Red Hat Product Requirements
Products, operators, and infrastructure needed to deploy and use this golden path template.
Core Requirements
These products must be installed and configured for the golden path to function.
| Product | Min. Version | Role | Status |
|---|---|---|---|
| Red Hat OpenShift Container Platform | 4.14+ | The Kubernetes cluster runtime. Provides the foundation for all workloads including VMs, operators, and GitOps tooling. | Required |
| Red Hat OpenShift Virtualization | 4.14+ |
KubeVirt-based VM runtime. Provides the VirtualMachine,
DataVolume, and VirtualMachineInstance CRDs.
Installed via the kubevirt-hyperconverged operator from OperatorHub.
|
Required |
| Red Hat Developer Hub | 1.x |
Backstage-based self-service developer portal. Hosts the Software Template,
provides the wizard UI, and registers provisioned VMs in the catalog.
Requires the scaffolder, catalog, and
techdocs plugins.
|
Required |
| Red Hat OpenShift GitOps | 1.10+ |
ArgoCD operator. Provides continuous delivery by watching Git repositories
and reconciling Kubernetes resources. Each VM gets its own ArgoCD
Application with auto-sync, prune, and self-heal enabled.
|
Required |
| Gitea (or compatible Git server) | 1.21+ |
Lightweight Git hosting server. The template uses the
publish:gitea Backstage action to create repositories. Can be
replaced by any Git server if the corresponding Backstage action is available.
|
Required |
Optional Requirements
These components are only needed when specific features are enabled in the wizard (e.g., Connectivity Link, OIDC authentication).
| Product | Min. Version | Role | When Needed |
|---|---|---|---|
| Red Hat Connectivity Link / Kuadrant | 1.x |
Provides AuthPolicy, RateLimitPolicy,
PlanPolicy, and APIProduct CRDs. Powers the
Gateway API-based ingress with authentication and rate limiting.
Includes the Authorino authorization engine and Limitador rate limiter.
|
Connectivity Link enabled |
| Red Hat OpenShift Service Mesh / Istio | 2.4+ |
Service mesh providing the istio GatewayClass for
Gateway API. Creates the Istio ingress gateway pods that route traffic
to VM services.
|
Connectivity Link enabled |
| Red Hat Build of Keycloak | 22+ | OpenID Connect identity provider. Used when the OIDC authentication model is selected. Provides JWT token issuance and validation for the AuthPolicy. | Auth model = OIDC |
| Gateway API CRDs | v1 |
Kubernetes Gateway API resources (Gateway,
HTTPRoute). Usually installed alongside Service Mesh or
Connectivity Link.
|
Connectivity Link enabled |
Cluster Configuration
Operator Installation
Install the following operators from OperatorHub in the OpenShift console:
| Operator | Namespace | Channel |
|---|---|---|
OpenShift Virtualization (kubevirt-hyperconverged) |
openshift-cnv |
stable |
| Red Hat OpenShift GitOps | openshift-gitops-operator |
latest |
| Red Hat Developer Hub | rhdh-operator |
fast |
| Red Hat OpenShift Service Mesh (Istio) | openshift-operators |
stable |
| Kuadrant (Connectivity Link) | kuadrant-system |
stable |
Required ConfigMap
The template expects a ConfigMap named workshop-config in the
developer-hub namespace containing the cluster domain:
apiVersion: v1
kind: ConfigMap
metadata:
name: workshop-config
namespace: developer-hub
data:
clusterDomain: apps.cluster.example.comArgoCD Permissions
The ArgoCD instance in openshift-gitops must have permissions to
create resources in the target VM namespaces. The template uses
ServerSideApply=true and CreateNamespace=true sync
options, so ArgoCD needs cluster-scoped permissions or explicit namespace grants.
Developer Hub Proxy Configuration
The template uses http:backstage:request actions that rely on the
following proxy endpoints being configured in Developer Hub:
| Proxy Path | Target | Purpose |
|---|---|---|
/proxy/k8s-api |
Kubernetes API server | Read ConfigMaps, create ArgoCD Applications |
/proxy/mailpit |
Mailpit API | Send provisioning notification emails |
Subscription Matrix
| Red Hat Subscription | Covers |
|---|---|
| OpenShift Container Platform | OCP, OpenShift Virtualization, OpenShift GitOps, Service Mesh |
| Red Hat Developer Hub | Developer Hub operator and plugins |
| Red Hat Connectivity Link | Kuadrant, Authorino, Limitador, Dev Portal |
| Red Hat Build of Keycloak | Keycloak SSO (only if OIDC is used) |