[release-1.7] doc: add backend_secret config to orchestrator (#1567) (#1571)

Co-authored-by: Jennifer Ubah <10870059+jenniferubah@users.noreply.github.com>

Author: rm3l

docs/orchestrator.md

@@ -79,7 +79,9 @@ To enable the orchestrator plugin, you should refer the dynamic plugins ConfigMa
          disabled: false  
 ```
 
-See [example](/examples/orchestrator.yaml) for a complete configuration of the orchestrator plugin.
+See [example](/examples/orchestrator.yaml) for a complete configuration of the orchestrator plugin. 
+Ensure to add a secret with the BACKEND_SECRET key/value and update
+the secret name in the `Backstage` CR under the `extraEnvs` field.
 
 #### Plugin registry
 

examples/orchestrator.yaml

@@ -30,6 +30,22 @@ data:
         guest:
           # using the guest user to query the '/api/dynamic-plugins-info/loaded-plugins' endpoint.
           dangerouslyAllowOutsideDevelopment: true
+    backend:
+      auth:
+        externalAccess:
+          - type: static
+            options:
+              token: ${BACKEND_SECRET}
+              subject: orchestrator
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: backend-auth-secret
+stringData:
+  # generated with the command below (from https://backstage.io/docs/auth/service-to-service-auth/#setup):
+  # node -p 'require("crypto").randomBytes(24).toString("base64")'
+  BACKEND_SECRET: "R2FxRVNrcmwzYzhhN3l0V1VRcnQ3L1pLT09WaVhDNUEK" # notsecret
 ---
 apiVersion: rhdh.redhat.com/v1alpha3
 kind: Backstage
@@ -41,3 +57,6 @@ spec:
       configMaps:
         - name: app-config-rhdh
     dynamicPluginsConfigMapName: orchestrator-plugin
+    extraEnvs:
+      secrets:
+        - name: backend-auth-secret # secret that contains the BACKEND_SECRET key