Improved Kuadrant installation via Olm and kustomize (#1075)

* add simple installation Signed-off-by: craig <[email protected]> rh-pre-commit.version: 2.2.0 rh-pre-commit.check-secrets: ENABLED more detailed installation guide and examples rh-pre-commit.version: 2.2.0 rh-pre-commit.check-secrets: ENABLED * add default limitador and authorino resources Signed-off-by: craig <[email protected]> rh-pre-commit.version: 2.2.0 rh-pre-commit.check-secrets: ENABLED * standard authorino rh-pre-commit.version: 2.2.0 rh-pre-commit.check-secrets: ENABLED * add ns rh-pre-commit.version: 2.2.0 rh-pre-commit.check-secrets: ENABLED * install rh-pre-commit.version: 2.2.0 rh-pre-commit.check-secrets: ENABLED * add authorino and limitador patches Signed-off-by: craig <[email protected]> rh-pre-commit.version: 2.2.0 rh-pre-commit.check-secrets: ENABLED * final version Signed-off-by: craig <[email protected]> rh-pre-commit.version: 2.2.0 rh-pre-commit.check-secrets: ENABLED * update full example dir Signed-off-by: craig <[email protected]> rh-pre-commit.version: 2.2.0 rh-pre-commit.check-secrets: ENABLED * Update config/install/README.md Co-authored-by: David Martin <[email protected]> * Update config/install/README.md Co-authored-by: David Martin <[email protected]> * Update config/install/README.md Co-authored-by: David Martin <[email protected]> * Update config/install/README.md Co-authored-by: David Martin <[email protected]> * add new installation guide covering resilient deployment Signed-off-by: craig <[email protected]> rh-pre-commit.version: 2.2.0 rh-pre-commit.check-secrets: ENABLED --------- Co-authored-by: David Martin <[email protected]>
Kuadrant · Dec 20, 2024 · a4876c5 · a4876c5
1 parent ad4a4a8
commit a4876c5
Show file tree

Hide file tree

Showing 17 changed files with 713 additions and 63 deletions.
diff --git a/config/install/README.md b/config/install/README.md
diff --git a/config/install/configure/aws/kustomization.yaml b/config/install/configure/aws/kustomization.yaml
@@ -5,7 +5,8 @@ kind: Kustomization
 # You can start by copying `aws-credentials.env.sample` and customising it as needed.
 
 resources:
-  - ../standard
+  - https://github.com/Kuadrant/kuadrant-operator//config/install/standard
+  # - https://github.com/Kuadrant/kuadrant-operator//config/install/openshift # use this one if installing on OCP
   - cluster-issuer.yaml
 
 generatorOptions:
@@ -18,7 +19,7 @@ secretGenerator:
   - name: aws-provider-credentials
     namespace: cert-manager
     envs:
-      - aws-credentials.env
+      - aws-credentials.env # you will need to setup this file locally
     type: 'kuadrant.io/aws'
   - name: aws-provider-credentials
     namespace: gateway-system

diff --git a/config/install/configure/kitchen-sink/kustomization.yaml b/config/install/configure/kitchen-sink/kustomization.yaml
diff --git a/config/install/configure/redis-storage/kustomization.yaml b/config/install/configure/redis-storage/kustomization.yaml
@@ -14,4 +14,4 @@ secretGenerator:
     namespace: kuadrant-system
     envs:
       - redis-credentials.env
-    type: 'kuadrant.io/aws'
+    type: 'kuadrant.io/redis'
diff --git a/config/install/configure/standard/authorino.yaml b/config/install/configure/standard/authorino.yaml
@@ -0,0 +1,17 @@
+apiVersion: operator.authorino.kuadrant.io/v1beta1
+kind: Authorino
+metadata:
+  name: authorino
+  namespace: kuadrant-system
+spec:
+  clusterWide: true
+  listener:
+    tls:
+      enabled: false
+  oidcServer:
+    tls:
+      enabled: false
+  supersedingHostSubsets: true
+  tracing:
+    endpoint: ''
+  replicas: 1
diff --git a/config/install/configure/standard/kustomization.yaml b/config/install/configure/standard/kustomization.yaml
@@ -1,5 +1,7 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
+  - limitador.yaml
+  - authorino.yaml
   - sail.yaml
   - kuadrant.yaml
diff --git a/config/install/configure/standard/limitador.yaml b/config/install/configure/standard/limitador.yaml
@@ -0,0 +1,6 @@
+apiVersion: limitador.kuadrant.io/v1alpha1
+kind: Limitador
+metadata:
+  name: limitador
+  namespace: kuadrant-system
+spec: {}
diff --git a/config/install/full-example-aws/configure/aws-credentials.env.sample b/config/install/full-example-aws/configure/aws-credentials.env.sample
@@ -0,0 +1,5 @@
+# If using this you will need to rename the file and remove the .sample suffix and remove this comment
+
+KUADRANT_AWS_ACCESS_KEY_ID=xxx
+KUADRANT_AWS_SECRET_ACCESS_KEY=xxx
+KUADRANT_AWS_REGION=eu-west-1
diff --git a/config/install/full-example-aws/configure/cluster-issuer.yaml b/config/install/full-example-aws/configure/cluster-issuer.yaml
@@ -0,0 +1,19 @@
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: lets-encrypt-aws
+spec:
+  acme:
+    privateKeySecretRef:
+      name: le-secret
+    server: https://acme-v02.api.letsencrypt.org/directory
+    solvers:
+      - dns01:
+          route53:
+            accessKeyIDSecretRef:
+              key: AWS_ACCESS_KEY_ID
+              name: aws-provider-credentials #notice this matches the name of the secret we created.
+            region: us-east-1 #override if needed
+            secretAccessKeySecretRef:
+              key: AWS_SECRET_ACCESS_KEY
+              name: aws-provider-credentials
diff --git a/config/install/full-example-aws/configure/kustomization.yaml b/config/install/full-example-aws/configure/kustomization.yaml
@@ -0,0 +1,56 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - https://github.com/Kuadrant/kuadrant-operator//config/install/configure/standard?ref=v1.0.1 #change this version as needed (see https://github.com/Kuadrant/kuadrant-operator/releases)
+  - cluster-issuer.yaml #(comment if you dont want to use it. The issuer yaml is defined below).
+
+generatorOptions:
+  disableNameSuffixHash: true
+  labels:
+    app.kubernetes.io/part-of: kuadrant
+    app.kubernetes.io/managed-by: kustomize
+
+secretGenerator:
+  - name: aws-provider-credentials
+    namespace: cert-manager # assumes cert-manager namespace exists.
+    envs:
+      - aws-credentials.env # notice this matches the .env file above. You will need to setup this file locally
+    type: 'kuadrant.io/aws'
+  - name: aws-provider-credentials
+    namespace: gateway-system # this is the namespace where your gateway will be provisioned
+    envs:
+      - aws-credentials.env #notice this matches the .env file above. you need to set up this file locally first.
+    type: 'kuadrant.io/aws'
+  - name: redis-credentials
+    namespace: kuadrant-system
+    envs:
+      - redis-credentials.env
+    type: 'kuadrant.io/redis'
+
+patches:
+  - patch: |-
+      apiVersion: limitador.kuadrant.io/v1alpha1
+      kind: Limitador
+      metadata:
+        name: limitador
+        namespace: kuadrant-system
+      spec:
+        pdb:
+          maxUnavailable: 1
+        replicas: 2
+        resourceRequirements:
+          requests:
+            cpu: 10m
+            memory: 10Mi # set these based on your own needs.
+        storage:
+          redis:
+            configSecretRef:
+              name: redis-credentials
+  - patch: |-
+      apiVersion: operator.authorino.kuadrant.io/v1beta1
+      kind: Authorino
+      metadata:
+        name: authorino
+        namespace: kuadrant-system
+      spec:
+        replicas: 2
diff --git a/config/install/full-example-aws/configure/patches/authorino-topoloy-patch.yaml b/config/install/full-example-aws/configure/patches/authorino-topoloy-patch.yaml
@@ -0,0 +1,22 @@
+spec:
+  template:
+    spec:
+      containers:
+        - name: authorino
+          resources:
+            requests:
+              cpu: 10m # set your own needed limits here
+              memory: 10Mi # set your own needed limits here
+      topologySpreadConstraints:
+        - maxSkew: 1
+          topologyKey: kubernetes.io/hostname
+          whenUnsatisfiable: ScheduleAnyway
+          labelSelector:
+            matchLabels:
+              authorino-resource: authorino
+        - maxSkew: 1
+          topologyKey: kubernetes.io/zone
+          whenUnsatisfiable: ScheduleAnyway
+          labelSelector:
+            matchLabels:
+              authorino-resource: authorino
diff --git a/config/install/full-example-aws/configure/patches/limitador-topology-patch.yaml b/config/install/full-example-aws/configure/patches/limitador-topology-patch.yaml
@@ -0,0 +1,16 @@
+spec:
+  template:
+    spec:
+      topologySpreadConstraints:
+        - maxSkew: 1
+          topologyKey: kubernetes.io/hostname
+          whenUnsatisfiable: ScheduleAnyway
+          labelSelector:
+            matchLabels:
+              limitador-resource: limitador
+        - maxSkew: 1
+          topologyKey: kubernetes.io/zone
+          whenUnsatisfiable: ScheduleAnyway
+          labelSelector:
+            matchLabels:
+              limitador-resource: limitador
diff --git a/config/install/full-example-aws/configure/redis-credentials.env.sample b/config/install/full-example-aws/configure/redis-credentials.env.sample
@@ -0,0 +1,3 @@
+# If using this you will need to rename the file and remove the .sample suffix and remove this comment
+
+URL=redis://xxxx
diff --git a/config/install/full-example-aws/install/kustomization.yaml b/config/install/full-example-aws/install/kustomization.yaml
@@ -0,0 +1,17 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - https://github.com/Kuadrant/kuadrant-operator//config/install/standard?ref=v1.0.1 #change this version as needed (see https://github.com/Kuadrant/kuadrant-operator/releases)
+  #- https://github.com/Kuadrant/kuadrant-operator//config/install/openshift?ref=v1.0.1 #use if targeting an OCP cluster. Change this version as needed (see https://github.com/Kuadrant/kuadrant-operator/releases).
+
+patches: # remove the subscription patch if you are installing a development version. It will then use the "preview" channel
+  - patch: |-
+      apiVersion: operators.coreos.com/v1alpha1
+      kind: Subscription
+      metadata:
+        name: kuadrant
+      spec:
+        source: kuadrant-operator-catalog
+        sourceNamespace: kuadrant-system
+        name: kuadrant-operator
+        channel: 'stable' #set to preview if not using a release (for example if using main)
diff --git a/config/install/no-gateway-provider/kustomization.yaml b/config/install/no-gateway-provider/kustomization.yaml
@@ -0,0 +1,9 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+# note by default this will install the version of kuadrant you checkout from v1 onwards
+# if you want to install a different released version you can use the patch options below.
+# If you want to install the latest development tag, remove the subscription patch
+resources:
+  - https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.1.0/standard-install.yaml
+  - ../../deploy/olm
diff --git a/config/install/standard/kuadrant-version.yaml b/config/install/standard/kuadrant-version.yaml
diff --git a/config/install/standard/kustomization.yaml b/config/install/standard/kustomization.yaml
@@ -2,15 +2,9 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 
 # note by default this will install the version of kuadrant you checkout from v1 onwards
-# if you want to install a different version you can use the patch option below
+# if you want to install a different released version you can use the patch options below.
+# If you want to install the latest development tag, remove the subscription patch
 resources:
   - https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.1.0/standard-install.yaml
   - sail-operator.yaml
   - ../../deploy/olm
-# patches:
-#   - target:
-#       group: operators.coreos.com
-#       version: v1alpha1
-#       kind: CatalogSource
-#       name: kuadrant-operator-catalog
-#     path: kuadrant-version.yaml
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,3 @@
		# If using this you will need to rename the file and remove the .sample suffix and remove this comment

		URL=redis://xxxx