make service protection an option

[maleck13]

For testing purposes it can be useful to trigger the install of kuadrant service protection manually. To support this I have added a var MGC_DEPLOY_SERVICE_PROTECTION it default to true and will install service protection by default. If false it will still install OLM but wont create a managedaddon resource to install kuadrant in the spoke clusters

Verfication
set the following envars on top of the normal quickstart

export MGC_BRANCH=optional-service-protection
export MGC_DEPLOY_SERVICE_PROTECTION=false

run the quick start.

verify the kuadrant-system namespace is not created and no managedclusteraddon resources are created.

install kuadrant service protection manually

create a catalogsource in the hub cluster

apiVersion: operators.coreos.com/v1alpha1
kind: CatalogSource
metadata:
  name: kuadrant-operator
  namespace: olm
spec:
  displayName: Kuadrant
  grpcPodConfig:
    securityContextConfig: restricted
  image: quay.io/kuadrant/kuadrant-operator-catalog:0.4.0-rc1
  sourceType: grpc
  updateStrategy:
    registryPoll:
      interval: 60m

create a managedclusteraddon resource in the managed cluster namespace

apiVersion: addon.open-cluster-management.io/v1alpha1
kind: ManagedClusterAddOn
metadata:
  annotations:
    addon.open-cluster-management.io/values: '{"CatalogSource":"kuadrant-operator", "Channel":"preview"}'
  name: kuadrant-addon
  namespace: kind-mgc-control-plane
spec:
  installNamespace: open-cluster-management-agent-addon

you should see kuadrant is now installed using the preview channel and new catalog source

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: maleck13

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [maleck13]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[jasonmadigan]

👀

[jasonmadigan]

one suggestion to fix an error

[jasonmadigan]

Steps:

export MGC_BRANCH=optional-service-protection
export MGC_DEPLOY_SERVICE_PROTECTION=false

kubectl --context kind-mgc-control-plane get managedclusteraddon -A
No resources found

kubectl --context kind-mgc-control-plane get operators kuadrant-operator -n kuadrant-system -o yaml
Error from server (NotFound): operators.operators.coreos.com "kuadrant-operator" not found

k  get ns kuadrant-system
Error from server (NotFound): namespaces "kuadrant-system" not found

kcp apply -f - <<EOF
apiVersion: operators.coreos.com/v1alpha1
kind: CatalogSource
metadata:
  name: kuadrant-operator
  namespace: olm
spec:
  displayName: Kuadrant
  grpcPodConfig:
    securityContextConfig: restricted
  image: quay.io/kuadrant/kuadrant-operator-catalog:0.4.0-rc1
  sourceType: grpc
  updateStrategy:
    registryPoll:
      interval: 60m
EOF
catalogsource.operators.coreos.com/kuadrant-operator created

kcp apply -f - <<EOF
apiVersion: addon.open-cluster-management.io/v1alpha1
kind: ManagedClusterAddOn
metadata:
  annotations:
    addon.open-cluster-management.io/values: '{"CatalogSource":"kuadrant-operator", "Channel":"preview"}'
  name: kuadrant-addon
  namespace: kind-mgc-control-plane
spec:
  installNamespace:open-cluster-management-agent-addon
EOF
managedclusteraddon.addon.open-cluster-management.io/kuadrant-addon created

kcp get ns kuadrant-system

NAME              STATUS   AGE
kuadrant-system   Active   7m8s

the Kuadrant managedclusteraddon seems to be in an odd state, however:

kcp get managedclusteraddon -A
NAMESPACE                NAME             AVAILABLE   DEGRADED   PROGRESSING
kind-mgc-control-plane   kuadrant-addon   Unknown

kubectl --context kind-mgc-control-plane describe managedclusteraddon kuadrant-addon -n kind-mgc-control-plane
Name:         kuadrant-addon
Namespace:    kind-mgc-control-plane
Labels:       <none>
Annotations:  addon.open-cluster-management.io/values: {"CatalogSource":"kuadrant-operator", "Channel":"preview"}
API Version:  addon.open-cluster-management.io/v1alpha1
Kind:         ManagedClusterAddOn
Metadata:
  Creation Timestamp:  2023-10-02T15:10:52Z
  Generation:          2
  Resource Version:    8258
  UID:                 068757ae-d37b-4fa3-a151-dc523f686d66
Spec:
  Install Namespace:  kuadrant-system
Status:
  Add On Configuration:
  Add On Meta:
  Conditions:
    Last Transition Time:  2023-10-02T15:11:57Z
    Message:               Probe results are not returned
    Reason:                NoProbeResult
    Status:                Unknown
    Type:                  Available
    Last Transition Time:  2023-10-02T15:11:57Z
    Message:               manifests of addon are applied successfully
    Reason:                AddonManifestApplied
    Status:                True
    Type:                  ManifestApplied
  Health Check:
    Mode:  Customized
Events:    <none>

[mikenairn]

Looks fine.

Not sure i totally understand the point of creating a separate quick start script now though if it has so many optional paths. I would have thought the point of it was it was simple and consistent in what it was doing.

[maleck13]

yeah it is a fair point. Perhaps this is not actually needed. Instead to not use service protection you could follow the "existing cluster install"

[maleck13]

closed as we don't actually need this after all and it increases the complexity of the quick start and testing it