This walkthrough will show you how to install and setup the Kuadrant Operator into an OCM Managed Cluster.
- Access to an Open Cluster Management(OCM) (>= v0.11.0) Managed Cluster, which has already been bootstrapped and registered with a hub cluster
- We have a guide which covers this in detail
- For more information on OCM also see:
- Kubectl (>= v1.14.0)
- OLM installed on the ManagedCluster where you want to run the Kuadrant Service Protection components
- For installation guides please see:
- Istio operator v1.20.0 installed on the spoke clusters
- Please see install guide here
- Gateway API v1
- To install please use:
kubectl apply -f "https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.0.0/standard-install.yaml"- For more information please see: GatewayAPI DOCs
To install the Kuadrant Service Protection components into a spoke ManagedCluster, target your OCM Hub cluster with kubectl and run:
kubectl apply -k "github.com/kuadrant/multicluster-gateway-controller.git/config/service-protection-install-guide?ref=release-0.3" -n namespace-of-your-managed-spoke-cluster-on-the-hub
The above command will install the ManagedClusterAddOn resource needed to install the Kuadrant addon into the namespace representing a spoke cluster, and install the Kuadrant data-plane components into the open-cluster-management-agent-addon namespace.
The Kuadrant addon will install:
- Kuadrant Operator
- Limitador (and its associated operator)
- Authorino (and its associated operator)
For more details, see the Kuadrant components installed by the kuadrant-operator
The Kuadrant OCM (Open Cluster Management) Add-On depends on the Operator Lifecycle Manager (OLM)'s CatalogSource. By default, this is set to olm/operatorhubio-catalog.
In OpenShift environments, OLM comes pre-installed. However, it is configured to use the openshift-marketplace/community-operators CatalogSource by default, not the olm/operatorhubio-catalog.
To align the Kuadrant add-on with the OpenShift default CatalogSource, you can patch the add-on's CatalogSource configuration. Run the following command (note it needs to be run for each managed cluster where the add-on is installed):
kubectl annotate managedclusteraddon kuadrant-addon "addon.open-cluster-management.io/values"='{"CatalogSource":"community-operators", "CatalogSourceNS":"openshift-marketplace"}' -n managed-cluster-nsIn the case where you have an existing Istio installation on a cluster, you may encounter an issue where the Kuadrant Operator expects Istio's Operator to be named istiocontrolplane.
The istioctl command saves the IstioOperator CR that was used to install Istio in a copy of the CR named installed-state.
To let the Kuadrant operator use this existing installation, set the following:
kubectl annotate managedclusteraddon kuadrant-addon "addon.open-cluster-management.io/values"='{"IstioOperator":"installed-state"}' -n <managed spoke cluster>
This will propagate down and update the Kuadrant Operator, used by the Kuadrant OCM Addon.
If you want to use a different channel with the ManagedClusterAddon to install the kuadrant operator. You can do so by overriding the channel with the follow annotation:
kubectl annotate managedclusteraddon kuadrant-addon "addon.open-cluster-management.io/values"='{"CatalogSourceNS":"openshift-marketplace", "CatalogSource":"community-operators", "Channel":"preview"}' -n managed-cluster-ns
This will propagate down and update the Kuadrant Subscription, used by OLM in the spoke.
To verify the Kuadrant OCM addon has installed currently, run:
kubectl wait --timeout=5m -n kuadrant-system kuadrant/kuadrant-sample --for=condition=ReadyYou should see the namespace kuadrant-system, and the following pods come up:
- authorino-value
- authorino-operator-value
- kuadrant-operator-controller-manager-value
- limitador-value
- limitador-operator-controller-manager-value
With the Kuadrant data plane components installed, here is some further reading material to help you utilise Authorino and Limitador:
Getting started with Authorino Getting started With Limitador