backstage-chart/templates/backstage-configmap.yaml

apiVersion: v1
kind: ConfigMap
metadata:
  name: backstage-config
  namespace: {{ .Values.namespaceOverride }}
  labels:
    {{- include "backstage.labels" . | nindent 4 }}
data:
  app-config.production.yaml: |
    app:
      title: {{ .Values.backstage.title }}
      baseUrl: {{ .Values.backstage.baseUrl }}

    organization:
      name: {{ .Values.backstage.organization }}

    backend:
      baseUrl: {{ .Values.backstage.baseUrl }}
      listen:
        port: {{ .Values.service.targetPort }}
        host: 0.0.0.0

      csp:
        connect-src: ["'self'", 'http:', 'https:']

      cors:
        origin: {{ .Values.backstage.baseUrl }}
        methods: [GET, HEAD, PATCH, POST, PUT, DELETE]
        credentials: true

      database:
        client: pg
        connection:
          host: ${POSTGRES_HOST}
          port: ${POSTGRES_PORT}
          user: ${POSTGRES_USER}
          password: ${POSTGRES_PASSWORD}
          database: {{ .Values.database.name }}

      auth:
        keys:
          - secret: ${BACKEND_SECRET}

    auth:
      environment: production
      session:
        secret: ${BACKEND_SECRET}
      providers:
        google:
          production:
            clientId: ${AUTH_GOOGLE_CLIENT_ID}
            clientSecret: ${AUTH_GOOGLE_CLIENT_SECRET}

    integrations:
      gitea:
        - baseUrl: {{ .Values.integrations.gitea.url }}
          host: {{ .Values.integrations.gitea.url | replace "https://" "" | replace "http://" "" }}
          username: ${GITEA_USERNAME}
          password: ${GITEA_PASSWORD}

    proxy:
      endpoints:
        '/argo-workflows/api':
          target: '{{ .Values.integrations.argoWorkflows.url }}'
          changeOrigin: true
          secure: true
          headers:
            Accept: 'application/json'
            Authorization: 'Bearer ${ARGO_WORKFLOWS_TOKEN}'

        '/argocd/api':
          target: '{{ .Values.integrations.argocd.url }}'
          changeOrigin: true
          secure: true

    techdocs:
      builder: 'local'
      generator:
        runIn: 'local'
      publisher:
        type: 'local'

    scaffolder:
      defaultAuthor:
        name: backstage-scaffolder
        email: noreply@{{ .Values.backstage.baseUrl | replace "https://" "" | replace "http://" "" }}
      defaultCommitMessage: "backstage scaffolder"

    catalog:
      import:
        entityFilename: catalog-info.yaml
        pullRequestBranchName: backstage-integration
      rules:
        - allow: [Component, System, API, Resource, Location, Template]
      locations:
        - type: url
          target: {{ .Values.integrations.gitea.url }}/templates/catalog-info.yaml

    kubernetes:
      serviceLocatorMethod:
        type: 'multiTenant'
      clusterLocatorMethods:
        - type: 'config'
          clusters:
            - url: {{ .Values.integrations.kubernetes.clusterUrl }}
              name: backstage-cluster
              authProvider: 'serviceAccount'
              skipTLSVerify: false
              skipMetricsLookup: false

    argocd:
      appLocatorMethods:
        - type: 'config'
          instances:
            - name: production
              url: {{ .Values.integrations.argocd.url }}
              username: admin
              password: ${ARGOCD_AUTH_TOKEN}

    argoWorkflows:
      baseUrl: {{ .Values.integrations.argoWorkflows.url }}