Make it work on Openshift

Makefile

@@ -92,7 +92,11 @@ local-setup: argocd kind-create-cluster-0 kind-create-cluster-1
 	$(MAKE) kind-apply-argocd
 	kubectl -n argocd wait --for=condition=ready pod -l app.kubernetes.io/name=argocd-server --timeout=120s
 	kubectl -n argocd wait --for=jsonpath='{.status.loadBalancer.ingress}' service/argocd-server
-	$(MAKE) argocd-login && $(ARGOCD) cluster add kind-kuadrant-local-1 --name kuadrant-local-1 --yes --cluster-endpoint kube-public
+	$(MAKE) argocd-login && \
+        $(ARGOCD) cluster add kind-kuadrant-local-0 --name in-cluster --in-cluster --yes \
+                --label deployment.kuadrant.io/argocd-install=true \
+                --label deployment.kuadrant.io/hub=true && \
+		$(ARGOCD) cluster add kind-kuadrant-local-1 --name kuadrant-local-1 --yes --cluster-endpoint kube-public
 	$(MAKE) argocd-url
 	$(MAKE) kind-skupper-init-0
 	$(MAKE) kind-skupper-init-1

README.md

@@ -4,20 +4,41 @@ This repo contains some example deployments for Kuadrant.
 - All deployments use kustomize and regular kuberentes resources
 - We will provide basic instructions for installing and configuring ArgoCD but more advanced topics should be found via argocd docs
 
-Phase 1
+## Phases
 
-### Deploying Kuadrant via ArgoCD, configuring permissions and MultiAZ resilience
+
+
+### **Phase 1** - Deploying Kuadrant via ArgoCD, configuring permissions and MultiAZ resilience
 
 - HA deployments for Authorino and Limitador using topology constraints, multiple replicas (perhaps HPA), PodDisruption budgets and resource limits.
 - RBAC setup to allow develoepr 1 to deploy a HTTRoute based API , RLP and AuthPolicy to a specific namespace via ArgoCD.
 - RBAC setup to allow developer to see only his API in the Grafana dashboards in the single cluster setup.
 
 
-Phase 2
-
-## Deployment of Kuadrant to 2 clusters and using thanos for observability
+### **Phase 2** Deployment of Kuadrant to 2 clusters and using thanos for observability
 
 - Extend on phase 1 to include a second cluster
 - Introduce an external redis configuration
 - Introduce and install thanos 
 
+## Instructions
+
+The following instructions assume you have cloned the repo locally adn are in the project's root directory.
+
+### Local
+
+To deploy the setup in local kind clusters just issue a `make local-setup` command in a shell. Information on how to connect to the argocd UI will be printed in the output.
+
+### Remote
+
+To install in a remote cluster, it is assumed that an argocd instance is already up and running in the cluster. An example is available on how to install an argocd instance in OpenShift using the argocd-operator.
+
+1. Label the clusters in your argocd instance. To do so, go to "**settings** > **clusters** > **<cluster-name>** > **edit**" in the argocd UI. This can also be achieved using the argocd CLI. The following labels must be set, depending on the desired effect:
+
+    * argocd.argoproj.io/secret-type=cluster: all applicationsets expect that clusters have this label. This label is always present for clusters different that the 'in-cluster' one, which might not have it, depending on how argocd was installed. Make sure that 'in-cluster' also has this label, as it acts as the hub cluster.
+    * deployment.kuadrant.io/hub=true: marks this cluster as the hub. Certain resources will only be installed in the hub cluster.
+    * vendor=OpenShift: marks this cluster as an OpenShift cluster. A k8s cluster is assumed if this label is not present.
+
+2. `kubectl create ns argocd && kubectl apply -f manifests/argocd-install/app-of-apps-application.yaml`
+
+3. Coffee time. It should all be green afte some minutes.

examples/argocd-openshift.yaml

@@ -0,0 +1,120 @@
+apiVersion: operators.coreos.com/v1alpha1
+kind: Subscription
+metadata:
+  name: argocd-operator
+  namespace: argocd
+spec:
+  channel: alpha
+  config:
+    env:
+      - name: ARGOCD_CLUSTER_CONFIG_NAMESPACES
+        value: argocd
+  installPlanApproval: Automatic
+  name: argocd-operator
+  source: community-operators
+  sourceNamespace: openshift-marketplace
+  startingCSV: argocd-operator.v0.12.0
+
+---
+apiVersion: argoproj.io/v1beta1
+kind: ArgoCD
+metadata:
+  name: argocd
+  namespace: argocd
+spec:
+  server:
+    autoscale:
+      enabled: false
+    grpc:
+      ingress:
+        enabled: false
+    ingress:
+      enabled: false
+    resources:
+      limits:
+        cpu: 500m
+        memory: 256Mi
+      requests:
+        cpu: 125m
+        memory: 128Mi
+    route:
+      enabled: true
+    service:
+      type: ''
+  grafana:
+    enabled: false
+    ingress:
+      enabled: false
+    route:
+      enabled: false
+  monitoring:
+    enabled: false
+  notifications:
+    enabled: false
+  prometheus:
+    enabled: false
+    ingress:
+      enabled: false
+    route:
+      enabled: false
+  initialSSHKnownHosts: {}
+  sso:
+    dex:
+      openShiftOAuth: true
+      resources:
+        limits:
+          cpu: 500m
+          memory: 256Mi
+        requests:
+          cpu: 250m
+          memory: 128Mi
+    provider: dex
+  applicationSet:
+    enabled: true
+    webhookServer:
+      ingress:
+        enabled: false
+      route:
+        enabled: false
+  rbac:
+    policy: 'g, rbacsystem:cluster-admins, role:admin'
+    scopes: '[groups]'
+  repo:
+    resources:
+      limits:
+        cpu: '1'
+        memory: 1024Mi
+      requests:
+        cpu: 250m
+        memory: 256Mi
+  ha:
+    enabled: false
+    resources:
+      limits:
+        cpu: 500m
+        memory: 256Mi
+      requests:
+        cpu: 250m
+        memory: 128Mi
+  kustomizeBuildOptions: '--enable-helm'
+  tls:
+    ca: {}
+  redis:
+    resources:
+      limits:
+        cpu: 500m
+        memory: 256Mi
+      requests:
+        cpu: 250m
+        memory: 128Mi
+  controller:
+    processors: {}
+    resources:
+      limits:
+        cpu: '2'
+        memory: 2Gi
+      requests:
+        cpu: 250m
+        memory: 1Gi
+    sharding: {}
+

manifests/argocd-applications/argocd-install-application.yaml

@@ -13,7 +13,7 @@ spec:
     # repoURL: https://github.com/kuadrant/deployment
     # targetRevision: HEAD
     repoURL: https://github.com/roivaz/kuadrant-deployment
-    targetRevision: ha-setup
+    targetRevision: kuadrant-v1.0.0-rc4
   syncPolicy:
     automated:
       selfHeal: true

manifests/argocd-applications/argocd-install-applicationset.yaml

@@ -0,0 +1,50 @@
+apiVersion: argoproj.io/v1alpha1
+kind: ApplicationSet
+metadata:
+  name: argocd-install
+spec:
+  ignoreApplicationDifferences:
+    - jsonPointers:
+        - /spec/syncPolicy
+        - /spec/source/targetRevision
+  goTemplate: true
+  generators:
+    - clusters:
+        selector:
+          matchExpressions:
+            # A cluster secret is not automatically created for the local cluster, so we need to
+            # add one (or edit the in-cluster cluste rthrough the argocd UI) for it. Only after
+            # evaluating that the secret exists it is safe to evaluate the other installation conditions
+            - key: argocd.argoproj.io/secret-type
+              operator: Exists
+            # Only install argocd through the repo yamls if the cluster secret has been marked with the
+            # following label. This allows users to make use of the resources in this repo while managing
+            # their own installation of argocd
+            - key: deployment.kuadrant.io/argocd-install
+              operator: In
+              values:
+                - "true"
+            # install argocd only in the Hub cluster
+            - key: deployment.kuadrant.io/hub
+              operator: In
+              values:
+                - "true"
+
+  template:
+    metadata:
+      name: "argocd-install.{{.nameNormalized}}"
+      namespace: argocd
+    spec:
+      destination:
+        namespace: argocd
+        name: "{{.name}}"
+      project: default
+      source:
+        path: manifests/argocd-install
+        # repoURL: https://github.com/kuadrant/deployment
+        # targetRevision: HEAD
+        repoURL: https://github.com/roivaz/kuadrant-deployment
+        targetRevision: kuadrant-v1.0.0-rc4
+      syncPolicy:
+        automated:
+          selfHeal: true

manifests/argocd-applications/kuadrant-applicationset.yaml

@@ -2,7 +2,6 @@ apiVersion: argoproj.io/v1alpha1
 kind: ApplicationSet
 metadata:
   name: kuadrant-install
-  namespace: argocd
 spec:
   ignoreApplicationDifferences:
     - jsonPointers:
@@ -12,25 +11,29 @@ spec:
   generators:
     - matrix:
         generators:
-          - clusters: {}
+          - clusters:
+              selector:
+                matchExpressions:
+                  - key: argocd.argoproj.io/secret-type
+                    operator: Exists
           - git:
               # repoURL: https://github.com/kuadrant/deployment
               # revision: HEAD
               repoURL: https://github.com/roivaz/kuadrant-deployment
-              revision: ha-setup
+              revision: kuadrant-v1.0.0-rc4
               files:
                 - path: manifests/kuadrant/**/argocd-config.yaml
   template:
     metadata:
-      name: "{{.path.basename}}.{{.name}}"
+      name: "{{.path.basename}}.{{.nameNormalized}}"
     spec:
       project: default
       source:
         # repoURL: https://github.com/kuadrant/deployment
         # targetRevision: main
         repoURL: https://github.com/roivaz/kuadrant-deployment
-        targetRevision: ha-setup
-        path: "{{.path.path}}"
+        targetRevision: kuadrant-v1.0.0-rc4
+        path: '{{.path.path}}/overlays/{{or (index .metadata.labels "vendor") "k8s" | lower}}'
       destination:
         name: "{{.name}}"
       syncPolicy:

manifests/argocd-applications/kustomization.yaml

@@ -1,9 +1,8 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
-namespace: argocd
 resources:
-  - argocd-install-application.yaml
+  - argocd-install-applicationset.yaml
   - operator-lifecycle-manager-applicationset.yaml
   - kuadrant-applicationset.yaml
-  - observability-hub-application.yaml
+  - observability-hub-applicationset.yaml
   - observability-worker-applicationset.yaml

manifests/argocd-applications/observability-hub-application.yaml

@@ -13,7 +13,7 @@ spec:
     # repoURL: https://github.com/kuadrant/deployment
     # targetRevision: HEAD
     repoURL: https://github.com/roivaz/kuadrant-deployment
-    targetRevision: ha-setup
+    targetRevision: kuadrant-v1.0.0-rc4
   syncPolicy:
     automated:
       selfHeal: true

manifests/argocd-applications/observability-hub-applicationset.yaml

@@ -0,0 +1,50 @@
+---
+apiVersion: argoproj.io/v1alpha1
+kind: ApplicationSet
+metadata:
+  name: observability-hub
+spec:
+  ignoreApplicationDifferences:
+    - jsonPointers:
+        - /spec/syncPolicy
+        - /spec/source/targetRevision
+  goTemplate: true
+  generators:
+    - clusters:
+        selector:
+          matchExpressions:
+            # A cluster secret is not automatically created for the local cluster, so we need to
+            # add one (or edit the in-cluster cluste rthrough the argocd UI) for it. Only after
+            # evaluating that the secret exists it is safe to evaluate the other installation conditions
+            - key: argocd.argoproj.io/secret-type
+              operator: Exists
+            # Only install argocd through the repo yamls if the cluster secret has been marked with the
+            # following label. This allows users to make use of the resources in this repo while managing
+            # their own installation of argocd
+            - key: vendor
+              operator: NotIn
+              values:
+                - "OpenShift"
+            # only install in Hyb cluster
+            - key: deployment.kuadrant.io/hub
+              operator: In
+              values:
+                - "true"
+  template:
+    metadata:
+      name: observability-hub.{{.nameNormalized}}
+      namespace: argocd
+    spec:
+      destination:
+        namespace: monitoring
+        name: "{{.name}}"
+      project: default
+      source:
+        path: manifests/observability-hub/k8s
+        # repoURL: https://github.com/kuadrant/deployment
+        # targetRevision: HEAD
+        repoURL: https://github.com/roivaz/kuadrant-deployment
+        targetRevision: kuadrant-v1.0.0-rc4
+      syncPolicy:
+        automated:
+          selfHeal: true