easier
+   identification within third-party archives.
+
+Copyright 2022 The Backstage Authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.

NOTICE

@@ -0,0 +1,2 @@
+Backstage
+Copyright 2022 The Backstage Authors

README.md

@@ -4,213 +4,52 @@
 
 Backstage unifies all your infrastructure tooling, services, and documentation to create a streamlined development environment from end to end.
 
-## TL;DR
+> [!CAUTION]
+> This Helm chart deploys a pre-packaged container image which contains a vanilla Backstage instance for demo purposes. This image is probably not suitable for use in production. For further customization of the Backstage instance (plugin installation, UI changes, etc.) please create your own custom instance and container image. For details please consult the [Backstage documentation](https://backstage.io/docs)
+
+## Scope
+
+This chart focuses on providing users the same experience and functionality no matter what flavor of Kubernetes they use. This chart will support only patterns that are either customary for all Kubernetes flavors, are commonly used in the Bitnami charts ecosystem, and recognized as Backstage official patterns.
+
+We welcome other, more specialized, charts to use this canonical chart as a direct dependency, expanding the feature set further, beyond this scope.
+
+A list of derived charts:
+- OpenShift specialized chart: [Red Hat Developer Hub Helm chart](https://github.com/redhat-developer/rhdh-chart/tree/main/charts/backstage)
+
+## Usage
+
+> [!NOTE]
+> Documentation for the Backstage chart can be found [here](charts/backstage)
+
+Charts are available in the following formats:
+
+* [Chart Repository](https://helm.sh/docs/topics/chart_repository/)
+* [OCI Artifacts](https://helm.sh/docs/topics/registries/)
+
+### Installing from the Chart Repository
+
+The following command can be used to add the chart repository:
 
 ```console
 helm repo add backstage https://backstage.github.io/charts
-helm install my-release backstage
 ```
 
-## Introduction
-
-This chart bootstraps a [Backstage](https://backstage.io/docs/deployment/docker) deployment on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
-
-## Prerequisites
-
-- Kubernetes 1.19+
-- Helm 3.2.0+
-- PV provisioner support in the underlying infrastructure
-- [Backstage container image](https://backstage.io/docs/deployment/docker)
-
-## Installing the Chart
-
-To install the chart with the release name `my-backstage-release`:
+Once the chart has been added, install one of the available charts:
 
 ```console
-helm repo add backstage https://backstage.github.io/charts
-helm install my-backstage-release backstage/backstage
+helm upgrade -i <release_name> backstage/backstage
 ```
 
-> **Tip**: List all releases using `helm list`
+### Installing from an OCI Registry
 
-## Uninstalling the Chart
+Charts are also available in OCI format. The list of available charts can be found [here](https://github.com/orgs/backstage/packages?repo_name=charts).
 
-To uninstall/delete the `my-backstage-release` deployment:
+Install one of the available charts:
 
-```console
-helm delete my-backstage-release
+```shell
+helm upgrade -i <release_name> oci://ghcr.io/backstage/charts/backstage --version=<version>
 ```
 
-The command removes all the Kubernetes components associated with the chart and deletes the release.
+## Backstage Chart
 
-## Parameters
-
-### Global parameters
-
-| Name                      | Description                                     | Value |
-| ------------------------- | ----------------------------------------------- | ----- |
-| `global.imageRegistry`    | Global Docker image registry                    | `""`  |
-| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]`  |
-| `global.storageClass`     | Global StorageClass for Persistent Volume(s)    | `""`  |
-
-### Common parameters
-
-| Name                     | Description                                                                             | Value           |
-| ------------------------ | --------------------------------------------------------------------------------------- | --------------- |
-| `kubeVersion`            | Override Kubernetes version                                                             | `""`            |
-| `nameOverride`           | String to partially override common.names.fullname                                      | `""`            |
-| `fullnameOverride`       | String to fully override common.names.fullname                                          | `""`            |
-| `clusterDomain`          | Default Kubernetes cluster domain                                                       | `cluster.local` |
-| `commonLabels`           | Labels to add to all deployed objects                                                   | `{}`            |
-| `commonAnnotations`      | Annotations to add to all deployed objects                                              | `{}`            |
-| `extraDeploy`            | Array of extra objects to deploy with the release                                       | `[]`            |
-| `diagnosticMode.enabled` | Enable diagnostic mode (all probes will be disabled and the command will be overridden) | `false`         |
-| `diagnosticMode.command` | Command to override all containers in the statefulset                                   | `["sleep"]`     |
-| `diagnosticMode.args`    | Args to override all containers in the statefulset                                      | `["infinity"]`  |
-
-### Backstage parameters
-
-| Name                            | Description                                                          | Value                                                                       |
-| ------------------------------- | -------------------------------------------------------------------- | --------------------------------------------------------------------------- |
-| `backstage.image.registry`      | Backstage image registry                                             | `""`                                                                        |
-| `backstage.image.repository`    | Backstage image repository (required)                                | `""`                                                                        |
-| `backstage.image.tag`           | Backstage image tag (required immutable tags are recommended)        | `""`                                                                        |
-| `backstage.image.pullPolicy`    | Backstage image pull policy                                          | `IfNotPresent`                                                              |
-| `backstage.image.pullSecrets`   | Specify docker-registry secret names as an array                     | `[]`                                                                        |
-| `backstage.command`             | Override Backstage container command                                 | `["node", "packages/backend"]`                                              |
-| `backstage.args`                | Override Backstage container arguments                               | `["--config", "app-config.yaml", "--config", "app-config.production.yaml"]` |
-| `backstage.extraEnvVars`        | Extra environment variables to add to Backstage pods                 | `[]`                                                                        |
-| `backstage.extraAppConfig`      | ConfigMap with extra environment variables                           | `[]`                                                                        |
-| `backstage.extraEnvVarsSecrets` | Array of existing secrets containing sensitive environment variables | `[]`                                                                        |
-
-### Traffic Exposure parameters
-
-| Name                               | Description                                                       | Value       |
-| ---------------------------------- | ----------------------------------------------------------------- | ----------- |
-| `ingress.enabled`                  | Enable ingress                                                    | `false`     |
-| `ingress.className`                | Name of the IngressClass cluster resource (e.g nginx)             | `""`        |
-| `ingress.annotations`              | Additional annotations for the Ingress resource                   | `{}`        |
-| `ingress.host`                     | Hostname of the backstage application (e.g backstage.<IP>.nip.io) | `""`        |
-| `service.type`                     | Kubernetes Service type                                           | `ClusterIP` |
-| `service.ports.backend`            | Port for client connections                                       | `7007`      |
-| `service.nodePorts.backend`        | Node port for client connections                                  | `""`        |
-| `service.sessionAffinity`          | Control where client requests go, to the same pod or round-robin  | `None`      |
-| `service.clusterIP`                | Backstage service Cluster IP                                      | `""`        |
-| `service.loadBalancerIP`           | Backstage service Load Balancer IP                                | `""`        |
-| `service.loadBalancerSourceRanges` | Backstage service Load Balancer sources                           | `[]`        |
-| `service.externalTrafficPolicy`    | Backstage service external traffic policy                         | `Cluster`   |
-| `service.annotations`              | Additional custom annotations for Backstage service               | `{}`        |
-| `service.extraPorts`               | Extra ports to expose in Backstage                                | `[]`        |
-
-## Configure your Backstage instance
-
-The Backstage Chart makes it possible to configure your backstage instance by passing extra environment variables or static configuration files, without rebuilding the docker image.
-
-### Environment variables
-
-Use `backstage.extraEnvVars` to pass extra environment variables. **This is used for environment variables containing non sensitive information:**
-
-```diff
-  backstage:
-+   extraEnvVars:
-+     - name: MY_PLUGIN_HOST
-+       value: http://my-plugin-host
-```
-
-It is possible to override values defined in your `app-config.yaml` by appending the `APP_CONFIG` prefix to each environment variable, as described in the [official documentation](https://backstage.io/docs/conf/#supplying-configuration).
-For example, to override the `backend.cache.store` property defined in your `app-config.yaml`, do:
-
-```diff
-  backstage:
-    extraEnvVars:
-+     - name: APP_CONFIG_backend_cache_store
-+       value: memory
-```
-
-### Sensitive environment variables
-
-In case your environment variables contain sensitive information, such as `BACKEND_SECRET` or `POSTGRES_PASSWORD` it is recommended store them in a [Kubernetes Secret](https://kubernetes.io/docs/concepts/configuration/secret/).
-
-Create a new file named `my-backstage-secrets.yaml` containing the secrets you want to store:
-
-```yaml
-# my-backstage-secrets.yaml
-apiVersion: v1
-kind: Secret
-metadata:
-  name: my-backstage-secrets
-type: Opaque
-data:
-  BACKEND_SECRET: YmFja3N0YWdl
-  POSTGRES_PASSWORD: aHVudGVyMg==
-```
-
-Make sure to customize the name of the secret by changing `metadata.name` properly.
-
-Now create the new secret in your Kubernetes cluster by running the following command:
-
-```bash
-$ kubectl apply -f my-backstage-secrets.yaml`
-```
-
-Once the secret has been created, pass the secret's reference to your backstage instance by adding the following lines to your `values.yaml`:
-
-```diff
-  backstage:
-+   extraEnvVarsSecrets:
-+     - my-backstage-secrets
-```
-
-The chart will make sure to pass the secrets to your Backstage instance.
-
-### Pass extra configuration files
-
-A generated Backstage docker image contains some static configuration files, such as `app-config.yaml` and `app-config.production.yaml`.
-It is possible to pass extra configuration files by defining them as [ConfigMap](https://kubernetes.io/docs/concepts/configuration/configmap/), without rebuilding the Docker image.
-
-To do so, run:
-
-```bash
-$ kubectl create configmap my-app-config --from-file=app-config.extra.yaml=./local/path/to/your/app-config.extra.yaml`
-```
-
-This command parses your local `app-config.extra.yaml` and creates a new ConfigMap called `my-app-config` which internally contains a file called `app-config.extra.yaml` with the content of the parsed file.
-
-Now that the ConfigMap has been created on your Kubernetes cluster, you can reference the ConfigMap:
-
-```diff
-  backstage:
-+   extraAppConfig:
-+     - filename: app-config.extra.yaml
-+       configMapRef: my-app-config
-```
-
-The chart will mount the content of the ConfigMap as a new `app-config.extra.yaml` file and automatically pass the extra configuration to your instance.
-
-### Configuring Chart PostgreSQL
-
-With the Backstage Helm Chart, it offers - as a subchart - a Bitnami PostgreSQL database. This can be enabled by switching `postgresql.enabled` to true (it is `false` by default). If switched on, the Helm Chart, on deployment, will automatically deploy a PostgreSQL instance and configure it with the credentials you specify. There are multiple ways of doing this that will be detailed below.
-
-#### Automatic Database Credential Creation
-
-This is the easiest of the configuration options. Here, the credentials for both the Admin and Database users will be automatically generated and put into a Kubernetes secret. This will then be automatically used by Backstage. In order to use this method, ensure the following:
-
-- Keep `postgresql.auth.existingSecret` & `postgresql.auth.password` empty.
-
-#### Specifying Password for PostgreSQL to Use
-
-Here, you can specify the password that you want PostgreSQL to use for its Database User (The user that Backstage will use to connect to the database). In order to use this method, ensure the following:
-
-- Keep `postgresql.auth.existingSecret` empty.
-- Set `postgresql.auth.password` to your desired User password value.
-
-> **_NOTE:_** Be careful that you provide this value securely.
-
-#### Specifying Existing Secret for PostgreSQL to Use
-
-Here, you can specify an existing Kubernetes secret that you have created which contains the Password that you want PostgreSQL to use. The secret must be in the same namespace as where you are deploying the Helm Chart. In order to use this method, ensure the following:
-
-- Create the Kubernetes secret with the Password inside.
-- Set `postgresql.auth.existingSecret` to the name of the Secret
-- PostgreSQL by default will look for the relevant Password keys that are set by default here `postgresql.auth.secretKeys`. So make sure that the Keys in the Secret match the default `secretKeys` values. More information [here](https://artifacthub.io/packages/helm/bitnami/postgresql)
-- For example, if you want PostgreSQL to use an existing Secret called `my-user-secret` that has the User password that you want to use inside it: make sure that you create a Key inside that secret called `user-password` (this key can be found here `postgresql.auth.secretKeys.userPasswordKey`). i.e. `user-password=Password123`.
+More information can be found by inspecting the [backstage chart](charts/backstage).

charts/_templates.gotmpl

@@ -0,0 +1,7 @@
+{{ define "chart.valuesTable" }}
+| Key | Description | Type | Default |
+|-----|-------------|------|---------|
+{{- range .Values }}
+| {{ .Key }} | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} | {{ .Type }} | {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }} |
+{{- end }}
+{{ end }}

charts/backstage/Chart.lock

@@ -1,9 +1,9 @@
 dependencies:
 - name: common
-  repository: https://charts.bitnami.com/bitnami
-  version: 1.16.0
+  repository: oci://registry-1.docker.io/bitnamicharts
+  version: 2.10.0
 - name: postgresql
-  repository: https://charts.bitnami.com/bitnami
-  version: 11.6.6
-digest: sha256:5f0f118ac2ae2be90edd9c6952da4bcb41feb815b39a575e23ec2a0a9244d9cd
-generated: "2022-06-14T21:14:00.148159+01:00"
+  repository: oci://registry-1.docker.io/bitnamicharts
+  version: 12.10.0
+digest: sha256:77630aa988cef5e3a9f64a9fc3427345f451534e973dbece805850be587cb59e
+generated: "2024-05-11T14:39:32.274594+01:00"

charts/backstage/Chart.yaml

@@ -1,29 +1,41 @@
+annotations:
+  artifacthub.io/category: integration-delivery
+  artifacthub.io/license: Apache-2.0
+  artifacthub.io/links: |
+    - name: support
+      url: https://github.com/backstage/charts/issues
+    - name: Chart Source
+      url: https://github.com/backstage/charts
+    - name: Default Image Source
+      url: https://github.com/backstage/backstage
 apiVersion: v2
-name: backstage
 description: A Helm chart for deploying a Backstage application
-
-# A chart can be either an 'application' or a 'library' chart.
-#
-# Application charts are a collection of templates that can be packaged into versioned archives
-# to be deployed.
-#
-# Library charts provide useful utilities or functions for the chart developer. They're included as
-# a dependency of application charts to inject those utilities and functions into the rendering
-# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+dependencies:
+  - name: common
+    repository: oci://registry-1.docker.io/bitnamicharts
+    tags:
+      - bitnami-common
+    version: 2.10.0
+  - condition: postgresql.enabled
+    name: postgresql
+    repository: oci://registry-1.docker.io/bitnamicharts
+    version: 12.10.0
+home: https://backstage.io
+icon: https://raw.githubusercontent.com/cncf/artwork/master/projects/backstage/icon/color/backstage-icon-color.svg
+keywords:
+  - backstage
+  - idp
+kubeVersion: ">= 1.19.0-0"
+maintainers:
+  - name: Backstage
+    url: https://backstage.io
+name: backstage
 type: application
+sources:
+  - https://github.com/backstage/charts
+  - https://github.com/backstage/backstage
 
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.5.1
-
-dependencies:
-  - name: common
-    repository: https://charts.bitnami.com/bitnami
-    tags:
-      - bitnami-common
-    version: 1.x.x
-  - condition: postgresql.enabled
-    name: postgresql
-    repository: https://charts.bitnami.com/bitnami
-    version: 11.x.x
+version: 2.6.0

charts/backstage/README.md

@@ -0,0 +1,352 @@
+
+# Backstage Helm Chart
+
+[![Artifact Hub](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/backstage)](https://artifacthub.io/packages/search?repo=backstage)
+![Version: 2.6.0](https://img.shields.io/badge/Version-2.6.0-informational?style=flat-square)
+![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
+
+A Helm chart for deploying a Backstage application
+
+**Homepage:** <https://backstage.io>
+
+## Maintainers
+
+| Name | Email | Url |
+| ---- | ------ | --- |
+| Backstage |  | <https://backstage.io> |
+
+## Source Code
+
+* <https://github.com/backstage/charts>
+* <https://github.com/backstage/backstage>
+
+---
+
+[Backstage](https://backstage.io) is an open platform for building developer portals. Powered by a centralized software catalog, Backstage restores order to your microservices and infrastructure and enables your product teams to ship high-quality code quickly — without compromising autonomy.
+
+Backstage unifies all your infrastructure tooling, services, and documentation to create a streamlined development environment from end to end.
+
+> Disclaimer: This Helm chart deploys a pre-packaged container image which contains a vanilla Backstage instance for demo purposes. This image is probably not suitable for use in production. For further customization of the Backstage instance (plugin installation, UI changes, etc.) please create your own custom instance and container image. For details please consult the [Backstage documentation](https://backstage.io/docs)
+
+## TL;DR
+
+```console
+helm repo add backstage https://backstage.github.io/charts
+
+helm install my-release backstage/backstage
+```
+
+## Introduction
+
+This chart bootstraps a [Backstage](https://backstage.io/docs/deployment/docker) deployment on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
+
+## Prerequisites
+
+- Kubernetes 1.25+
+- Helm 3.10+ minimum, 3.14+ recommended
+- PV provisioner support in the underlying infrastructure
+- [Backstage container image](https://backstage.io/docs/deployment/docker)
+
+## Scope
+
+This chart focuses on providing users the same experience and functionality no matter what flavor of Kubernetes they use. This chart will support only patterns that are either customary for all Kubernetes flavors, are commonly used in the Bitnami charts ecosystem, and recognized as Backstage official patterns.
+
+We welcome other, more specialized, charts to use this canonical chart as a direct dependency, expanding the feature set further, beyond this scope.
+
+A list of derived charts:
+- OpenShift specialized chart: [Janus Backstage Helm chart](https://github.com/janus-idp/helm-backstage/tree/main/charts/backstage)
+
+## Usage
+
+Chart is available in the following formats:
+
+- [Chart Repository](https://helm.sh/docs/topics/chart_repository/)
+- [OCI Artifacts](https://helm.sh/docs/topics/registries/)
+
+### Installing from the Chart Repository
+
+The following command can be used to add the chart repository:
+
+```console
+helm repo add backstage https://backstage.github.io/charts
+```
+
+Once the chart has been added, install one of the available charts:
+
+```console
+helm upgrade -i <release_name> backstage/backstage
+```
+
+### Installing from an OCI Registry
+
+Chart is also available in OCI format. The list of available releases can be found [here](https://github.com/backstage/charts/pkgs/container/charts%2Fbackstage).
+
+Install one of the available versions:
+
+```shell
+helm upgrade -i oci://ghcr.io/backstage/charts/backstage --version=<version>
+```
+
+> **Tip**: List all releases using `helm list`
+
+### Uninstalling the Chart
+
+To uninstall/delete the `my-backstage-release` deployment:
+
+```console
+helm uninstall my-backstage-release
+```
+
+The command removes all the Kubernetes components associated with the chart and deletes the release.
+
+## Requirements
+
+Kubernetes: `>= 1.19.0-0`
+
+| Repository | Name | Version |
+|------------|------|---------|
+| oci://registry-1.docker.io/bitnamicharts | common | 2.10.0 |
+| oci://registry-1.docker.io/bitnamicharts | postgresql | 12.10.0 |
+
+## Values
+
+| Key | Description | Type | Default |
+|-----|-------------|------|---------|
+| backstage | Backstage parameters | object | See below |
+| backstage.affinity | Affinity for pod assignment <br /> Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity | object | `{}` |
+| backstage.annotations | Additional custom annotations for the `Deployment` resource | object | `{}` |
+| backstage.appConfig | Generates ConfigMap and configures it in the Backstage pods | object | `{}` |
+| backstage.args | Backstage container command arguments | list | `[]` |
+| backstage.autoscaling | Autoscaling configuration. <br /> Ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/ | object | `{"enabled":false,"maxReplicas":100,"minReplicas":1,"targetCPUUtilizationPercentage":80}` |
+| backstage.command | Backstage container command | list | `["node","packages/backend"]` |
+| backstage.containerPorts | Container ports on the Deployment | object | `{"backend":7007}` |
+| backstage.containerSecurityContext | Security settings for a Container. <br /> Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container | object | `{}` |
+| backstage.extraAppConfig | Extra app configuration files to inline into command arguments | list | `[]` |
+| backstage.extraContainers | Deployment sidecars | list | `[]` |
+| backstage.extraEnvVars | Backstage container environment variables | list | `[]` |
+| backstage.extraEnvVarsCM | Backstage container environment variables from existing ConfigMaps | list | `[]` |
+| backstage.extraEnvVarsSecrets | Backstage container environment variables from existing Secrets | list | `[]` |
+| backstage.extraPorts | Backstage container additional ports | list | `[]` |
+| backstage.extraVolumeMounts | Backstage container additional volume mounts | list | `[]` |
+| backstage.extraVolumes | Backstage container additional volumes | list | `[]` |
+| backstage.hostAliases | Host Aliases for the pod <br /> Ref: https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ | list | `[]` |
+| backstage.image.digest | Backstage image digest (digest takes precedence over image tag) | string | `""` |
+| backstage.image.pullPolicy | Specify a imagePullPolicy. Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' <br /> Ref: https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy | string | `"Always"` |
+| backstage.image.pullSecrets | Optionally specify an array of imagePullSecrets.  Secrets must be manually created in the namespace. <br /> Ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ <br /> E.g: `pullSecrets: [myRegistryKeySecretName]` | list | `[]` |
+| backstage.image.registry | Backstage image registry | string | `"ghcr.io"` |
+| backstage.image.repository | Backstage image repository | string | `"backstage/backstage"` |
+| backstage.image.tag | Backstage image tag (immutable tags are recommended) | string | `"latest"` |
+| backstage.initContainers | Backstage container init containers | list | `[]` |
+| backstage.installDir | Directory containing the backstage installation | string | `"/app"` |
+| backstage.livenessProbe | Liveness Probe Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes <!-- E.g. livenessProbe:   failureThreshold: 3   httpGet:     path: /.backstage/health/v1/liveness     port: 7007     scheme: HTTP   initialDelaySeconds: 60   periodSeconds: 10   successThreshold: 1   timeoutSeconds: 2 | object | `{"httpGet":{"path":"/.backstage/health/v1/liveness","port":7007,"scheme":"HTTP"}}` |
+| backstage.nodeSelector | Node labels for pod assignment <br /> Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector | object | `{}` |
+| backstage.pdb | Pod Disruption Budget configuration ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ | object | `{"create":false,"maxUnavailable":"","minAvailable":""}` |
+| backstage.podAnnotations | Annotations to add to the backend deployment pods | object | `{}` |
+| backstage.podLabels | Labels to add to the backend deployment pods | object | `{}` |
+| backstage.podSecurityContext | Security settings for a Pod.  The security settings that you specify for a Pod apply to all Containers in the Pod. <br /> Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod | object | `{}` |
+| backstage.readinessProbe | Readiness Probe Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes <!-- E.g. readinessProbe:   failureThreshold: 3   httpGet:     path: /.backstage/health/v1/readiness     port: 7007     scheme: HTTP   initialDelaySeconds: 30   periodSeconds: 10   successThreshold: 2   timeoutSeconds: 2 | object | `{"httpGet":{"path":"/.backstage/health/v1/readiness","port":7007,"scheme":"HTTP"}}` |
+| backstage.replicas | Number of deployment replicas | int | `1` |
+| backstage.resources | Resource requests/limits <br /> Ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-requests-and-limits-of-pod-and-container <!-- E.g. resources:   limits:     memory: 1Gi     cpu: 1000m   requests:     memory: 250Mi     cpu: 100m --> | object | `{}` |
+| backstage.revisionHistoryLimit | Define the [count of deployment revisions](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#clean-up-policy) to be kept. May be set to 0 in case of GitOps deployment approach. | int | `10` |
+| backstage.startupProbe | Startup Probe Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes <!-- E.g. startupProbe:   failureThreshold: 3   httpGet:     path: /.backstage/health/v1/liveness     port: 7007     scheme: HTTP   initialDelaySeconds: 60   periodSeconds: 10   successThreshold: 1   timeoutSeconds: 2 | object | `{"httpGet":{"path":"/.backstage/health/v1/liveness","port":7007,"scheme":"HTTP"}}` |
+| backstage.tolerations | Node tolerations for server scheduling to nodes with taints <br /> Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ | list | `[]` |
+| backstage.topologySpreadConstraints | Topology Spread Constraints for pod assignment <br /> Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#pod-topology-spread-constraints | list | `[]` |
+| clusterDomain | Default Kubernetes cluster domain | string | `"cluster.local"` |
+| commonAnnotations | Annotations to add to all deployed objects | object | `{}` |
+| commonLabels | Labels to add to all deployed objects | object | `{}` |
+| diagnosticMode | Enable diagnostic mode in the Deployment | object | `{"args":["infinity"],"command":["sleep"],"enabled":false}` |
+| diagnosticMode.args | Args to override all containers in the Deployment | list | `["infinity"]` |
+| diagnosticMode.command | Command to override all containers in the Deployment | list | `["sleep"]` |
+| diagnosticMode.enabled | Enable diagnostic mode (all probes will be disabled and the command will be overridden) | bool | `false` |
+| extraDeploy | Array of extra objects to deploy with the release | list | `[]` |
+| fullnameOverride | String to fully override common.names.fullname | string | `""` |
+| global | Global parameters Global Docker image parameters Please, note that this will override the image parameters, including dependencies, configured to use the global value Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass | object | See below |
+| global.imagePullSecrets | Global Docker registry secret names as an array </br> E.g. `imagePullSecrets: [myRegistryKeySecretName]` | list | `[]` |
+| global.imageRegistry | Global Docker image registry | string | `""` |
+| ingress | Ingress parameters | object | `{"annotations":{},"className":"","enabled":false,"extraHosts":[],"extraTls":[],"host":"","path":"/","tls":{"enabled":false,"secretName":""}}` |
+| ingress.annotations | Additional annotations for the Ingress resource | object | `{}` |
+| ingress.className | Name of the IngressClass cluster resource which defines which controller will implement the resource (e.g nginx) | string | `""` |
+| ingress.enabled | Enable the creation of the ingress resource | bool | `false` |
+| ingress.extraHosts | List of additional hostnames to be covered with this ingress record (e.g. a CNAME) <!-- E.g. extraHosts:   - name: backstage.env.example.com     path: / (Optional)     pathType: Prefix (Optional)     port: 7007 (Optional) --> | list | `[]` |
+| ingress.extraTls | The TLS configuration for additional hostnames to be covered with this ingress record. <br /> Ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls <!-- E.g. extraTls:   - hosts:     - backstage.env.example.com     secretName: backstage-env --> | list | `[]` |
+| ingress.host | Hostname to be used to expose the route to access the backstage application (e.g: backstage.IP.nip.io) | string | `""` |
+| ingress.path | Path to be used to expose the full route to access the backstage application (e.g: IP.nip.io/backstage) | string | `"/"` |
+| ingress.tls | Ingress TLS parameters | object | `{"enabled":false,"secretName":""}` |
+| ingress.tls.enabled | Enable TLS configuration for the host defined at `ingress.host` parameter | bool | `false` |
+| ingress.tls.secretName | The name to which the TLS Secret will be called | string | `""` |
+| kubeVersion | Override Kubernetes version | string | `""` |
+| metrics | Metrics configuration | object | `{"serviceMonitor":{"annotations":{},"enabled":false,"interval":null,"labels":{},"path":"/metrics","port":"http-backend"}}` |
+| metrics.serviceMonitor | ServiceMonitor configuration <br /> Allows configuring your backstage instance as a scrape target for [Prometheus](https://github.com/prometheus/prometheus) using a ServiceMonitor custom resource that [Prometheus Operator](https://github.com/prometheus-operator/prometheus-operator) can understand. | object | `{"annotations":{},"enabled":false,"interval":null,"labels":{},"path":"/metrics","port":"http-backend"}` |
+| metrics.serviceMonitor.annotations | ServiceMonitor annotations | object | `{}` |
+| metrics.serviceMonitor.enabled | If enabled, a ServiceMonitor resource for Prometheus Operator is created <br /> Prometheus Operator must be installed in your cluster prior to enabling. | bool | `false` |
+| metrics.serviceMonitor.interval | ServiceMonitor scrape interval | string | `nil` |
+| metrics.serviceMonitor.labels | Additional ServiceMonitor labels | object | `{}` |
+| metrics.serviceMonitor.path | ServiceMonitor endpoint path <br /> Note that the /metrics endpoint is NOT present in a freshly scaffolded Backstage app. To setup, follow the [Prometheus metrics tutorial](https://github.com/backstage/backstage/blob/master/contrib/docs/tutorials/prometheus-metrics.md). | string | `"/metrics"` |
+| metrics.serviceMonitor.port | ServiceMonitor endpoint port <br /> The port where the metrics are exposed. If using OpenTelemetry as [documented here](https://backstage.io/docs/tutorials/setup-opentelemetry/), then the port needs to be explicitly specified. OpenTelemetry's default port is 9464. | string | `"http-backend"` |
+| nameOverride | String to partially override common.names.fullname | string | `""` |
+| networkPolicy.egressRules.customRules | Additional custom egress rules | list | `[]` |
+| networkPolicy.egressRules.denyConnectionsToExternal | Deny external connections. Should not be enabled when working with an external database. | bool | `false` |
+| networkPolicy.enabled | Specifies whether a NetworkPolicy should be created | bool | `false` |
+| networkPolicy.ingressRules.customRules | Additional custom ingress rules | list | `[]` |
+| networkPolicy.ingressRules.namespaceSelector | Namespace selector label allowed to access the Backstage instance | object | `{}` |
+| networkPolicy.ingressRules.podSelector | Pod selector label allowed to access the Backstage instance | object | `{}` |
+| postgresql | PostgreSQL [chart configuration](https://github.com/bitnami/charts/blob/master/bitnami/postgresql/values.yaml) | object | See below |
+| postgresql.architecture | PostgreSQL architecture (`standalone` or `replication`) | string | `"standalone"` |
+| postgresql.auth | The authentication details of the Postgres database | object | `{"existingSecret":"","password":"","secretKeys":{"adminPasswordKey":"admin-password","replicationPasswordKey":"replication-password","userPasswordKey":"user-password"},"username":"bn_backstage"}` |
+| postgresql.auth.existingSecret | Name of existing secret to use for PostgreSQL credentials | string | `""` |
+| postgresql.auth.password | Password for the custom user to create | string | `""` |
+| postgresql.auth.secretKeys | The secret keys Postgres will look for to retrieve the relevant password | object | `{"adminPasswordKey":"admin-password","replicationPasswordKey":"replication-password","userPasswordKey":"user-password"}` |
+| postgresql.auth.secretKeys.adminPasswordKey | The key in which Postgres will look for, for the admin password, in the existing Secret | string | `"admin-password"` |
+| postgresql.auth.secretKeys.replicationPasswordKey | The key in which Postgres will look for, for the replication password, in the existing Secret | string | `"replication-password"` |
+| postgresql.auth.secretKeys.userPasswordKey | The key in which Postgres will look for, for the user password, in the existing Secret | string | `"user-password"` |
+| postgresql.auth.username | Name for a custom user to create | string | `"bn_backstage"` |
+| postgresql.enabled | Switch to enable or disable the PostgreSQL helm chart | bool | `false` |
+| service | Service parameters | object | See below |
+| service.annotations | Additional custom annotations for Backstage service | object | `{}` |
+| service.clusterIP | Backstage service Cluster IP  <br /> E.g `clusterIP: None` | string | `""` |
+| service.externalTrafficPolicy | Backstage service external traffic policy  Ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip | string | `"Cluster"` |
+| service.extraPorts | Extra ports to expose in the Backstage service (normally used with the `sidecar` value) | list | `[]` |
+| service.ipFamilies | IP Families  <br /> Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack | list | `[]` |
+| service.ipFamilyPolicy | IP Family Policy  <br /> Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack | string | `""` |
+| service.loadBalancerIP | Backstage service Load Balancer IP  <br /> Ref: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer | string | `""` |
+| service.loadBalancerSourceRanges | Load Balancer sources  <br /> Ref: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer <br /> E.g `loadBalancerSourceRanges: [10.10.10.0/24]` | list | `[]` |
+| service.nodePorts | Node port for the Backstage client connections Choose port between `30000-32767` | object | `{"backend":""}` |
+| service.ports | Backstage svc port for client connections | object | `{"backend":7007,"name":"http-backend","targetPort":"backend"}` |
+| service.ports.name | Backstage svc port name | string | `"http-backend"` |
+| service.ports.targetPort | Backstage svc target port referencing receiving pod container port | string | `"backend"` |
+| service.sessionAffinity | Control where client requests go, to the same pod or round-robin (values: `ClientIP` or `None`) <br /> Ref: https://kubernetes.io/docs/concepts/services-networking/service/#session-stickiness | string | `"None"` |
+| service.type | Kubernetes Service type | string | `"ClusterIP"` |
+| serviceAccount | Service Account Configuration | object | See below |
+| serviceAccount.annotations | Additional custom annotations for the ServiceAccount. | object | `{}` |
+| serviceAccount.automountServiceAccountToken | Auto-mount the service account token in the pod | bool | `true` |
+| serviceAccount.create | Enable the creation of a ServiceAccount for Backstage pods | bool | `false` |
+| serviceAccount.labels | Additional custom labels to the service ServiceAccount. | object | `{}` |
+| serviceAccount.name | Name of the ServiceAccount to use If not set and `serviceAccount.create` is true, a name is generated | string | `""` |
+
+## Configure your Backstage instance
+
+The Backstage Chart makes it possible to configure your backstage instance by passing extra environment variables or static configuration files, without rebuilding the docker image.
+
+### Environment variables
+
+Use `backstage.extraEnvVars` to pass extra environment variables. **This is used for environment variables containing non sensitive information:**
+
+```diff
+  backstage:
++   extraEnvVars:
++     - name: MY_PLUGIN_HOST
++       value: http://my-plugin-host
+```
+
+It is possible to override values defined in your `app-config.yaml` by appending the `APP_CONFIG` prefix to each environment variable, as described in the [official documentation](https://backstage.io/docs/conf/#supplying-configuration).
+For example, to override the `backend.cache.store` property defined in your `app-config.yaml`, do:
+
+```diff
+  backstage:
+    extraEnvVars:
++     - name: APP_CONFIG_backend_cache_store
++       value: memory
+```
+
+### Sensitive environment variables
+
+In case your environment variables contain sensitive information, such as `BACKEND_SECRET` or `POSTGRES_PASSWORD` it is recommended store them in a [Kubernetes Secret](https://kubernetes.io/docs/concepts/configuration/secret/).
+
+Create a new file named `my-backstage-secrets.yaml` containing the secrets you want to store:
+
+```yaml
+# my-backstage-secrets.yaml
+apiVersion: v1
+kind: Secret
+metadata:
+  name: my-backstage-secrets
+type: Opaque
+data:
+  BACKEND_SECRET: YmFja3N0YWdl
+  POSTGRES_PASSWORD: aHVudGVyMg==
+```
+
+Make sure to customize the name of the secret by changing `metadata.name` properly.
+
+Now create the new secret in your Kubernetes cluster by running the following command:
+
+```bash
+$ kubectl apply -f my-backstage-secrets.yaml`
+```
+
+Once the secret has been created, pass the secret's reference to your backstage instance by adding the following lines to your `values.yaml`:
+
+```diff
+  backstage:
++   extraEnvVarsSecrets:
++     - my-backstage-secrets
+```
+
+The chart will make sure to pass the secrets to your Backstage instance.
+
+### Pass extra configuration files
+
+A generated Backstage docker image contains some static configuration files, such as `app-config.yaml` and `app-config.production.yaml`.
+It is possible to pass extra configuration files by defining them as [ConfigMap](https://kubernetes.io/docs/concepts/configuration/configmap/), without rebuilding the Docker image.
+
+To do so, run:
+
+```bash
+$ kubectl create configmap my-app-config --from-file=app-config.extra.yaml=./local/path/to/your/app-config.extra.yaml`
+```
+
+This command parses your local `app-config.extra.yaml` and creates a new ConfigMap called `my-app-config` which internally contains a file called `app-config.extra.yaml` with the content of the parsed file.
+
+Now that the ConfigMap has been created on your Kubernetes cluster, you can reference the ConfigMap:
+
+```diff
+  backstage:
++   extraAppConfig:
++     - filename: app-config.extra.yaml
++       configMapRef: my-app-config
+```
+
+The chart will mount the content of the ConfigMap as a new `app-config.extra.yaml` file and automatically pass the extra configuration to your instance.
+
+### Pass configuration to be stored in a ConfigMap
+
+> :warning: In case of using both appConfig and extraAppConfig, appConfig will have higher priority over extraAppConfig. For more information you can check the [Backstage docs](https://backstage.io/docs/conf/writing#configuration-files) and how this [Helm Chart configures the Backstage arguments](templates/backstage-deployment.yaml)
+
+In addition to following the [previous step "Pass extra configuration files"](#pass-extra-configuration-files), you can get the Config Map automatically deployed with this Helm Chart by defining the key `appConfig`:
+
+```diff
+  backstage:
++   appConfig:
++     app:
++       baseUrl: https://somedomain.tld
+```
+
+The chart will mount the content of the ConfigMap as a new `app-config-from-configmap.yaml` file and automatically pass the extra configuration to your instance.
+
+### Configuring Chart PostgreSQL
+
+With the Backstage Helm Chart, it offers - as a subchart - a Bitnami PostgreSQL database. This can be enabled by switching `postgresql.enabled` to true (it is `false` by default). If switched on, the Helm Chart, on deployment, will automatically deploy a PostgreSQL instance and configure it with the credentials you specify. There are multiple ways of doing this that will be detailed below.
+
+#### Automatic Database Credential Creation
+
+This is the easiest of the configuration options. Here, the credentials for both the Admin and Database users will be automatically generated and put into a Kubernetes secret. This will then be automatically used by Backstage. In order to use this method, ensure the following:
+
+- Keep `postgresql.auth.existingSecret` & `postgresql.auth.password` empty.
+
+#### Specifying Password for PostgreSQL to Use
+
+Here, you can specify the password that you want PostgreSQL to use for its Database User (The user that Backstage will use to connect to the database). In order to use this method, ensure the following:
+
+- Keep `postgresql.auth.existingSecret` empty.
+- Set `postgresql.auth.password` to your desired User password value.
+
+> **_NOTE:_** Be careful that you provide this value securely.
+
+#### Specifying Existing Secret for PostgreSQL to Use
+
+Here, you can specify an existing Kubernetes secret that you have created which contains the Password that you want PostgreSQL to use. The secret must be in the same namespace as where you are deploying the Helm Chart. In order to use this method, ensure the following:
+
+- Create the Kubernetes secret with the Password inside.
+- Set `postgresql.auth.existingSecret` to the name of the Secret
+- PostgreSQL by default will look for the relevant Password keys that are set by default here `postgresql.auth.secretKeys`. So make sure that the Keys in the Secret match the default `secretKeys` values. More information [here](https://artifacthub.io/packages/helm/bitnami/postgresql)
+- For example, if you want PostgreSQL to use an existing Secret called `my-user-secret` that has the User password that you want to use inside it: make sure that you create a Key inside that secret called `user-password` (this key can be found here `postgresql.auth.secretKeys.userPasswordKey`). i.e. `user-password=Password123`.

charts/backstage/README.md.gotmpl

@@ -0,0 +1,226 @@
+# Backstage Helm Chart
+
+{{ template "chart.deprecationWarning" . }}
+
+[![Artifact Hub](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/backstage)](https://artifacthub.io/packages/search?repo=backstage)
+{{ template "chart.versionBadge" . }}
+{{ template "chart.typeBadge" . }}
+
+{{ template "chart.description" . }}
+
+{{ template "chart.homepageLine" . }}
+
+{{ template "chart.maintainersSection" . }}
+
+{{ template "chart.sourcesSection" . }}
+
+---
+
+[Backstage](https://backstage.io) is an open platform for building developer portals. Powered by a centralized software catalog, Backstage restores order to your microservices and infrastructure and enables your product teams to ship high-quality code quickly — without compromising autonomy.
+
+Backstage unifies all your infrastructure tooling, services, and documentation to create a streamlined development environment from end to end.
+
+> Disclaimer: This Helm chart deploys a pre-packaged container image which contains a vanilla Backstage instance for demo purposes. This image is probably not suitable for use in production. For further customization of the Backstage instance (plugin installation, UI changes, etc.) please create your own custom instance and container image. For details please consult the [Backstage documentation](https://backstage.io/docs)
+
+## TL;DR
+
+```console
+helm repo add backstage https://backstage.github.io/charts
+
+helm install my-release backstage/backstage
+```
+
+## Introduction
+
+This chart bootstraps a [Backstage](https://backstage.io/docs/deployment/docker) deployment on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
+
+## Prerequisites
+
+- Kubernetes 1.25+
+- Helm 3.10+ minimum, 3.14+ recommended
+- PV provisioner support in the underlying infrastructure
+- [Backstage container image](https://backstage.io/docs/deployment/docker)
+
+## Scope
+
+This chart focuses on providing users the same experience and functionality no matter what flavor of Kubernetes they use. This chart will support only patterns that are either customary for all Kubernetes flavors, are commonly used in the Bitnami charts ecosystem, and recognized as Backstage official patterns.
+
+We welcome other, more specialized, charts to use this canonical chart as a direct dependency, expanding the feature set further, beyond this scope.
+
+A list of derived charts:
+- OpenShift specialized chart: [Janus Backstage Helm chart](https://github.com/janus-idp/helm-backstage/tree/main/charts/backstage)
+
+## Usage
+
+Chart is available in the following formats:
+
+- [Chart Repository](https://helm.sh/docs/topics/chart_repository/)
+- [OCI Artifacts](https://helm.sh/docs/topics/registries/)
+
+### Installing from the Chart Repository
+
+The following command can be used to add the chart repository:
+
+```console
+helm repo add backstage https://backstage.github.io/charts
+```
+
+Once the chart has been added, install one of the available charts:
+
+```console
+helm upgrade -i <release_name> backstage/backstage
+```
+
+### Installing from an OCI Registry
+
+Chart is also available in OCI format. The list of available releases can be found [here](https://github.com/backstage/charts/pkgs/container/charts%2Fbackstage).
+
+Install one of the available versions:
+
+```shell
+helm upgrade -i oci://ghcr.io/backstage/charts/backstage --version=<version>
+```
+
+> **Tip**: List all releases using `helm list`
+
+### Uninstalling the Chart
+
+To uninstall/delete the `my-backstage-release` deployment:
+
+```console
+helm uninstall my-backstage-release
+```
+
+The command removes all the Kubernetes components associated with the chart and deletes the release.
+
+{{ template "chart.requirementsSection" . }}
+
+{{ template "chart.valuesSection" . }}
+
+## Configure your Backstage instance
+
+The Backstage Chart makes it possible to configure your backstage instance by passing extra environment variables or static configuration files, without rebuilding the docker image.
+
+### Environment variables
+
+Use `backstage.extraEnvVars` to pass extra environment variables. **This is used for environment variables containing non sensitive information:**
+
+```diff
+  backstage:
++   extraEnvVars:
++     - name: MY_PLUGIN_HOST
++       value: http://my-plugin-host
+```
+
+It is possible to override values defined in your `app-config.yaml` by appending the `APP_CONFIG` prefix to each environment variable, as described in the [official documentation](https://backstage.io/docs/conf/#supplying-configuration).
+For example, to override the `backend.cache.store` property defined in your `app-config.yaml`, do:
+
+```diff
+  backstage:
+    extraEnvVars:
++     - name: APP_CONFIG_backend_cache_store
++       value: memory
+```
+
+### Sensitive environment variables
+
+In case your environment variables contain sensitive information, such as `BACKEND_SECRET` or `POSTGRES_PASSWORD` it is recommended store them in a [Kubernetes Secret](https://kubernetes.io/docs/concepts/configuration/secret/).
+
+Create a new file named `my-backstage-secrets.yaml` containing the secrets you want to store:
+
+```yaml
+# my-backstage-secrets.yaml
+apiVersion: v1
+kind: Secret
+metadata:
+  name: my-backstage-secrets
+type: Opaque
+data:
+  BACKEND_SECRET: YmFja3N0YWdl
+  POSTGRES_PASSWORD: aHVudGVyMg==
+```
+
+Make sure to customize the name of the secret by changing `metadata.name` properly.
+
+Now create the new secret in your Kubernetes cluster by running the following command:
+
+```bash
+$ kubectl apply -f my-backstage-secrets.yaml`
+```
+
+Once the secret has been created, pass the secret's reference to your backstage instance by adding the following lines to your `values.yaml`:
+
+```diff
+  backstage:
++   extraEnvVarsSecrets:
++     - my-backstage-secrets
+```
+
+The chart will make sure to pass the secrets to your Backstage instance.
+
+### Pass extra configuration files
+
+A generated Backstage docker image contains some static configuration files, such as `app-config.yaml` and `app-config.production.yaml`.
+It is possible to pass extra configuration files by defining them as [ConfigMap](https://kubernetes.io/docs/concepts/configuration/configmap/), without rebuilding the Docker image.
+
+To do so, run:
+
+```bash
+$ kubectl create configmap my-app-config --from-file=app-config.extra.yaml=./local/path/to/your/app-config.extra.yaml`
+```
+
+This command parses your local `app-config.extra.yaml` and creates a new ConfigMap called `my-app-config` which internally contains a file called `app-config.extra.yaml` with the content of the parsed file.
+
+Now that the ConfigMap has been created on your Kubernetes cluster, you can reference the ConfigMap:
+
+```diff
+  backstage:
++   extraAppConfig:
++     - filename: app-config.extra.yaml
++       configMapRef: my-app-config
+```
+
+The chart will mount the content of the ConfigMap as a new `app-config.extra.yaml` file and automatically pass the extra configuration to your instance.
+
+### Pass configuration to be stored in a ConfigMap
+
+> :warning: In case of using both appConfig and extraAppConfig, appConfig will have higher priority over extraAppConfig. For more information you can check the [Backstage docs](https://backstage.io/docs/conf/writing#configuration-files) and how this [Helm Chart configures the Backstage arguments](templates/backstage-deployment.yaml)
+
+In addition to following the [previous step "Pass extra configuration files"](#pass-extra-configuration-files), you can get the Config Map automatically deployed with this Helm Chart by defining the key `appConfig`:
+
+```diff
+  backstage:
++   appConfig:
++     app:
++       baseUrl: https://somedomain.tld
+```
+
+The chart will mount the content of the ConfigMap as a new `app-config-from-configmap.yaml` file and automatically pass the extra configuration to your instance.
+
+### Configuring Chart PostgreSQL
+
+With the Backstage Helm Chart, it offers - as a subchart - a Bitnami PostgreSQL database. This can be enabled by switching `postgresql.enabled` to true (it is `false` by default). If switched on, the Helm Chart, on deployment, will automatically deploy a PostgreSQL instance and configure it with the credentials you specify. There are multiple ways of doing this that will be detailed below.
+
+#### Automatic Database Credential Creation
+
+This is the easiest of the configuration options. Here, the credentials for both the Admin and Database users will be automatically generated and put into a Kubernetes secret. This will then be automatically used by Backstage. In order to use this method, ensure the following:
+
+- Keep `postgresql.auth.existingSecret` & `postgresql.auth.password` empty.
+
+#### Specifying Password for PostgreSQL to Use
+
+Here, you can specify the password that you want PostgreSQL to use for its Database User (The user that Backstage will use to connect to the database). In order to use this method, ensure the following:
+
+- Keep `postgresql.auth.existingSecret` empty.
+- Set `postgresql.auth.password` to your desired User password value.
+
+> **_NOTE:_** Be careful that you provide this value securely.
+
+#### Specifying Existing Secret for PostgreSQL to Use
+
+Here, you can specify an existing Kubernetes secret that you have created which contains the Password that you want PostgreSQL to use. The secret must be in the same namespace as where you are deploying the Helm Chart. In order to use this method, ensure the following:
+
+- Create the Kubernetes secret with the Password inside.
+- Set `postgresql.auth.existingSecret` to the name of the Secret
+- PostgreSQL by default will look for the relevant Password keys that are set by default here `postgresql.auth.secretKeys`. So make sure that the Keys in the Secret match the default `secretKeys` values. More information [here](https://artifacthub.io/packages/helm/bitnami/postgresql)
+- For example, if you want PostgreSQL to use an existing Secret called `my-user-secret` that has the User password that you want to use inside it: make sure that you create a Key inside that secret called `user-password` (this key can be found here `postgresql.auth.secretKeys.userPasswordKey`). i.e. `user-password=Password123`.

charts/backstage/artifacthub-repo.yml

@@ -0,0 +1,12 @@
+# Artifact Hub repository metadata file
+#
+# Some settings like the verified publisher flag or the ignored packages won't
+# be applied until the next time the repository is processed. Please keep in
+# mind that the repository won't be processed if it has not changed since the
+# last time it was processed. Depending on the repository kind, this is checked
+# in a different way. For Helm http based repositories, we consider it has
+# changed if the `index.yaml` file changes. For git based repositories, it does
+# when the hash of the last commit in the branch you set up changes. This does
+# NOT apply to ownership claim operations, which are processed immediately.
+#
+repositoryID: b17b52d1-dd33-4328-84bf-259d5ee7546b

charts/backstage/chart_schema.yaml

@@ -0,0 +1,37 @@
+name: str()
+home: str(required=False)
+version: str()
+appVersion: any(str(), num(), required=False)
+description: str(required=False)
+keywords: list(str(), required=False)
+sources: list(str(), required=False)
+maintainers: list(include('maintainer'), required=False)
+dependencies: list(include('dependency'), required=False)
+icon: str(required=False)
+engine: str(required=False)
+condition: str(required=False)
+tags: str(required=False)
+deprecated: bool(required=False)
+apiVersion: str()
+kubeVersion: str(required=False)
+type: str(required=False)
+annotations: map(str(), str(), required=False)
+---
+maintainer:
+  name: str(required=False)
+  email: str(required=False)
+  url: str(required=False)
+---
+dependency:
+  name: str()
+  version: str()
+  repository: str()
+  condition: str(required=False)
+  tags: list(str(), required=False)
+  enabled: bool(required=False)
+  import-values: any(list(str()), list(include('import-value')), required=False)
+  alias: str(required=False)
+---
+import-value:
+  child: str()
+  parent: str()

charts/backstage/ci/appConfig-values.yaml

@@ -0,0 +1,16 @@
+backstage:
+  appConfig:
+    techdocs:
+      builder: "local"
+    app:
+      # Let's test that everything is fine with comments
+      title: The very best Backstage Helm Chart! :D
+      baseUrl: https://somedomain.tl
+    backend:
+      baseUrl: https://somedomain.tl
+      listen:
+        port: 12345
+      auth:
+        keys:
+          # Is just a random b64 string for test purposes
+          - secret: N4+P+zJrErWRUGm0ZbVVhX1ZC81aSP81

charts/backstage/ci/autoscaling-values.yaml

@@ -0,0 +1,7 @@
+backstage:
+  autoscaling:
+    enabled: true
+    minReplicas: 1
+    maxReplicas: 3
+    targetCPUUtilizationPercentage: 75
+    targetMemoryUtilizationPercentage: 90

charts/backstage/ci/extraDeploy-values.yaml

@@ -0,0 +1,7 @@
+extraDeploy:
+- apiVersion: v1
+  kind: ConfigMap
+  metadata:
+    name: foo
+  data:
+    bar: baz

charts/backstage/ci/extraVolumes-values.yaml

@@ -0,0 +1,9 @@
+backstage:
+  extraVolumeMounts:
+    - name: test
+      mountPath: /somepath
+      readOnly: true
+  extraVolumes:
+    - name: test
+      emptyDir:
+        sizeLimit: 5Mi

charts/backstage/ci/image-digest-values.yaml

@@ -0,0 +1,5 @@
+backstage:
+  image:
+    registry: ghcr.io
+    repository: backstage/backstage
+    digest: "sha256:f9ffa809e2c3f351699129d57edd6e64ca9ea5a4d4dd6339fed1ec80a30bc042"

charts/backstage/ci/ingress-extraHosts-values.yaml

@@ -0,0 +1,12 @@
+ingress:
+  enabled: true
+  host: backstage.example.com
+  tls:
+    enabled: true
+    secretName: "backstage-tls"
+  extraHosts:
+    - name: backstage.dev.example.com
+  extraTls:
+    - hosts:
+      - backstage.dev.example.com
+      secretName: "backstage-dev-tls"

charts/backstage/ci/ingress-values.yaml

@@ -0,0 +1,6 @@
+ingress:
+  enabled: true
+  host: backstage.example.com
+  tls:
+    enabled: true
+    secretName: "backstage-tls"

charts/backstage/ci/postgres-generated-creds-values.yaml

@@ -0,0 +1,8 @@
+postgresql:
+  enabled: true
+
+  # we enable postgres and allow the subchart to automatically generate the credentials
+  # that backstage will use
+  auth:
+    existingSecret: ""
+    password: ""

charts/backstage/ci/postgres-provided-creds-values.yaml

@@ -0,0 +1,8 @@
+postgresql:
+  enabled: true
+
+  auth:
+    existingSecret: ""
+    # we provide a password for the subchart to use.
+    # this is just a password for purposes of CI tests
+    password: "mytestpassword"

charts/backstage/ci/probes-values.yaml

@@ -0,0 +1,44 @@
+backstage:
+  appConfig:
+    techdocs:
+      builder: "local"
+    app:
+      # Let's test that everything is fine with comments
+      title: The very best Backstage Helm Chart! :D
+      baseUrl: https://somedomain.tl
+    backend:
+      baseUrl: https://somedomain.tl
+      auth:
+        keys:
+          # Is just a random b64 string for test purposes
+          - secret: N4+P+zJrErWRUGm0ZbVVhX1ZC81aSP81
+  readinessProbe:
+    failureThreshold: 3
+    httpGet:
+      path: /.backstage/health/v1/readiness
+      port: 7007
+      scheme: HTTP
+    initialDelaySeconds: 30
+    periodSeconds: 10
+    successThreshold: 2
+    timeoutSeconds: 2
+  livenessProbe:
+    failureThreshold: 3
+    httpGet:
+      path: /.backstage/health/v1/liveness
+      port: 7007
+      scheme: HTTP
+    initialDelaySeconds: 60
+    periodSeconds: 10
+    successThreshold: 1
+    timeoutSeconds: 2
+  startupProbe:
+    failureThreshold: 3
+    httpGet:
+      path: /.backstage/health/v1/liveness
+      port: 7007
+      scheme: HTTP
+    initialDelaySeconds: 60
+    periodSeconds: 10
+    successThreshold: 1
+    timeoutSeconds: 2

charts/backstage/ci/service-dualstack-ip-family-values.yaml

@@ -0,0 +1,4 @@
+service:
+  ipFamilyPolicy: PreferDualStack
+  ipFamilies:
+    - IPv4

charts/backstage/ci/service-monitor.yaml

@@ -0,0 +1,9 @@
+metrics:
+  serviceMonitor:
+    enabled: true
+    annotations:
+      test: test
+    labels:
+      test: test
+    path: /metrics
+    port: http-backend

charts/backstage/ci/topologySpreadConstraints-values.yaml

@@ -0,0 +1,10 @@
+backstage:
+  topologySpreadConstraints:
+  - maxSkew: 1
+    topologyKey: kubernetes.io/hostname
+    whenUnsatisfiable: DoNotSchedule
+    labelSelector:
+      matchLabels:
+        app.kubernetes.io/component: backstage
+    matchLabelKeys:
+      - pod-template-hash

charts/backstage/templates/_helpers.tpl

@@ -5,6 +5,24 @@ Return the proper image name
 {{ include "common.images.image" (dict "imageRoot" .Values.backstage.image "global" .Values.global) }}
 {{- end -}}
 
+{{/*
+Return the proper Docker Image Registry Secret Names
+*/}}
+{{- define "backstage.renderImagePullSecrets" -}}
+{{- include "common.images.renderPullSecrets" (dict "images" (list .Values.backstage.image) "context" $) -}}
+{{- end -}}
+
+{{/*
+ Create the name of the service account to use
+ */}}
+{{- define "backstage.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create -}}
+    {{ default (include "common.names.fullname" .) .Values.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
 {{/*
 Create a default fully qualified app name.
 We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
@@ -28,7 +46,9 @@ Return the Postgres Database hostname
 Return the Postgres Database Secret Name
 */}}
 {{- define "backstage.postgresql.databaseSecretName" -}}
-{{- if .Values.postgresql.auth.existingSecret }}
+{{- if ((((.Values).global).postgresql).auth).existingSecret }}
+    {{- tpl .Values.global.postgresql.auth.existingSecret $ -}}
+{{- else if .Values.postgresql.auth.existingSecret }}
     {{- tpl .Values.postgresql.auth.existingSecret $ -}}
 {{- else -}}
     {{- default (include "backstage.postgresql.fullname" .) (tpl .Values.postgresql.auth.existingSecret $) -}}
@@ -39,9 +59,16 @@ Return the Postgres Database Secret Name
 Return the Postgres databaseSecret key to retrieve credentials for database
 */}}
 {{- define "backstage.postgresql.databaseSecretKey" -}}
-{{- if .Values.postgresql.auth.existingSecret -}}
-    {{- .Values.postgresql.auth.secretKeys.userPasswordKey  -}}
+{{- $defaultDatabaseSecretKey := "password" -}}
+{{- if (or ((((.Values).global).postgresql).auth).existingSecret .Values.postgresql.auth.existingSecret) }}
+    {{- if (((((.Values).global).postgresql).auth).secretKeys).userPasswordKey -}}
+        {{- .Values.global.postgresql.auth.secretKeys.userPasswordKey  -}}
+    {{- else if ((((.Values).postgresql).auth).secretKeys).userPasswordKey -}}
+        {{- .Values.postgresql.auth.secretKeys.userPasswordKey  -}}
+    {{- else -}}
+        {{- print $defaultDatabaseSecretKey -}}
+    {{- end -}}
 {{- else -}}
-    {{- print "password" -}}
+    {{- print $defaultDatabaseSecretKey -}}
 {{- end -}}
 {{- end -}}

charts/backstage/templates/app-config-configmap.yaml

@@ -0,0 +1,10 @@
+{{- if .Values.backstage.appConfig }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "common.names.fullname" . }}-app-config
+  namespace: {{ .Release.Namespace | quote }}
+data:
+  app-config.yaml: |
+    {{- include "common.tplvalues.render" ( dict "value" .Values.backstage.appConfig "context" $) | nindent 4 }}
+{{- end }}

charts/backstage/templates/backstage-deployment.yaml

@@ -1,5 +1,6 @@
 {{- $imageRepository := .Values.backstage.image.repository | required "The repository name of the image is required (e.g. my-backstage:tag | docker.io/my-backstage:tag) !" -}}
 {{- $imageTag := .Values.backstage.image.tag | required "The image tag is required (e.g my-backstage:tag | docker.io/my-backstage:tag) !" -}}
+{{- $installDir := .Values.backstage.installDir -}}
 ---
 apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }}
 kind: Deployment
@@ -15,8 +16,14 @@ metadata:
     {{- if .Values.commonAnnotations }}
     {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
     {{- end }}
+    {{- if .Values.backstage.annotations }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.backstage.annotations "context" $) | nindent 4 }}
+    {{- end }}
 spec:
-  replicas: 1
+  {{- if not .Values.backstage.autoscaling.enabled }}
+  replicas: {{ .Values.backstage.replicas }}
+  {{- end }}
+  revisionHistoryLimit: {{ .Values.backstage.revisionHistoryLimit }}
   selector:
     matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }}
       app.kubernetes.io/component: backstage
@@ -24,31 +31,69 @@ spec:
     metadata:
       labels: {{- include "common.labels.standard" . | nindent 8 }}
         app.kubernetes.io/component: backstage
+        {{- if .Values.backstage.podLabels }}
+        {{- include "common.tplvalues.render" ( dict "value" .Values.backstage.podLabels "context" $ ) | nindent 8 }}
+        {{- end }}
+      annotations:
+        checksum/app-config: {{ include "common.tplvalues.render" ( dict "value" .Values.backstage.appConfig "context" $) | sha256sum }}
+        {{- if .Values.backstage.podAnnotations }}
+        {{- include "common.tplvalues.render" ( dict "value" .Values.backstage.podAnnotations "context" $ ) | nindent 8 }}
+        {{- end }}
     spec:
-      {{- if .Values.serviceAccount.create }}
-      serviceAccountName: {{ .Values.serviceAccount.name }}
-      {{- end }}     
+      serviceAccountName: {{ include "backstage.serviceAccountName" . }}
+      {{- if .Values.backstage.podSecurityContext }}
+      securityContext:
+        {{- include "common.tplvalues.render" ( dict "value" .Values.backstage.podSecurityContext "context" $) | nindent 8 }}
+      {{- end }}
+      {{- if .Values.backstage.affinity }}
+      affinity:
+        {{- include "common.tplvalues.render" ( dict "value" .Values.backstage.affinity "context" $) | nindent 8 }}
+      {{- end }}
+      {{- if .Values.backstage.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{- include "common.tplvalues.render" ( dict "value" .Values.backstage.topologySpreadConstraints "context" $) | nindent 8 }}
+      {{- end }}
+      {{- if .Values.backstage.nodeSelector }}
+      nodeSelector:
+        {{- include "common.tplvalues.render" ( dict "value" .Values.backstage.nodeSelector "context" $) | nindent 8 }}
+      {{- end }}
+      {{- if .Values.backstage.tolerations }}
+      tolerations:
+        {{- include "common.tplvalues.render" ( dict "value" .Values.backstage.tolerations "context" $) | nindent 8 }}
+      {{- end }}
+      {{- if .Values.backstage.hostAliases }}
+      hostAliases:
+        {{- include "common.tplvalues.render" ( dict "value" .Values.backstage.hostAliases "context" $) | nindent 8 }}
+      {{- end }}
       volumes:
         {{- if (or .Values.backstage.extraAppConfig (and .Values.backstage.extraVolumeMounts .Values.backstage.extraVolumes)) }}
         {{- range .Values.backstage.extraAppConfig }}
         - name: {{ .configMapRef }}
           configMap:
             name: {{ .configMapRef }}
-        {{- end }}            
+        {{- end }}
         {{- if .Values.backstage.extraVolumes }}
-          {{- toYaml .Values.backstage.extraVolumes | nindent 8 }}
+          {{- include "common.tplvalues.render" ( dict "value" .Values.backstage.extraVolumes "context" $ ) | nindent 8 }}
         {{- end }}
         {{- end }}
-      {{- if .Values.backstage.image.pullSecrets }}
-      imagePullSecrets:
-      {{- range .Values.backstage.image.pullSecrets }}
-          - name: {{ . }}
-      {{- end }}
+        {{- if .Values.backstage.appConfig }}
+        - name: backstage-app-config
+          configMap:
+            name: {{ include "common.names.fullname" . }}-app-config
+        {{- end }}
+      {{- include "backstage.renderImagePullSecrets" . | nindent 6 }}
+      {{- if .Values.backstage.initContainers }}
+      initContainers:
+        {{- include "common.tplvalues.render" ( dict "value" .Values.backstage.initContainers "context" $) | nindent 8 }}
       {{- end }}
       containers:
         - name: backstage-backend
           image: {{ include "backstage.image" . }}
           imagePullPolicy: {{ .Values.backstage.image.pullPolicy | quote -}}
+          {{- if .Values.backstage.containerSecurityContext }}
+          securityContext:
+            {{- include "common.tplvalues.render" ( dict "value" .Values.backstage.containerSecurityContext "context" $) | nindent 12 }}
+          {{- end }}
           {{- if .Values.diagnosticMode.enabled }}
           command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }}
           {{- else if .Values.backstage.command }}
@@ -65,12 +110,32 @@ spec:
           {{- if .Values.backstage.extraAppConfig }}
           {{- range .Values.backstage.extraAppConfig }}
             - "--config"
-            - {{ .filename | quote }}
+            - "{{ $installDir }}/{{ .filename }}"
           {{- end }}
           {{- end }}
+          {{- if .Values.backstage.appConfig }}
+            - "--config"
+            - "{{ $installDir }}/app-config-from-configmap.yaml"
           {{- end }}
-          {{- if .Values.backstage.extraEnvVarsSecrets }}
+          {{- end }}
+          {{- if .Values.backstage.resources }}
+          resources: {{- include "common.tplvalues.render" (dict "value" .Values.backstage.resources "context" $) | nindent 12 }}
+          {{- end }}
+          {{- if .Values.backstage.readinessProbe }}
+          readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.backstage.readinessProbe "context" $) | nindent 12 }}
+          {{- end }}
+          {{- if .Values.backstage.livenessProbe }}
+          livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.backstage.livenessProbe "context" $) | nindent 12 }}
+          {{- end }}
+          {{- if .Values.backstage.startupProbe }}
+          startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.backstage.startupProbe "context" $) | nindent 12 }}
+          {{- end }}
+          {{- if (or .Values.backstage.extraEnvVarsCM .Values.backstage.extraEnvVarsSecrets) }}
           envFrom:
+            {{- range .Values.backstage.extraEnvVarsCM }}
+            - configMapRef:
+                name: {{ . }}
+            {{- end }}
             {{- range .Values.backstage.extraEnvVarsSecrets }}
             - secretRef:
                 name: {{ . }}
@@ -84,7 +149,7 @@ spec:
               value: {{ include "backstage.postgresql.host" . }}
             - name: POSTGRES_PORT
               value: "5432"
-            - name: POSTGRES_USER     
+            - name: POSTGRES_USER
               value: {{ .Values.postgresql.auth.username }}
             - name: POSTGRES_PASSWORD
               valueFrom:
@@ -99,14 +164,25 @@ spec:
             - name: backend
               containerPort: {{ .Values.backstage.containerPorts.backend }}
               protocol: TCP
-          {{- if (or .Values.backstage.extraAppConfig (and .Values.backstage.extraVolumeMounts .Values.backstage.extraVolumes)) }}
+            {{- if .Values.backstage.extraPorts }}
+            {{- include "common.tplvalues.render" ( dict "value" .Values.backstage.extraPorts "context" $) | nindent 12 }}
+            {{- end }}
+          {{- if (or .Values.backstage.extraAppConfig .Values.backstage.appConfig (and .Values.backstage.extraVolumeMounts .Values.backstage.extraVolumes)) }}
           volumeMounts:
             {{- range .Values.backstage.extraAppConfig }}
             - name: {{ .configMapRef }}
-              mountPath: "/app/{{ .filename }}"
-              subPath: {{ .filename }} 
+              mountPath: "{{ $installDir }}/{{ .filename }}"
+              subPath: {{ .filename }}
+            {{- end }}
+            {{- if .Values.backstage.appConfig }}
+            - name: backstage-app-config
+              mountPath: "{{ $installDir }}/app-config-from-configmap.yaml"
+              subPath: app-config.yaml
             {{- end }}
             {{- if .Values.backstage.extraVolumeMounts }}
-              {{- toYaml .Values.backstage.extraVolumeMounts | nindent 12 }}
+              {{- include "common.tplvalues.render" ( dict "value" .Values.backstage.extraVolumeMounts "context" $ ) | nindent 12 }}
             {{- end }}
           {{- end }}
+        {{- if .Values.backstage.extraContainers }}
+        {{- include "common.tplvalues.render" ( dict "value" .Values.backstage.extraContainers "context" $) | nindent 8 }}
+        {{- end }}

charts/backstage/templates/extra-list.yaml

@@ -0,0 +1,4 @@
+{{- range .Values.extraDeploy }}
+---
+{{ include "common.tplvalues.render" (dict "value" . "context" $) }}
+{{- end }}

charts/backstage/templates/hpa.yaml

@@ -0,0 +1,43 @@
+{{- if .Values.backstage.autoscaling.enabled }}
+apiVersion: autoscaling/v2
+kind: HorizontalPodAutoscaler
+metadata:
+  name: {{ include "common.names.fullname" . }}
+  namespace: {{ .Release.Namespace | quote }}
+  labels: {{ include "common.labels.standard" . | nindent 4 }}
+    app.kubernetes.io/component: backstage
+    {{- if .Values.commonLabels }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
+    {{- end }}
+  annotations:
+    {{- if .Values.commonAnnotations }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+    {{- end }}
+    {{- if .Values.backstage.annotations }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.backstage.annotations "context" $) | nindent 4 }}
+    {{- end }}
+spec:
+  scaleTargetRef:
+    apiVersion: apps/v1
+    kind: Deployment
+    name: {{ include "common.names.fullname" . }}
+  minReplicas: {{ .Values.backstage.autoscaling.minReplicas }}
+  maxReplicas: {{ .Values.backstage.autoscaling.maxReplicas }}
+  metrics:
+    {{- if .Values.backstage.autoscaling.targetCPUUtilizationPercentage }}
+    - type: Resource
+      resource:
+        name: cpu
+        target:
+          type: Utilization
+          averageUtilization: {{ .Values.backstage.autoscaling.targetCPUUtilizationPercentage }}
+    {{- end }}
+    {{- if .Values.backstage.autoscaling.targetMemoryUtilizationPercentage }}
+    - type: Resource
+      resource:
+        name: memory
+        target:
+          type: Utilization
+          averageUtilization: {{ .Values.backstage.autoscaling.targetMemoryUtilizationPercentage }}
+    {{- end }}
+{{- end }}

charts/backstage/templates/ingress.yaml

@@ -11,7 +11,7 @@ metadata:
     {{- end }}
   annotations:
     {{- if .Values.ingress.annotations }}
-    {{ include "common.tplvalues.render" ( dict "value" .Values.ingress.annotations "context" $) | nindent 4 }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.ingress.annotations "context" $) | nindent 4 }}
     {{- end }}
     {{- if .Values.commonAnnotations }}
     {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
@@ -20,15 +20,38 @@ spec:
   {{- if .Values.ingress.className }}
   ingressClassName: {{ .Values.ingress.className | quote }}
   {{- end }}
+  {{- if or .Values.ingress.tls.enabled .Values.ingress.extraTls }}
+  tls:
+    {{- if .Values.ingress.tls.enabled }}
+    - hosts:
+      - {{ include "common.tplvalues.render" ( dict "value" .Values.ingress.host "context" $ ) }}
+      secretName: {{ include "common.tplvalues.render" ( dict "value" .Values.ingress.tls.secretName "context" $ ) }}
+    {{- end }}
+    {{- if .Values.ingress.extraTls }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.ingress.extraTls "context" $ ) | nindent 4 }}
+    {{- end }}
+  {{- end }}
   rules:
-    - host: {{ .Values.ingress.host }}
+    - host: {{ include "common.tplvalues.render" ( dict "value" .Values.ingress.host "context" $ ) }}
       http:
         paths:
-          - path: /
+          - path: {{ .Values.ingress.path }}
             pathType: Prefix
             backend:
               service:
                 name: {{ include "common.names.fullname" . }}
                 port:
                   number: {{ .Values.service.ports.backend }}
-{{- end }}
+    {{- range .Values.ingress.extraHosts }}
+    - host: {{ .name | quote }}
+      http:
+        paths:
+          - path: {{ default $.Values.ingress.path .path }}
+            pathType: {{ default "Prefix" .pathType }}
+            backend:
+              service:
+                name: {{ include "common.names.fullname" $ }}
+                port:
+                  number: {{ default $.Values.service.ports.backend .port }}
+    {{- end }}
+{{- end }}

charts/backstage/templates/networkpolicy-egress.yaml

@@ -0,0 +1,38 @@
+{{- if and .Values.networkPolicy.enabled (or .Values.networkPolicy.egressRules.denyConnectionsToExternal .Values.networkPolicy.egressRules.customRules) }}
+apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }}
+kind: NetworkPolicy
+metadata:
+  name: {{ printf "%s-egress" (include "common.names.fullname" .) }}
+  namespace: {{ .Release.Namespace | quote }}
+  labels: {{ include "common.labels.standard" . | nindent 4 }}
+    app.kubernetes.io/component: backstage
+    {{- if .Values.commonLabels }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
+    {{- end }}
+  annotations:
+    {{- if .Values.commonAnnotations }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+    {{- end }}
+    {{- if .Values.backstage.annotations }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.backstage.annotations "context" $) | nindent 4 }}
+    {{- end }}
+spec:
+  podSelector:
+    matchLabels:  {{- include "common.labels.matchLabels" . | nindent 6 }}
+      app.kubernetes.io/component: backstage
+  policyTypes:
+    - Egress
+  egress:
+    {{- if .Values.networkPolicy.egressRules.denyConnectionsToExternal }}
+    - ports:
+        - port: 53
+          protocol: UDP
+        - port: 53
+          protocol: TCP
+    - to:
+        - namespaceSelector: {}
+    {{- end }}
+    {{- if .Values.networkPolicy.egressRules.customRules }}
+    {{- include "common.tplvalues.render" (dict "value" .Values.networkPolicy.egressRules.customRules "context" $) | nindent 4 }}
+    {{- end }}
+{{- end }}

charts/backstage/templates/networkpolicy.yaml

@@ -0,0 +1,40 @@
+{{- if and .Values.networkPolicy.enabled (or .Values.networkPolicy.ingressRules.namespaceSelector .Values.networkPolicy.ingressRules.podSelector .Values.networkPolicy.ingressRules.customRules) }}
+apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }}
+kind: NetworkPolicy
+metadata:
+  name: {{ include "common.names.fullname" . }}
+  namespace: {{ .Release.Namespace | quote }}
+  labels: {{ include "common.labels.standard" . | nindent 4 }}
+    app.kubernetes.io/component: backstage
+    {{- if .Values.commonLabels }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
+    {{- end }}
+  annotations:
+    {{- if .Values.commonAnnotations }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+    {{- end }}
+    {{- if .Values.backstage.annotations }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.backstage.annotations "context" $) | nindent 4 }}
+    {{- end }}
+spec:
+  podSelector:
+    matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }}
+      app.kubernetes.io/component: backstage
+  ingress:
+    {{- if or .Values.networkPolicy.ingressRules.namespaceSelector .Values.networkPolicy.ingressRules.podSelector }}
+    - from:
+        {{- if .Values.networkPolicy.ingressRules.namespaceSelector }}
+        - namespaceSelector:
+            matchLabels: {{- include "common.tplvalues.render" (dict "value" .Values.networkPolicy.ingressRules.namespaceSelector "context" $) | nindent 14 }}
+        {{- end }}
+        {{- if .Values.networkPolicy.ingressRules.podSelector }}
+        - podSelector:
+            matchLabels: {{- include "common.tplvalues.render" (dict "value" .Values.networkPolicy.ingressRules.podSelector "context" $) | nindent 14 }}
+        {{- end }}
+      ports:
+        - port: {{ .Values.backstage.containerPorts.backend }}
+    {{- end }}
+    {{- if .Values.networkPolicy.ingressRules.customRules }}
+    {{- include "common.tplvalues.render" (dict "value" .Values.networkPolicy.ingressRules.customRules "context" $) | nindent 4 }}
+    {{- end }}
+{{- end }}

charts/backstage/templates/pdb.yaml

@@ -0,0 +1,29 @@
+{{- if .Values.backstage.pdb.create }}
+apiVersion: policy/v1
+kind: PodDisruptionBudget
+metadata:
+  name: {{ include "common.names.fullname" . }}
+  namespace: {{ .Release.Namespace | quote }}
+  labels: {{ include "common.labels.standard" . | nindent 4 }}
+    app.kubernetes.io/component: backstage
+    {{- if .Values.commonLabels }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
+    {{- end }}
+  annotations:
+    {{- if .Values.commonAnnotations }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+    {{- end }}
+    {{- if .Values.backstage.annotations }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.backstage.annotations "context" $) | nindent 4 }}
+    {{- end }}
+spec:
+  {{- if .Values.backstage.pdb.minAvailable }}
+  minAvailable: {{ .Values.backstage.pdb.minAvailable }}
+  {{- end  }}
+  {{- if or .Values.backstage.pdb.maxUnavailable ( not .Values.backstage.pdb.minAvailable ) }}
+  maxUnavailable: {{ .Values.backstage.pdb.maxUnavailable | default 1 }}
+  {{- end  }}
+  selector:
+    matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }}
+      app.kubernetes.io/component: backstage
+{{- end }}

charts/backstage/templates/service.yaml

@@ -34,10 +34,17 @@ spec:
   {{- if .Values.service.sessionAffinity }}
   sessionAffinity: {{ .Values.service.sessionAffinity }}
   {{- end }}
+  {{- if .Values.service.ipFamilyPolicy }}
+  ipFamilyPolicy: {{ .Values.service.ipFamilyPolicy }}
+  {{- end }}
+  {{- with .Values.service.ipFamilies }}
+  ipFamilies:
+  {{- toYaml . | nindent 4 }}
+  {{- end }}
   ports:
-    - name: http-backend
+    - name: {{ .Values.service.ports.name }}
       port: {{ .Values.service.ports.backend }}
-      targetPort: backend
+      targetPort: {{ .Values.service.ports.targetPort }}
       protocol: TCP
       {{- if and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePorts.backend)) }}
       nodePort: {{ .Values.service.nodePorts.backend }}

charts/backstage/templates/serviceaccount.yaml

@@ -2,17 +2,17 @@
 apiVersion: v1
 kind: ServiceAccount
 metadata:
-  name: {{ .Values.serviceAccount.name }}
+  name: {{ include "backstage.serviceAccountName" . }}
   namespace: {{ .Release.Namespace }}
   labels:
     app.kubernetes.io/component: backstage
     {{- with .Values.serviceAccount.labels }}
-    {{- toYaml . | trim | nindent 4 }}
+    {{- include "common.tplvalues.render" ( dict "value" . "context" $ ) | trim | nindent 4 }}
     {{- end }}
   {{- if .Values.serviceAccount.annotations }}
   annotations:
     {{- with .Values.serviceAccount.annotations }}
-    {{- toYaml . | trim | nindent 4 }}
+    {{- include "common.tplvalues.render" ( dict "value" . "context" $ ) | trim | nindent 4 }}
     {{- end }}
   {{- end }}
 automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }}

charts/backstage/templates/servicemonitor.yaml

@@ -0,0 +1,37 @@
+{{- if .Values.metrics.serviceMonitor.enabled }}
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+  name: {{ include "common.names.fullname" $ }}
+  namespace: {{ .Release.Namespace | quote }}
+  {{- if or .Values.commonAnnotations .Values.metrics.serviceMonitor.annotations  }}
+  annotations:
+    {{- if $.Values.commonAnnotations }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+    {{- end }}
+    {{- if .Values.metrics.serviceMonitor.annotations }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.serviceMonitor.annotations "context" $ ) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+  labels: {{ include "common.labels.standard" . | nindent 4 }}
+    app.kubernetes.io/component: backstage
+    {{- if .Values.commonLabels }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
+    {{- end }}
+    {{- if .Values.metrics.serviceMonitor.labels }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.serviceMonitor.labels "context" $) | nindent 4 }}
+    {{- end }}
+spec:
+  namespaceSelector:
+    matchNames:
+      - {{ .Release.Namespace | quote }}
+  selector:
+    matchLabels: {{ include "common.labels.standard" . | nindent 6 }}
+      app.kubernetes.io/component: backstage
+  endpoints:
+  - port: {{ .Values.metrics.serviceMonitor.port | quote }}
+    path: {{ .Values.metrics.serviceMonitor.path }}
+    {{- with .Values.metrics.serviceMonitor.interval }}
+    interval: {{ . }}
+    {{- end }}
+{{- end -}}

charts/backstage/values.schema.tmpl.json

@@ -0,0 +1,986 @@
+{
+    "$schema": "https://json-schema.org/draft/2020-12/schema",
+    "type": "object",
+    "title": "Backstage chart schema",
+    "properties": {
+        "global": {
+            "title": "Global parameters.",
+            "type": "object",
+            "properties": {
+                "imageRegistry": {
+                    "title": "Global Docker image registry",
+                    "type": "string",
+                    "default": ""
+                },
+                "imagePullSecrets": {
+                    "title": "Global Docker registry secret names as an array",
+                    "type": "array",
+                    "default": [],
+                    "items": {
+                        "type": "string"
+                    },
+                    "uniqueItems": true,
+                    "examples": [
+                        [
+                            "myRegistryKeySecretName"
+                        ]
+                    ]
+                }
+            }
+        },
+        "kubeVersion": {
+            "title": "Override Kubernetes version",
+            "type": "string",
+            "default": ""
+        },
+        "nameOverride": {
+            "title": "String to partially override common.names.fullname",
+            "type": "string",
+            "default": ""
+        },
+        "fullnameOverride": {
+            "title": "String to fully override common.names.fullname",
+            "type": "string",
+            "default": ""
+        },
+        "clusterDomain": {
+            "title": "Default Kubernetes cluster domain",
+            "type": "string",
+            "default": "cluster.local"
+        },
+        "commonLabels": {
+            "title": "Labels to add to all deployed objects",
+            "type": "object",
+            "additionalProperties": {
+                "type": "string"
+            },
+            "default": {}
+        },
+        "commonAnnotations": {
+            "title": "Annotations to add to all deployed objects",
+            "type": "object",
+            "additionalProperties": {
+                "type": "string"
+            },
+            "default": {}
+        },
+        "extraDeploy": {
+            "title": "Array of extra objects to deploy with the release",
+            "type": "array",
+            "default": [],
+            "items": {
+                "type": [
+                    "string",
+                    "object"
+                ]
+            },
+            "uniqueItems": true
+        },
+        "diagnosticMode": {
+            "title": "Enable diagnostic mode in the Deployment",
+            "type": "object",
+            "additionalProperties": false,
+            "properties": {
+                "enabled": {
+                    "title": "Enable diagnostic mode",
+                    "description": "All probes will be disabled and the command will be overridden",
+                    "type": "boolean",
+                    "default": false
+                },
+                "command": {
+                    "title": "Command to override all containers in the Deployment",
+                    "type": "array",
+                    "items": {
+                        "type": "string"
+                    },
+                    "default": [
+                        "sleep"
+                    ]
+                },
+                "args": {
+                    "title": "Args to override all containers in the Deployment",
+                    "type": "array",
+                    "items": {
+                        "type": "string"
+                    },
+                    "default": [
+                        "infinity"
+                    ]
+                }
+            }
+        },
+        "ingress": {
+            "title": "Ingress parameters",
+            "type": "object",
+            "additionalProperties": false,
+            "properties": {
+                "enabled": {
+                    "title": "Enable the creation of the ingress resource",
+                    "type": "boolean",
+                    "default": false
+                },
+                "className": {
+                    "title": "Name of the IngressClass cluster resource which defines which controller will implement the resource.",
+                    "type": "string",
+                    "default": "",
+                    "examples": [
+                        "nginx"
+                    ]
+                },
+                "annotations": {
+                    "title": "Additional annotations for the Ingress resource",
+                    "type": "object",
+                    "default": {},
+                    "additionalProperties": {
+                        "type": "string"
+                    }
+                },
+                "host": {
+                    "title": "Hostname to be used to expose the route to access the backstage application.",
+                    "type": "string",
+                    "default": "",
+                    "examples": [
+                        "backstage.10.0.0.1.nip.io"
+                    ]
+                },
+                "extraHosts": {
+                    "title": "List of additional hostnames to be covered with this ingress record",
+                    "type": "array",
+                    "default": [],
+                    "items": {
+                        "type": "object",
+                        "additionalProperties": false,
+                        "properties": {
+                            "name": {
+                                "type": "string"
+                            },
+                            "path": {
+                                "type": "string"
+                            },
+                            "pathType": {
+                                "type": "string"
+                            },
+                            "port": {
+                                "type": "integer"
+                            }
+                        }
+                    }
+                },
+                "path": {
+                    "title": "Path to be used to expose the full route to access the backstage application.",
+                    "type": "string",
+                    "default": "/",
+                    "examples": [
+                        "/backstage"
+                    ]
+                },
+                "tls": {
+                    "title": "Ingress TLS parameters",
+                    "type": "object",
+                    "additionalProperties": false,
+                    "properties": {
+                        "enabled": {
+                            "title": "Enable TLS configuration",
+                            "description": "TLS for the host defined at `ingress.host` parameter",
+                            "type": "boolean",
+                            "default": false
+                        },
+                        "secretName": {
+                            "title": "The name to which the TLS Secret will be called",
+                            "type": "string",
+                            "default": ""
+                        }
+                    }
+                },
+                "extraTls": {
+                    "title": "The TLS configuration for additional hostnames to be covered with this ingress record.",
+                    "type": "array",
+                    "items": {
+                        "$ref": "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/master/_definitions.json#/definitions/io.k8s.api.networking.v1.IngressTLS"
+                    },
+                    "default": []
+                }
+            }
+        },
+        "backstage": {
+            "title": "Backstage parameters",
+            "type": "object",
+            "additionalProperties": false,
+            "properties": {
+                "replicas": {
+                    "title": "Number of deployment replicas",
+                    "type": "integer",
+                    "minimum": 0,
+                    "default": 1
+                },
+                "revisionHistoryLimit": {
+                    "title": "The count of deployment revisions",
+                    "type": "integer",
+                    "minimum": 0,
+                    "default": 10
+                },
+                "image": {
+                    "title": "Image parameters",
+                    "type": "object",
+                    "additionalProperties": false,
+                    "properties": {
+                        "digest": {
+                            "default": "",
+                            "description": "digest takes precedence over image tag",
+                            "title": "Backstage image digest",
+                            "type": "string"
+                        },
+                        "registry": {
+                            "title": "Backstage image registry",
+                            "type": "string",
+                            "default": "ghcr.io",
+                            "examples": [
+                                "ghcr.io",
+                                "quay.io",
+                                "docker.io"
+                            ]
+                        },
+                        "repository": {
+                            "title": "Backstage image repository",
+                            "type": "string",
+                            "default": "backstage/backstage"
+                        },
+                        "tag": {
+                            "title": "Backstage image tag",
+                            "description": "Immutable tags are recommended.",
+                            "type": "string",
+                            "default": "latest"
+                        },
+                        "pullPolicy": {
+                            "title": "Specify a imagePullPolicy.",
+                            "description": "Ref: https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy",
+                            "type": "string",
+                            "default": "Always",
+                            "enum": [
+                                "Always",
+                                "IfNotPresent"
+                            ]
+                        },
+                        "pullSecrets": {
+                            "title": "Optionally specify an array of imagePullSecrets.",
+                            "description": "Ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/",
+                            "type": "array",
+                            "items": {
+                                "type": "string"
+                            },
+                            "default": [],
+                            "examples": [
+                                "myRegistryKeySecretName"
+                            ]
+                        }
+                    }
+                },
+                "autoscaling": {
+                    "title": "Autoscaling parameters",
+                    "type": "object",
+                    "additionalProperties": false,
+                    "properties": {
+                        "enabled": {
+                            "description": "Enable autoscaling",
+                            "title": "Backstage Autoscaling",
+                            "type": "boolean",
+                            "default": false
+                        },
+                        "minReplicas": {
+                            "title": "Minimum number of Backstage pod replicas that the autoscaler is allowed to scale down to",
+                            "type": "integer",
+                            "default": 1
+                        },
+                        "maxReplicas": {
+                            "title": "Maximum number of Backstage pod replicas that the autoscaler is allowed to scale up to",
+                            "type": "integer",
+                            "default": 100
+                        },
+                        "targetCPUUtilizationPercentage": {
+                            "title": "Percentage of CPU that each Backstage pod should be using on average before the autoscaler decides to scale",
+                            "type": "integer",
+                            "default": 80
+                        },
+                        "targetMemoryUtilizationPercentage": {
+                            "title": "Percentage of memory that each Backstage pod should be using on average before the autoscaler decides to scale",
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pdb": {
+                    "title": "PDB parameters",
+                    "type": "object",
+                    "additionalProperties": false,
+                    "properties": {
+                        "create": {
+                            "description": "Create a PDB",
+                            "title": "Backstage PDB",
+                            "type": "boolean",
+                            "default": false
+                        },
+                        "minAvailable": {
+                            "title": "Backstage PDB minAvailable",
+                            "type": [
+                                "string",
+                                "integer"
+                            ],
+                            "default": ""
+                        },
+                        "maxUnavailable": {
+                            "title": "Backstage PDB maxUnavailable",
+                            "type": [
+                                "string",
+                                "integer"
+                            ],
+                            "default": ""
+                        }
+                    }
+                },
+                "containerPorts": {
+                    "title": "Container ports on the Deployment",
+                    "type": "object",
+                    "additionalProperties": false,
+                    "properties": {
+                        "backend": {
+                            "title": "Backstage backend port.",
+                            "type": "integer",
+                            "default": 7007
+                        }
+                    }
+                },
+                "command": {
+                    "title": "Backstage container command",
+                    "type": "array",
+                    "items": {
+                        "type": "string"
+                    },
+                    "default": [
+                        "node",
+                        "packages/backend"
+                    ]
+                },
+                "affinity": {
+                    "default": {},
+                    "description": "Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity",
+                    "properties": {
+                        "nodeAffinity": {
+                            "$ref": "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/master/_definitions.json#/definitions/io.k8s.api.core.v1.NodeAffinity",
+                            "description": "Describes node affinity scheduling rules for the pod."
+                        },
+                        "podAffinity": {
+                            "$ref": "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/master/_definitions.json#/definitions/io.k8s.api.core.v1.PodAffinity",
+                            "description": "Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s))."
+                        },
+                        "podAntiAffinity": {
+                            "$ref": "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/master/_definitions.json#/definitions/io.k8s.api.core.v1.PodAntiAffinity",
+                            "description": "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s))."
+                        }
+                    },
+                    "title": "Affinity for pod assignment",
+                    "type": "object"
+                },
+                "topologySpreadConstraints": {
+                    "default": [],
+                    "description": "Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#pod-topology-spread-constraints",
+                    "items": {
+                        "$ref": "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/master/_definitions.json#/definitions/io.k8s.api.core.v1.TopologySpreadConstraint"
+                    },
+                    "title": "Topology Spread Constraint for pod assignment",
+                    "type": "array"
+                },
+                "args": {
+                    "title": "Backstage container command arguments",
+                    "type": "array",
+                    "items": {
+                        "type": "string"
+                    },
+                    "default": []
+                },
+                "extraAppConfig": {
+                    "title": "Extra app configuration files to inline into command arguments",
+                    "type": "array",
+                    "items": {
+                        "type": "object",
+                        "additionalProperties": false,
+                        "properties": {
+                            "filename": {
+                                "type": "string"
+                            },
+                            "configMapRef": {
+                                "type": "string"
+                            }
+                        }
+                    },
+                    "default": []
+                },
+                "extraContainers": {
+                    "title": "Deployment sidecars.",
+                    "type": "array",
+                    "items": {
+                        "$ref": "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/master/_definitions.json#/definitions/io.k8s.api.core.v1.Container"
+                    },
+                    "default": []
+                },
+                "extraEnvVars": {
+                    "title": "Backstage container environment variables",
+                    "type": "array",
+                    "items": {
+                        "$ref": "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/master/_definitions.json#/definitions/io.k8s.api.core.v1.EnvVar"
+                    },
+                    "default": [],
+                    "examples": [
+                        [
+                            {
+                                "name": "APP_CONFIG_backend_cache_store",
+                                "value": "memory"
+                            }
+                        ]
+                    ]
+                },
+                "extraEnvVarsCM": {
+                    "title": "Backstage container environment variables from existing ConfigMaps",
+                    "type": "array",
+                    "description": "Translates into array of `envFrom.[].configMapRef.name`",
+                    "items": {
+                        "type": "string"
+                    },
+                    "default": [],
+                    "examples": [
+                        [
+                            "my-backstage-configmap"
+                        ]
+                    ]
+                },
+                "extraEnvVarsSecrets": {
+                    "title": "Backstage container environment variables from existing Secrets",
+                    "type": "array",
+                    "description": "Translates into array of `envFrom.[].secretRef.name`",
+                    "items": {
+                        "type": "string"
+                    },
+                    "default": [],
+                    "examples": [
+                        [
+                            "my-backstage-secrets"
+                        ]
+                    ]
+                },
+                "extraPorts": {
+                    "title": "Extra ports to expose in the Backstage container",
+                    "type": "array",
+                    "items": {
+                        "$ref": "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/master/_definitions.json#/definitions/io.k8s.api.core.v1.ContainerPort"
+                    },
+                    "default": []
+                },
+                "extraVolumeMounts": {
+                    "title": "Backstage container additional volume mounts",
+                    "type": "array",
+                    "items": {
+                        "$ref": "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/master/_definitions.json#/definitions/io.k8s.api.core.v1.VolumeMount"
+                    },
+                    "default": []
+                },
+                "extraVolumes": {
+                    "title": "Backstage container additional volumes",
+                    "type": "array",
+                    "items": {
+                        "$ref": "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/master/_definitions.json#/definitions/io.k8s.api.core.v1.Volume"
+                    },
+                    "default": []
+                },
+                "initContainers": {
+                    "title": "Backstage container init containers",
+                    "type": "array",
+                    "items": {
+                        "$ref": "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/master/_definitions.json#/definitions/io.k8s.api.core.v1.Container"
+                    },
+                    "default": []
+                },
+                "installDir": {
+                    "title": "Directory containing the backstage installation",
+                    "type": "string",
+                    "default": "/app"
+                },
+                "resources": {
+                    "title": "Resource requests/limits",
+                    "description": "Ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-requests-and-limits-of-pod-and-container",
+                    "$ref": "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/master/_definitions.json#/definitions/io.k8s.api.core.v1.ResourceRequirements",
+                    "default": {},
+                    "examples": [
+                        {
+                            "limits": {
+                                "memory": "1Gi",
+                                "cpu": "1000m"
+                            },
+                            "requests": {
+                                "memory": "250Mi",
+                                "cpu": "100m"
+                            }
+                        }
+                    ]
+                },
+                "readinessProbe": {
+                    "title": "Readiness probe",
+                    "description": "Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/",
+                    "$ref": "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/master/_definitions.json#/definitions/io.k8s.api.core.v1.Probe",
+                    "default": {
+                        "httpGet": {
+                            "path": "/.backstage/health/v1/readiness",
+                            "port": 7007,
+                            "scheme": "HTTP"
+                        }
+                    },
+                    "examples": [
+                        {
+                            "failureThreshold": 3,
+                            "httpGet": {
+                                "path": "/.backstage/health/v1/readiness",
+                                "port": 7007,
+                                "scheme": "HTTP"
+                            },
+                            "initialDelaySeconds": 30,
+                            "periodSeconds": 10,
+                            "successThreshold": 2,
+                            "timeoutSeconds": 2
+                        }
+                    ]
+                },
+                "livenessProbe": {
+                    "title": "Liveness probe",
+                    "description": "Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/",
+                    "$ref": "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/master/_definitions.json#/definitions/io.k8s.api.core.v1.Probe",
+                    "default": {
+                        "httpGet": {
+                            "path": "/.backstage/health/v1/liveness",
+                            "port": 7007,
+                            "scheme": "HTTP"
+                        }
+                    },
+                    "examples": [
+                        {
+                            "failureThreshold": 3,
+                            "httpGet": {
+                                "path": "/.backstage/health/v1/liveness",
+                                "port": 7007,
+                                "scheme": "HTTP"
+                            },
+                            "initialDelaySeconds": 60,
+                            "periodSeconds": 10,
+                            "successThreshold": 1,
+                            "timeoutSeconds": 2
+                        }
+                    ]
+                },
+                "startupProbe": {
+                    "title": "Startup probe",
+                    "description": "Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/",
+                    "$ref": "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/master/_definitions.json#/definitions/io.k8s.api.core.v1.Probe",
+                    "default": {
+                        "httpGet": {
+                            "path": "/.backstage/health/v1/liveness",
+                            "port": 7007,
+                            "scheme": "HTTP"
+                        }
+                    },
+                    "examples": [
+                        {
+                            "failureThreshold": 3,
+                            "httpGet": {
+                                "path": "/.backstage/health/v1/liveness",
+                                "port": 7007,
+                                "scheme": "HTTP"
+                            },
+                            "initialDelaySeconds": 60,
+                            "periodSeconds": 10,
+                            "successThreshold": 1,
+                            "timeoutSeconds": 2
+                        }
+                    ]
+                },
+                "podSecurityContext": {
+                    "title": "Security settings for a Pod.",
+                    "description": "The security settings that you specify for a Pod apply to all Containers in the Pod. Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod",
+                    "$ref": "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/master/_definitions.json#/definitions/io.k8s.api.core.v1.SecurityContext",
+                    "default": {}
+                },
+                "containerSecurityContext": {
+                    "title": "Security settings for a Container.",
+                    "description": "Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container",
+                    "$ref": "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/master/_definitions.json#/definitions/io.k8s.api.core.v1.SecurityContext",
+                    "default": {}
+                },
+                "appConfig": {
+                    "title": "Generates ConfigMap and configures it in the Backstage pods",
+                    "type": [
+                        "object",
+                        "string"
+                    ],
+                    "default": {},
+                    "examples": [
+                        {
+                            "app": {
+                                "baseUrl": "https://somedomain.tld"
+                            }
+                        }
+                    ]
+                },
+                "nodeSelector": {
+                    "title": "Node labels for pod assignment",
+                    "description": "Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector",
+                    "type": "object",
+                    "additionalProperties": {
+                        "type": "string"
+                    },
+                    "default": {}
+                },
+                "tolerations": {
+                    "title": "Node tolerations for server scheduling to nodes with taints",
+                    "description": "Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/",
+                    "type": "array",
+                    "items": {
+                        "$ref": "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/master/_definitions.json#/definitions/io.k8s.api.core.v1.Toleration"
+                    },
+                    "default": []
+                },
+                "hostAliases": {
+                    "title": "Adding entries to a Pod's /etc/hosts file provides Pod-level override of hostname resolution when DNS and other options are not applicable",
+                    "description": "Ref: https://kubernetes.io/docs/tasks/network/customize-hosts-file-for-pods/#adding-additional-entries-with-hostaliases",
+                    "type": "array",
+                    "items": {
+                        "$ref": "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/master/_definitions.json#/definitions/io.k8s.api.core.v1.HostAlias"
+                    },
+                    "default": []
+                },
+                "podAnnotations": {
+                    "title": "Annotations to add to the backend deployment pods",
+                    "type": "object",
+                    "additionalProperties": {
+                        "type": "string"
+                    },
+                    "default": {}
+                },
+                "podLabels": {
+                    "title": "Labels to add to the backend deployment pods",
+                    "type": "object",
+                    "additionalProperties": {
+                        "type": "string"
+                    },
+                    "default": {}
+                },
+                "annotations": {
+                    "title": "Additional custom annotations for the `Deployment` resource",
+                    "type": "object",
+                    "additionalProperties": {
+                        "type": "string"
+                    },
+                    "default": {}
+                }
+            }
+        },
+        "service": {
+            "title": "Service parameters",
+            "type": "object",
+            "additionalProperties": false,
+            "properties": {
+                "type": {
+                    "title": "Kubernetes Service type",
+                    "type": "string",
+                    "default": "ClusterIP",
+                    "enum": [
+                        "ClusterIP",
+                        "NodePort",
+                        "LoadBalancer",
+                        "ExternalName"
+                    ]
+                },
+                "ports": {
+                    "title": "Backstage svc port for client connections",
+                    "type": "object",
+                    "additionalProperties": false,
+                    "properties": {
+                        "backend": {
+                            "title": "Backstage svc port number",
+                            "type": "integer",
+                            "default": 7007
+                        },
+                        "name": {
+                            "title": "Backstage svc port name",
+                            "type": "string",
+                            "default": "http-backend"
+                        },
+                        "targetPort": {
+                            "title": "Backstage svc target port referencing receiving pod container port",
+                            "type": "string",
+                            "default": "backend"
+                        }
+                    }
+                },
+                "nodePorts": {
+                    "title": "Node port for the Backstage client connections",
+                    "type": "object",
+                    "additionalProperties": false,
+                    "properties": {
+                        "backend": {
+                            "title": "Node port for backend",
+                            "type": [
+                                "string",
+                                "integer"
+                            ],
+                            "default": "",
+                            "minimum": 30000,
+                            "maximum": 32767
+                        }
+                    }
+                },
+                "sessionAffinity": {
+                    "title": "Control where client requests go, to the same pod or round-robin",
+                    "description": "Ref: https://kubernetes.io/docs/concepts/services-networking/service/#session-stickiness",
+                    "type": "string",
+                    "default": "None",
+                    "enum": [
+                        "None",
+                        "ClientIP"
+                    ]
+                },
+                "clusterIP": {
+                    "title": "Backstage service Cluster IP",
+                    "type": "string",
+                    "default": ""
+                },
+                "loadBalancerIP": {
+                    "title": "Backstage service Load Balancer IP",
+                    "description": "Ref: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer",
+                    "type": "string",
+                    "default": ""
+                },
+                "loadBalancerSourceRanges": {
+                    "title": "Load Balancer sources",
+                    "description": "Ref: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer",
+                    "type": "array",
+                    "items": {
+                        "type": "string"
+                    },
+                    "default": [],
+                    "examples": [
+                        "10.10.10.0/24"
+                    ]
+                },
+                "externalTrafficPolicy": {
+                    "title": "Backstage service external traffic policy",
+                    "description": "Ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip",
+                    "type": "string",
+                    "default": "Cluster",
+                    "enum": [
+                        "Cluster",
+                        "Local"
+                    ]
+                },
+                "annotations": {
+                    "title": "Additional custom annotations for Backstage service",
+                    "type": "object",
+                    "additionalProperties": {
+                        "type": "string"
+                    },
+                    "default": {}
+                },
+                "extraPorts": {
+                    "title": "Extra ports to expose in the Backstage service",
+                    "type": "array",
+                    "items": {
+                        "type": "object"
+                    },
+                    "default": []
+                },
+                "ipFamilyPolicy": {
+                    "title": "Backstage service IP family policy",
+                    "description": "Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services",
+                    "type": "string",
+                    "default": "",
+                    "enum": [
+                        "",
+                        "SingleStack",
+                        "PreferDualStack",
+                        "RequireDualStack"
+                    ]
+                },
+                "ipFamilies": {
+                    "title": "Backstage service IP families",
+                    "description": "Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services",
+                    "type": "array",
+                    "items": {
+                        "type": "string",
+                        "enum": ["IPv4", "IPv6"]
+                    },
+                    "default": []
+                }
+            }
+        },
+        "networkPolicy": {
+            "title": "Network policies",
+            "type": "object",
+            "additionalProperties": false,
+            "properties": {
+                "enabled": {
+                    "title": "Specifies whether a NetworkPolicy should be created",
+                    "type": "boolean",
+                    "default": false
+                },
+                "ingressRules": {
+                    "title": "Custom egress rules for the network policy",
+                    "type": "object",
+                    "additionalProperties": false,
+                    "properties": {
+                        "customRules": {
+                            "title": "",
+                            "type": "array",
+                            "items": {
+                                "$ref": "https://kubernetesjsonschema.dev/v1.8.7/_definitions.json#/definitions/io.k8s.api.networking.v1.NetworkPolicyIngressRule"
+                            }
+                        },
+                        "namespaceSelector": {
+                            "title": "Namespace Selector.",
+                            "description": "Selects Namespaces using cluster scoped-labels.",
+                            "$ref": "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/master/_definitions.json#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector",
+                            "default": {}
+                        },
+                        "podSelector": {
+                            "title": "Pod Selector.",
+                            "description": "Selects selects Pods in this namespace.",
+                            "$ref": "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/master/_definitions.json#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector",
+                            "default": {}
+                        }
+                    }
+                },
+                "egressRules": {
+                    "title": "Custom egress rules for the network policy",
+                    "type": "object",
+                    "additionalProperties": false,
+                    "properties": {
+                        "customRules": {
+                            "title": "",
+                            "type": "array",
+                            "items": {
+                                "$ref": "https://kubernetesjsonschema.dev/v1.8.7/_definitions.json#/definitions/io.k8s.api.networking.v1.NetworkPolicyEgressRule"
+                            }
+                        },
+                        "denyConnectionsToExternal": {
+                            "title": "Deny external connections. Should not be enabled when working with an external database.",
+                            "type": "boolean",
+                            "default": false
+                        }
+                    }
+                }
+            }
+        },
+        "postgresql": {
+            "title": "PostgreSQL chart configuration",
+            "description": "Ref. https://github.com/bitnami/charts/blob/master/bitnami/postgresql/values.yaml",
+            "$ref": "https://raw.githubusercontent.com/bitnami/charts/main/bitnami/postgresql/values.schema.json"
+        },
+        "serviceAccount": {
+            "title": "Service Account Configuration",
+            "type": "object",
+            "additionalProperties": false,
+            "properties": {
+                "create": {
+                    "title": "Enable the creation of a ServiceAccount for Backstage pods",
+                    "type": "boolean",
+                    "default": false
+                },
+                "name": {
+                    "title": "Name of the ServiceAccount to use",
+                    "description": "If not set and `serviceAccount.create` is true, a name is generated",
+                    "type": "string",
+                    "default": ""
+                },
+                "labels": {
+                    "title": "Additional custom labels to the service ServiceAccount.",
+                    "type": "object",
+                    "additionalProperties": {
+                        "type": "string"
+                    },
+                    "default": {}
+                },
+                "annotations": {
+                    "title": "Additional custom annotations for the ServiceAccount.",
+                    "type": "object",
+                    "additionalProperties": {
+                        "type": "string"
+                    },
+                    "default": {}
+                },
+                "automountServiceAccountToken": {
+                    "title": "Auto-mount the service account token in the pod",
+                    "type": "boolean",
+                    "default": true
+                }
+            }
+        },
+        "metrics": {
+            "title": "Metrics configuration",
+            "description": "Allows configuring your backstage instance as a scrape target for Prometheus. Ref: https://github.com/prometheus/prometheus",
+            "type": "object",
+            "additionalProperties": false,
+            "properties": {
+                "serviceMonitor": {
+                    "title": "ServiceMonitor configuration",
+                    "description": "A custom resource that is consumed by Prometheus Operator. Ref: https://github.com/prometheus-operator/prometheus-operator",
+                    "type": "object",
+                    "additionalProperties": false,
+                    "properties": {
+                        "enabled": {
+                            "title": "If enabled, a ServiceMonitor resource for Prometheus Operator is created",
+                            "description": "Prometheus Operator must be installed in your cluster prior to enabling.",
+                            "type": "boolean",
+                            "default": false
+                        },
+                        "annotations": {
+                            "title": "ServiceMonitor annotations",
+                            "type": "object",
+                            "additionalProperties": {
+                                "type": "string"
+                            },
+                            "default": {}
+                        },
+                        "labels": {
+                            "title": "Additional ServiceMonitor labels",
+                            "type": "object",
+                            "additionalProperties": {
+                                "type": "string"
+                            },
+                            "default": {}
+                        },
+                        "interval": {
+                            "title": "ServiceMonitor scrape interval",
+                            "type": [
+                                "string",
+                                "null"
+                            ],
+                            "default": null
+                        },
+                        "path": {
+                            "title": "ServiceMonitor endpoint path",
+                            "description": "ote that the /metrics endpoint is NOT present in a freshly scaffolded Backstage app. To setup, follow the Prometheus metrics tutorial. https://github.com/backstage/backstage/blob/master/contrib/docs/tutorials/prometheus-metrics.md",
+                            "type": "string",
+                            "default": "/metrics"
+                        },
+                        "port": {
+                            "default": "http-backend",
+                            "description": "The port where the metrics are exposed. If using OpenTelemetry as [documented here](https://backstage.io/docs/tutorials/setup-opentelemetry/), then the port needs to be explicitly specified. OpenTelemetry's default port is 9464.",
+                            "title": "ServiceMonitor endpoint port",
+                            "anyOf": [
+                                {
+                                    "type": "string"
+                                },
+                                {
+                                    "type": "integer"
+                                }
+                            ]
+                        }
+                    }
+                }
+            }
+        }
+    }
+}

charts/backstage/values.yaml

@@ -2,192 +2,422 @@
 # This is a YAML-formatted file.
 # Declare variables to be passed into your templates.
 
-## @section Global parameters
-## Global Docker image parameters
-## Please, note that this will override the image parameters, including dependencies, configured to use the global value
-## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass
-
-## @param global.imageRegistry Global Docker image registry
-## @param global.imagePullSecrets Global Docker registry secret names as an array
-##
+# -- Global parameters
+# Global Docker image parameters
+# Please, note that this will override the image parameters, including dependencies, configured to use the global value
+# Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass
+# @default -- See below
 global:
+  # -- Global Docker image registry
   imageRegistry: ""
-  ## E.g.
-  ## imagePullSecrets:
-  ##   - myRegistryKeySecretName
-  ##
+
+  # -- Global Docker registry secret names as an array
+  # </br> E.g. `imagePullSecrets: [myRegistryKeySecretName]`
   imagePullSecrets: []
 
-## @section Common parameters
+# -- Common parameters
 
-## @param kubeVersion Override Kubernetes version
-##
+# -- Override Kubernetes version
 kubeVersion: ""
-## @param nameOverride String to partially override common.names.fullname
-##
+
+# -- String to partially override common.names.fullname
 nameOverride: ""
-## @param fullnameOverride String to fully override common.names.fullname
-##
+
+# -- String to fully override common.names.fullname
 fullnameOverride: ""
-## @param clusterDomain Default Kubernetes cluster domain
-##
+
+# -- Default Kubernetes cluster domain
 clusterDomain: cluster.local
-## @param commonLabels Labels to add to all deployed objects
-##
+
+# -- Labels to add to all deployed objects
 commonLabels: {}
-## @param commonAnnotations Annotations to add to all deployed objects
-##
+
+# -- Annotations to add to all deployed objects
 commonAnnotations: {}
-## @param extraDeploy Array of extra objects to deploy with the release
-##
+
+# -- Array of extra objects to deploy with the release
 extraDeploy: []
-## Enable diagnostic mode in the statefulset
-##
+
+# -- Enable diagnostic mode in the Deployment
 diagnosticMode:
-  ## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden)
-  ##
+
+  # -- Enable diagnostic mode (all probes will be disabled and the command will be overridden)
   enabled: false
-  ## @param diagnosticMode.command Command to override all containers in the statefulset
-  ##
+
+  # -- Command to override all containers in the Deployment
   command:
     - sleep
-  ## @param diagnosticMode.args Args to override all containers in the statefulset
-  ##
+
+  # -- Args to override all containers in the Deployment
   args:
     - infinity
 
-## @section Ingress parameters
+# -- Ingress parameters
 ingress:
-  ## @param ingress.enabled Enable the creation of the ingress resource
+
+  # -- Enable the creation of the ingress resource
   enabled: false
 
-  ## @param ingress.className Name of the IngressClass cluster resource which defines which controller will implement the resource (e.g nginx)
+  # -- Name of the IngressClass cluster resource which defines which controller will implement the resource (e.g nginx)
   className: ""
 
-  ## @param ingress.annotations Additional annotations for the Ingress resource
-  annotations: '{
-    "nginx.ingress.kubernetes.io/rewrite-target": "/",
-    "nginx.ingress.kubernetes.io/ssl-redirect": "false"
-  }'
+  # -- Additional annotations for the Ingress resource
+  annotations: {}
 
-  ## @param host Hostname to be used to expose the route to access the backstage application (e.g: backstage.IP.nip.io)
+  # -- Hostname to be used to expose the route to access the backstage application (e.g: backstage.IP.nip.io)
   host: ""
 
-## @section Backstage parameters
+  # -- List of additional hostnames to be covered with this ingress record (e.g. a CNAME)
+  # <!-- E.g.
+  # extraHosts:
+  #   - name: backstage.env.example.com
+  #     path: / (Optional)
+  #     pathType: Prefix (Optional)
+  #     port: 7007 (Optional) -->
+  extraHosts: []
 
-## Backstage image version
-## @param image.registry Backstage image registry
-## @param image.repository Backstage image repository
-## @param image.tag Backstage image tag (immutable tags are recommended)
-## @param image.pullPolicy Backstage image pull policy
-## @param image.pullSecrets Specify docker-registry secret names as an array
-## @param image.debug Specify if debug values should be set
-##
+  # -- Path to be used to expose the full route to access the backstage application (e.g: IP.nip.io/backstage)
+  path: "/"
 
+  # -- Ingress TLS parameters
+  tls:
+
+    # -- Enable TLS configuration for the host defined at `ingress.host` parameter
+    enabled: false
+
+    # -- The name to which the TLS Secret will be called
+    secretName: ""
+
+  # -- The TLS configuration for additional hostnames to be covered with this ingress record.
+  # <br /> Ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls
+  # <!-- E.g.
+  # extraTls:
+  #   - hosts:
+  #     - backstage.env.example.com
+  #     secretName: backstage-env -->
+  extraTls: []
+
+# -- Backstage parameters
+# @default -- See below
 backstage:
+
+  # -- Number of deployment replicas
+  replicas: 1
+
+  # -- Define the [count of deployment revisions](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#clean-up-policy) to be kept.
+  # May be set to 0 in case of GitOps deployment approach.
+  revisionHistoryLimit: 10
+
   image:
-    registry: ""
-    repository: ""
-    tag: ""
-    ## Specify a imagePullPolicy
-    ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
-    ## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images
-    ##
+
+    # -- Backstage image registry
+    registry: ghcr.io
+
+    # -- Backstage image repository
+    repository: backstage/backstage
+
+    # -- Backstage image tag (immutable tags are recommended)
+    tag: latest
+
+    # -- Backstage image digest (digest takes precedence over image tag)
+    digest: ""
+
+    # -- Specify a imagePullPolicy.
+    # Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
+    # <br /> Ref: https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy
     pullPolicy: Always
-    ## Optionally specify an array of imagePullSecrets.
-    ## Secrets must be manually created in the namespace.
-    ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
-    ## e.g:
-    ## pullSecrets:
-    ##   - myRegistryKeySecretName
-    ##
+
+    # -- Optionally specify an array of imagePullSecrets.
+    #  Secrets must be manually created in the namespace.
+    # <br /> Ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
+    # <br /> E.g: `pullSecrets: [myRegistryKeySecretName]`
     pullSecrets: []
-    ## Set to true if you would like to see extra information on logs
-    ##
-    debug: false
+
+  # -- Pod Disruption Budget configuration
+  # ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
+  pdb:
+    create: false
+    minAvailable: ""
+    maxUnavailable: ""
+
+  # -- Autoscaling configuration.
+  # <br /> Ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/
+  autoscaling:
+    enabled: false
+    minReplicas: 1
+    maxReplicas: 100
+    targetCPUUtilizationPercentage: 80
+    # targetMemoryUtilizationPercentage: 80
+
+  # -- Container ports on the Deployment
   containerPorts:
     backend: 7007
+
+  # -- Backstage container command
   command: ["node", "packages/backend"]
+
+  # -- Backstage container command arguments
   args: []
+
+  # -- Extra app configuration files to inline into command arguments
   extraAppConfig: []
+
+  # -- Deployment sidecars
+  extraContainers: []
+
+  # -- Backstage container environment variables
   extraEnvVars: []
-  extraEnvVarsSecrets:
+
+  # -- Backstage container environment variables from existing ConfigMaps
+  extraEnvVarsCM: []
+
+  # -- Backstage container environment variables from existing Secrets
+  extraEnvVarsSecrets: []
+
+  # -- Backstage container additional ports
+  extraPorts: []
+
+  # -- Backstage container additional volume mounts
   extraVolumeMounts: []
+
+  # -- Backstage container additional volumes
   extraVolumes: []
 
+  # -- Backstage container init containers
+  initContainers: []
+
+  # -- Directory containing the backstage installation
+  installDir: /app
+
+  # -- Resource requests/limits
+  # <br /> Ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-requests-and-limits-of-pod-and-container
+  # <!-- E.g.
+  # resources:
+  #   limits:
+  #     memory: 1Gi
+  #     cpu: 1000m
+  #   requests:
+  #     memory: 250Mi
+  #     cpu: 100m -->
+  resources: {}
+
+  # -- Readiness Probe
+  # Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes
+  # <!-- E.g.
+  # readinessProbe:
+  #   failureThreshold: 3
+  #   httpGet:
+  #     path: /.backstage/health/v1/readiness
+  #     port: 7007
+  #     scheme: HTTP
+  #   initialDelaySeconds: 30
+  #   periodSeconds: 10
+  #   successThreshold: 2
+  #   timeoutSeconds: 2
+  readinessProbe:
+    httpGet:
+      path: /.backstage/health/v1/readiness
+      port: 7007
+      scheme: HTTP
+
+  # -- Liveness Probe
+  # Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes
+  # <!-- E.g.
+  # livenessProbe:
+  #   failureThreshold: 3
+  #   httpGet:
+  #     path: /.backstage/health/v1/liveness
+  #     port: 7007
+  #     scheme: HTTP
+  #   initialDelaySeconds: 60
+  #   periodSeconds: 10
+  #   successThreshold: 1
+  #   timeoutSeconds: 2
+  livenessProbe:
+    httpGet:
+      path: /.backstage/health/v1/liveness
+      port: 7007
+      scheme: HTTP
+
+  # -- Startup Probe
+  # Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes
+  # <!-- E.g.
+  # startupProbe:
+  #   failureThreshold: 3
+  #   httpGet:
+  #     path: /.backstage/health/v1/liveness
+  #     port: 7007
+  #     scheme: HTTP
+  #   initialDelaySeconds: 60
+  #   periodSeconds: 10
+  #   successThreshold: 1
+  #   timeoutSeconds: 2
+  startupProbe:
+    httpGet:
+      path: /.backstage/health/v1/liveness
+      port: 7007
+      scheme: HTTP
+
+  # -- Security settings for a Pod.
+  #  The security settings that you specify for a Pod apply to all Containers in the Pod.
+  # <br /> Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
+  podSecurityContext: {}
+
+  # -- Security settings for a Container.
+  # <br /> Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
+  containerSecurityContext: {}
+
+  # Allows to define the appConfig as a multiline string that generates a ConfigMap
+  # automatically, not requiring to have it pre provisioned as with the extraAppConfig key.
+  # DO NOT USE if you need to put sensitive data in the appConfig.
+  # E.g:
+  # appConfig:
+  #   app:
+  #     baseUrl: https://somedomain.tld
+  # -- Generates ConfigMap and configures it in the Backstage pods
+  appConfig: {}
+
+  # -- Affinity for pod assignment
+  # <br /> Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
+  affinity: {}
+
+  # -- Topology Spread Constraints for pod assignment
+  # <br /> Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#pod-topology-spread-constraints
+  topologySpreadConstraints: []
+
+  # -- Node labels for pod assignment
+  # <br /> Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector
+  nodeSelector: {}
+
+  # -- Node tolerations for server scheduling to nodes with taints
+  # <br /> Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/
+  tolerations: []
+  #  - key: "key"
+  #    operator: "Equal|Exists"
+  #    value: "value"
+  #    effect: "NoSchedule|PreferNoSchedule|NoExecute"
+
+  # -- Host Aliases for the pod
+  # <br /> Ref: https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
+  hostAliases: []
+
+  # -- Annotations to add to the backend deployment pods
+  podAnnotations: {}
+
+  # -- Labels to add to the backend deployment pods
+  podLabels: {}
+
+  # -- Additional custom annotations for the `Deployment` resource
+  annotations: {}
+
 ## @section Traffic Exposure parameters
 
 ## Service parameters
 ##
+# -- Service parameters
+# @default -- See below
 service:
-  ## @param service.type Kubernetes Service type
-  ##
+
+  # -- Kubernetes Service type
   type: ClusterIP
-  ## @param service.ports.backend Backstage svc port for client connections
-  ##
+
+  # -- Backstage svc port for client connections
   ports:
     backend: 7007
-  ## @param service.nodePorts.backend Node port for the Backstage client connections
-  ## NOTE: choose port between <30000-32767>
-  ##
+
+    # -- Backstage svc port name
+    name: http-backend
+
+    # -- Backstage svc target port referencing receiving pod container port
+    targetPort: backend
+
+  # -- Node port for the Backstage client connections
+  # Choose port between `30000-32767`
   nodePorts:
     backend: ""
-  ## @param service.sessionAffinity Control where client requests go, to the same pod or round-robin
-  ## Values: ClientIP or None
-  ## ref: https://kubernetes.io/docs/user-guide/services/
-  ##
+
+  # -- Control where client requests go, to the same pod or round-robin
+  # (values: `ClientIP` or `None`)
+  # <br /> Ref: https://kubernetes.io/docs/concepts/services-networking/service/#session-stickiness
   sessionAffinity: None
-  ## @param service.clusterIP Backstage service Cluster IP
-  ## e.g.:
-  ## clusterIP: None
-  ##
+
+  # -- Backstage service Cluster IP
+  #
+  # <br /> E.g `clusterIP: None`
   clusterIP: ""
-  ## @param service.loadBalancerIP Backstage service Load Balancer IP
-  ## ref: https://kubernetes.io/docs/user-guide/services/#type-loadbalancer
-  ##
+
+  # -- Backstage service Load Balancer IP
+  #
+  # <br /> Ref: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer
   loadBalancerIP: ""
-  ## @param service.loadBalancerSourceRanges Backstage service Load Balancer sources
-  ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
-  ## e.g:
-  ## loadBalancerSourceRanges:
-  ##   - 10.10.10.0/24
-  ##
+
+  # -- Load Balancer sources
+  #
+  # <br /> Ref: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer
+  # <br /> E.g `loadBalancerSourceRanges: [10.10.10.0/24]`
   loadBalancerSourceRanges: []
-  ## @param service.externalTrafficPolicy Backstage service external traffic policy
-  ## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
-  ##
+
+  # -- Backstage service external traffic policy
+  #
+  # Ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
   externalTrafficPolicy: Cluster
-  ## @param service.annotations Additional custom annotations for Backstage service
-  ##
+
+  # -- Additional custom annotations for Backstage service
   annotations: {}
-  ## @param service.extraPorts Extra ports to expose in the Backstage service (normally used with the `sidecar` value)
-  ##
+
+  # -- Extra ports to expose in the Backstage service (normally used with the `sidecar` value)
   extraPorts: []
 
-## Network policies
-## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/
+  # -- IP Family Policy
+  #
+  # <br /> Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack
+  ipFamilyPolicy: ""
+
+  # -- IP Families
+  #
+  # <br /> Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack
+  ipFamilies: []
+
+## @section NetworkPolicy parameters
 ##
 networkPolicy:
-  ## @param networkPolicy.enabled Specifies whether a NetworkPolicy should be created
-  ##
+  # -- Specifies whether a NetworkPolicy should be created
   enabled: false
 
-  externalAccess:
-    from: []
-  ## @param networkPolicy.egressRules.customRules [object] Custom network policy rule
+  ## Ingress Rules
+  ##
+  ingressRules:
+
+    # -- Namespace selector label allowed to access the Backstage instance
+    namespaceSelector: {}
+
+    # -- Pod selector label allowed to access the Backstage instance
+    podSelector: {}
+
+    # -- Additional custom ingress rules
+    customRules: []
+    #   - to:
+    #       - namespaceSelector:
+    #           matchLabels:
+    #             label: example
+
+  ## Egress Rules
   ##
   egressRules:
-    ## Additional custom egress rules
-    ## e.g:
-    ## customRules:
-    ##   - to:
-    ##       - namespaceSelector:
-    ##           matchLabels:
-    ##             label: example
+
+    # -- Deny external connections. Should not be enabled when working with an external database.
+    denyConnectionsToExternal: false
+
+    # -- Additional custom egress rules
     customRules: []
+    #   - to:
+    #       - namespaceSelector:
+    #           matchLabels:
+    #             label: example
 
 
 # -- PostgreSQL [chart configuration](https://github.com/bitnami/charts/blob/master/bitnami/postgresql/values.yaml)
+# @default -- See below
 postgresql:
 
   # -- Switch to enable or disable the PostgreSQL helm chart
@@ -216,17 +446,18 @@ postgresql:
 
       # -- The key in which Postgres will look for, for the replication password, in the existing Secret
       replicationPasswordKey: replication-password
-  
+
   # -- PostgreSQL architecture (`standalone` or `replication`)
   architecture: standalone
 
 # -- Service Account Configuration
+# @default -- See below
 serviceAccount:
 
   # -- Enable the creation of a ServiceAccount for Backstage pods
   create: false
 
-  # -- Name of the created ServiceAccount
+  # -- Name of the ServiceAccount to use
   # If not set and `serviceAccount.create` is true, a name is generated
   name: ""
 
@@ -238,3 +469,31 @@ serviceAccount:
 
   # -- Auto-mount the service account token in the pod
   automountServiceAccountToken: true
+
+# -- Metrics configuration
+metrics:
+
+  # -- ServiceMonitor configuration
+  # <br /> Allows configuring your backstage instance as a scrape target for [Prometheus](https://github.com/prometheus/prometheus) using a ServiceMonitor custom resource that [Prometheus Operator](https://github.com/prometheus-operator/prometheus-operator) can understand.
+  serviceMonitor:
+
+    # -- If enabled, a ServiceMonitor resource for Prometheus Operator is created
+    # <br /> Prometheus Operator must be installed in your cluster prior to enabling.
+    enabled: false
+
+    # -- ServiceMonitor annotations
+    annotations: {}
+
+    # -- Additional ServiceMonitor labels
+    labels: {}
+
+    # -- ServiceMonitor scrape interval
+    interval: null
+
+    # -- ServiceMonitor endpoint path
+    # <br /> Note that the /metrics endpoint is NOT present in a freshly scaffolded Backstage app. To setup, follow the [Prometheus metrics tutorial](https://github.com/backstage/backstage/blob/master/contrib/docs/tutorials/prometheus-metrics.md).
+    path: /metrics
+
+    # -- ServiceMonitor endpoint port
+    # <br /> The port where the metrics are exposed. If using OpenTelemetry as [documented here](https://backstage.io/docs/tutorials/setup-opentelemetry/), then the port needs to be explicitly specified. OpenTelemetry's default port is 9464.
+    port: http-backend

cr.yaml

@@ -0,0 +1,2 @@
+generate-release-notes: true
+

ct-install.yaml

@@ -0,0 +1,5 @@
+chart-dirs:
+  - charts
+validate-maintainers: false
+remote: origin
+target-branch: main

ct.yaml

@@ -0,0 +1,5 @@
+chart-dirs:
+  - charts
+validate-maintainers: false
+remote: origin
+target-branch: main