diff --git a/README.md b/README.md
index 2394f95..0119dee 100644
--- a/README.md
+++ b/README.md
@@ -1,15 +1,120 @@
# Hybrid_cloud_ecosystems
+## Justification
+
+Implementing microservices offers numerous benefits, but also presents challenges and potential problems when an architectural framework of microservices as ecosystems is not established.
+Some of the current problems when implementing microservices include:
+
+1. Management Complexity:
+
+Microservices present greater complexity in the management of multiple independent services, each with its own database and business logic. Coordinating and managing these pieces can be challenging.
+`Reference: Lewis, J. and Fowler, M. (2014). Microservices: a definition of this new architectural term.`
+
+2. Consistency and Distributed Transactions:
+
+Maintaining data consistency in a microservices environment, especially in operations that involve distributed transactions, can be complicated and require specific solutions.
+`Reference: Newman, S. (2015). Building microservices: detailed system design.`
+
+3. Security and Data Protection:
+
+Managing security in a microservices environment, involving multiple services and entry points, can be challenging. Data protection and authentication must be carefully considered.
+`Reference: Richardson, C. (2018). Microservices security in action.`
+
+4. Monitoring and Follow-up:
+
+Tracking and monitoring distributed microservices can be complex. Specialized solutions are required to understand system-wide performance and issues.
+`Reference: Burns, B. (2019). Distributed Systems Design: Patterns and Paradigms for Scalable and Reliable Services.`
+
+5. Testing and Continuous Deployment:
+
+
+Implementing effective testing and continuous deployment strategies for microservices can be more complicated than in monolithic architectures, especially given the need to test interactions between services.
+`Reference: Newman, S. (2015). Building microservices: detailed system design.`
+
+6. Cultural and Organizational Change:
+
+Adopting a microservices architecture often involves a significant cultural and organizational change. Organizations must adapt to a small, independent team mentality.
+`Reference: Fowler, M. and Lewis, J. (2018). Microservices: the dark side.`
+
+7. Network Overload and Latency:
+
+Communication between microservices can introduce latency, and a poorly designed architecture can result in network overload, affecting overall performance.
+`Reference: Newman, S. (2015). Building microservices: detailed system design.`
+
+8 Duplication of Functionalities and Waste of Resources:
+
+Fragmentation of services can lead to duplication of functionality, which can result in wasted resources and development efforts.
+`Reference: Richardson, C. (2018). Microservices Patterns: With examples in Java.`
+
+It is important to address these problems with a strategic approach and consider specific solutions to mitigate the challenges associated with the implementation of microservices in an enterprise environment, which is why it is important to undertake research on microservices implementation that reduces the impact of the aforementioned problems. . .
+
+## Architecture
+
+
+
+# LAB
+
+## Pre-reqs
+
+
+ Install ansible
+
+```sh
+sudo dnf install -y ansible
+```
+
+
+
+ vars.yml
+
```vars.yml
username: {{ user }}
+subctl-cli-url: "https://get.submariner.io"
+submariner-path: "$PATH:~/.local/bin"
+```
+
+
+
+ Install subctl
+
+Download the subctl binary and make it available on your PATH.
+
+```sh
+sudo dnf install -y ansible
+ansible-playbook submariner/submariner-install.yml
+```
+
+
+## Management Complexity
+
+**_NOTE:_** This part of the laboratory has already been provisioned, to focus on the deployment of the ecosystem's own services.
+
+
+ Deploy ACM
+
+You can use either the OpenShift 4 web console's built-in OperatorHub or the OpenShift CLI to install ACM. The installation breaks down to six steps:
+1. Prepare the environment for the ACM installation.
+2. Create a new OpenShift project and namespace.
+3. Create an image-pull secret.
+4. Install ACM and subscribe to the ACM Operator group.
+5. Create the MultiClusterHub resource.
+6. Verify the ACM installation.
+
+We will use the OpenShift command line for the first several steps; . then, I will show you how to use either the command line or the OpenShift 4 web console.
+
+```vars.yml
+ansible-playbook lab-deployment.yml --tags acm
```
+
+
+## Consistency and Distributed Transactions
-## Deploy Submariner
+### Deploy Submariner
-## Configure Submariner
+### Configure Submariner
-## Deploy Skupper Operator
+### Deploy Skupper Operator
If you want to try a cluster-wide installation, you don't need to create the `OperatorGroup` as it is already defined at the destination namespaces, so you just need to create the subscription at the correct namespaces, see below.
@@ -33,11 +138,33 @@ oc apply -f ocp /20-Subscription-cluster.yaml
oc apply -f ocp/20-Subscription.yaml
```
-## Configure Skupper
+### Configure Skupper
+
+## Security and Data Protection
+
+**_NOTE:_** This part of the laboratory has already been provisioned, to focus on the deployment of the ecosystem's own services.
+
+
+ Deploy ACS
+
+When RHACM is available, you can create RHACM policies to deploy RHACS to your cluster fleet. This approach ensures that all fleet clusters are protected by RHACS.
+
+To implement RHACS, you must create two policies in RHACM, one for centralized services and one for protected cluster services. The policy to install centralized services must be applied to the hub cluster. The policy for installing protected cluster services must be applied to the clusters that you want RHACS to protect. You can achieve this separation by using a clusterSelector parameter of the PlacementRule object.
+
+```vars.yml
+ansible-playbook lab-deployment.yml --tags acs
+```
+
+
+## Monitoring and Follow-up
+## Testing and Continuous Deployment
+## Cultural and Organizational Change
+## Network Overload and Latency
+## Duplication of Functionalities and Waste of Resources
-## Deploy applications
+### Deploy applications
-## Scenarios
+### Scenarios
### Hybrid Cloud Balancing
diff --git a/acm/acm-kusterletaddonconfig.yml b/acm/acm-kusterletaddonconfig.yml
new file mode 100644
index 0000000..304355f
--- /dev/null
+++ b/acm/acm-kusterletaddonconfig.yml
@@ -0,0 +1,22 @@
+apiVersion: agent.open-cluster-management.io/v1
+kind: KlusterletAddonConfig
+metadata:
+ name: managed-cluster
+ namespace: managed-cluster
+spec:
+ clusterName: managed-cluster
+ clusterNamespace: managed-cluster
+ applicationManager:
+ enabled: true
+ certPolicyController:
+ enabled: true
+ clusterLabels:
+ cloud: auto-detect
+ vendor: auto-detect
+ iamPolicyController:
+ enabled: true
+ policyController:
+ enabled: true
+ searchCollector:
+ enabled: true
+ version: 2.9.0
\ No newline at end of file
diff --git a/acm/acm-managedcluster.yml b/acm/acm-managedcluster.yml
new file mode 100644
index 0000000..8efb4c3
--- /dev/null
+++ b/acm/acm-managedcluster.yml
@@ -0,0 +1,7 @@
+apiVersion: cluster.open-cluster-management.io/v1
+kind: ManagedCluster
+metadata:
+ name: managed-cluster
+ namespace: managed-cluster
+spec:
+ hubAcceptsClient: true
\ No newline at end of file
diff --git a/acm/acm-multicluster.yml b/acm/acm-multicluster.yml
new file mode 100644
index 0000000..49fdccb
--- /dev/null
+++ b/acm/acm-multicluster.yml
@@ -0,0 +1,37 @@
+apiVersion: operator.open-cluster-management.io/v1
+kind: MultiClusterHub
+metadata:
+ name: multiclusterhub
+ namespace: open-cluster-management
+ finalizers:
+ - finalizer.operator.open-cluster-management.io
+spec:
+ availabilityConfig: Basic
+ enableClusterBackup: false
+ ingress:
+ sslCiphers:
+ - ECDHE-ECDSA-AES256-GCM-SHA384
+ - ECDHE-RSA-AES256-GCM-SHA384
+ - ECDHE-ECDSA-AES128-GCM-SHA256
+ - ECDHE-RSA-AES128-GCM-SHA256
+ overrides:
+ components:
+ - enabled: true
+ name: console
+ - enabled: true
+ name: insights
+ - enabled: true
+ name: grc
+ - enabled: true
+ name: cluster-lifecycle
+ - enabled: true
+ name: volsync
+ - enabled: true
+ name: multicluster-engine
+ - enabled: true
+ name: search
+ - enabled: true
+ name: app-lifecycle
+ - enabled: false
+ name: cluster-backup
+ separateCertificateManagement: false
\ No newline at end of file
diff --git a/acm/acm-operatorgroup.yml b/acm/acm-operatorgroup.yml
new file mode 100644
index 0000000..1cc44c4
--- /dev/null
+++ b/acm/acm-operatorgroup.yml
@@ -0,0 +1,9 @@
+apiVersion: operators.coreos.com/v1
+kind: OperatorGroup
+metadata:
+ name: acm-operator-group
+ namespace: open-cluster-management
+spec:
+ targetNamespaces:
+ - open-cluster-management
+ upgradeStrategy: Default
\ No newline at end of file
diff --git a/acm/acm-subscription.yml b/acm/acm-subscription.yml
new file mode 100644
index 0000000..0eabe24
--- /dev/null
+++ b/acm/acm-subscription.yml
@@ -0,0 +1,13 @@
+apiVersion: operators.coreos.com/v1alpha1
+kind: Subscription
+metadata:
+ name: advanced-cluster-management
+ namespace: open-cluster-management
+ labels:
+ operators.coreos.com/advanced-cluster-management.open-cluster-management: ''
+spec:
+ sourceNamespace: openshift-marketplace
+ source: redhat-operators
+ channel: release-2.9
+ installPlanApproval: Automatic
+ name: advanced-cluster-management
\ No newline at end of file
diff --git a/acs/policy-acs-operator-secured-clusters.yml b/acs/policy-acs-operator-secured-clusters.yml
new file mode 100644
index 0000000..6389870
--- /dev/null
+++ b/acs/policy-acs-operator-secured-clusters.yml
@@ -0,0 +1,126 @@
+apiVersion: policy.open-cluster-management.io/v1
+kind: Policy
+metadata:
+ name: policy-advanced-managed-cluster-security
+ namespace: rhacs-operator
+ annotations:
+ policy.open-cluster-management.io/standards: NIST SP 800-53
+ policy.open-cluster-management.io/categories: CM Configuration Management
+ policy.open-cluster-management.io/controls: CM-2 Baseline Configuration
+spec:
+ remediationAction: enforce
+ disabled: false
+ policy-templates:
+ - objectDefinition:
+ apiVersion: policy.open-cluster-management.io/v1
+ kind: ConfigurationPolicy
+ metadata:
+ name: managed-cluster-security-ns
+ namespace: rhacs-operator
+ spec:
+ remediationAction: inform
+ severity: high
+ object-templates:
+ - complianceType: musthave
+ objectDefinition:
+ apiVersion: v1
+ kind: Namespace
+ metadata:
+ name: stackrox
+ - complianceType: musthave
+ objectDefinition:
+ apiVersion: v1
+ kind: Namespace
+ metadata:
+ name: rhacs-operator
+ - complianceType: musthave
+ objectDefinition:
+ apiVersion: operators.coreos.com/v1
+ kind: OperatorGroup
+ metadata:
+ name: rhacs-operator-group
+ namespace: rhacs-operator
+ spec: {}
+ - objectDefinition:
+ apiVersion: policy.open-cluster-management.io/v1
+ kind: ConfigurationPolicy
+ metadata:
+ name: managed-cluster-security-operator-sub
+ namespace: rhacs-operator
+ spec:
+ remediationAction: inform
+ severity: high
+ object-templates:
+ - complianceType: musthave
+ objectDefinition:
+ apiVersion: operators.coreos.com/v1alpha1
+ kind: Subscription
+ metadata:
+ name: rhacs-operator
+ namespace: rhacs-operator
+ spec:
+ channel: latest
+ installPlanApproval: Automatic
+ name: rhacs-operator
+ source: redhat-operators
+ sourceNamespace: openshift-marketplace
+ - objectDefinition:
+ apiVersion: policy.open-cluster-management.io/v1
+ kind: ConfigurationPolicy
+ metadata:
+ name: managed-cluster-security-endpoints
+ namespace: rhacs-operator
+ spec:
+ remediationAction: inform
+ severity: high
+ object-templates:
+ - complianceType: musthave
+ objectDefinition:
+ apiVersion: platform.stackrox.io/v1alpha1
+ kind: SecuredCluster
+ metadata:
+ namespace: stackrox
+ name: stackrox-secured-cluster-services
+ spec:
+ clusterName: |
+ {{ fromSecret "open-cluster-management-agent" "hub-kubeconfig-secret" "cluster-name" | base64dec }}
+ auditLogs:
+ collection: Auto
+ centralEndpoint: |
+ {{ fromSecret "stackrox" "sensor-tls" "acs-host" | base64dec }}
+ admissionControl:
+ listenOnCreates: false
+ listenOnEvents: true
+ listenOnUpdates: false
+ perNode:
+ collector:
+ collection: EBPF
+ imageFlavor: Regular
+ taintToleration: TolerateTaints
+---
+apiVersion: policy.open-cluster-management.io/v1
+kind: PlacementBinding
+metadata:
+ name: binding-policy-advanced-managed-cluster-security
+ namespace: rhacs-operator
+placementRef:
+ name: placement-policy-advanced-managed-cluster-security
+ kind: PlacementRule
+ apiGroup: apps.open-cluster-management.io
+subjects:
+- name: policy-advanced-managed-cluster-security
+ kind: Policy
+ apiGroup: policy.open-cluster-management.io
+---
+apiVersion: apps.open-cluster-management.io/v1
+kind: PlacementRule
+metadata:
+ name: placement-policy-advanced-managed-cluster-security
+ namespace: rhacs-operator
+spec:
+ clusterConditions:
+ - status: "True"
+ type: ManagedClusterConditionAvailable
+ clusterSelector:
+ matchExpressions:
+ - {key: vendor, operator: In, values: ["OpenShift"]}
\ No newline at end of file
diff --git a/images/hybrid-microservices-ecosystems.png b/images/hybrid-microservices-ecosystems.png
new file mode 100644
index 0000000..89120f6
Binary files /dev/null and b/images/hybrid-microservices-ecosystems.png differ
diff --git a/klusterlet-crd.yaml b/klusterlet-crd.yaml
new file mode 100644
index 0000000..e69de29
diff --git a/lab-deployment.yml b/lab-deployment.yml
new file mode 100644
index 0000000..13be6d0
--- /dev/null
+++ b/lab-deployment.yml
@@ -0,0 +1,117 @@
+- name: Deploying hybrid cloud ecosystems lbs
+ hosts: localhost
+ become: false
+ gather_facts: true
+ vars_files:
+ - vars/vars.yml
+
+ tasks:
+####################################################################
+# Deploy ACM on Openshift
+####################################################################
+ - name: Create a project open-cluster-management
+ community.kubernetes.k8s:
+ state: present
+ resource_definition:
+ apiVersion: project.openshift.io/v1
+ kind: Project
+ metadata:
+ name: open-cluster-management
+ tags:
+ - acm
+ - full
+
+ - name: Deploy OperatorGroup
+ community.kubernetes.k8s:
+ state: present
+ src: "acm/acm-operatorgroup.yml"
+ tags:
+ - acm
+ - full
+
+ - name: Deploy Subscription
+ community.kubernetes.k8s:
+ state: present
+ src: "acm/acm-subscription.yml"
+ tags:
+ - acm
+ - full
+
+ # - name: Get installplan
+ # shell:
+ # cmd: oc get installplan -o=jsonpath='{.items[1].metadata.name}' -n open-cluster-management
+ # register: acm_installplan
+
+ # - name: Patch installplan
+ # shell:
+ # cmd: oc patch installplan "{{ acm_installplan.stdout }}" --type merge --patch '{"spec":{"approved":true}}'
+
+ - name: Deploy MultiClusterHub
+ community.kubernetes.k8s:
+ state: present
+ src: "acm/acm-multicluster.yml"
+ tags:
+ - acm
+ - full
+
+ - name: Create a project open-cluster-management
+ community.kubernetes.k8s:
+ state: present
+ resource_definition:
+ apiVersion: project.openshift.io/v1
+ kind: Project
+ metadata:
+ name: managed-cluster
+ tags:
+ - acm
+ - full
+
+ - name: Label namespace managed-cluster
+ shell:
+ cmd: oc label namespace managed-cluster cluster.open-cluster-management.io/managedCluster=managed-cluster
+ tags:
+ - acm
+ - full
+
+ - name: Deploy ManagedCluster
+ community.kubernetes.k8s:
+ state: present
+ src: "acm/acm-managedcluster.yml"
+ tags:
+ - acm
+ - full
+
+ - name: Deploy KlusterletAddonConfig
+ community.kubernetes.k8s:
+ state: present
+ src: "acm/acm-kusterletaddonconfig.yml"
+ tags:
+ - acm
+ - full
+
+####################################################################
+# Deploy ACS on Openshift
+####################################################################
+ - name: Create a project open-cluster-management
+ community.kubernetes.k8s:
+ state: present
+ resource_definition:
+ apiVersion: project.openshift.io/v1
+ kind: Project
+ metadata:
+ name: rhacs-operator
+ tags:
+ - acs
+ - full
+
+ - name: Deploy KlusterletAddonConfig
+ community.kubernetes.k8s:
+ state: present
+ src: "acs/policy-acs-operator-secured-clusters.yml"
+ tags:
+ - acs
+ - full
+
+
+
+
diff --git a/skupper/00-CatalogSource.yaml b/skupper/00-CatalogSource.yaml
new file mode 100644
index 0000000..4681a76
--- /dev/null
+++ b/skupper/00-CatalogSource.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: operators.coreos.com/v1alpha1
+kind: CatalogSource
+metadata:
+ name: skupper-operator
+ namespace: openshift-marketplace
+spec:
+ image: quay.io/psehgaft/skupper-operator-index:v1.5.0
+ sourceType: grpc
diff --git a/skupper/01-Project.yml b/skupper/01-Project.yml
new file mode 100644
index 0000000..a145656
--- /dev/null
+++ b/skupper/01-Project.yml
@@ -0,0 +1,9 @@
+---
+apiVersion: config.openshift.io/v1
+kind: Project
+metadata:
+ name: skupper-operator
+ namespace: "{{ username }}"
+spec:
+ projectRequestTemplate:
+ name: "{{ username }}"
\ No newline at end of file
diff --git a/skupper/10-OperatorGroup.yaml b/skupper/10-OperatorGroup.yaml
new file mode 100644
index 0000000..989e517
--- /dev/null
+++ b/skupper/10-OperatorGroup.yaml
@@ -0,0 +1,9 @@
+---
+kind: OperatorGroup
+apiVersion: operators.coreos.com/v1
+metadata:
+ name: skupper-operator
+ namespace: "{{ username }}"
+spec:
+ targetNamespaces:
+ - "{{ username }}"
\ No newline at end of file
diff --git a/skupper/20-Subscription-cluster.yaml b/skupper/20-Subscription-cluster.yaml
new file mode 100644
index 0000000..6a2db93
--- /dev/null
+++ b/skupper/20-Subscription-cluster.yaml
@@ -0,0 +1,12 @@
+apiVersion: operators.coreos.com/v1alpha1
+kind: Subscription
+metadata:
+ name: skupper-operator
+ namespace: openshift-operators
+spec:
+ channel: alpha
+ installPlanApproval: Automatic
+ name: skupper-operator
+ source: skupper-operator
+ sourceNamespace: openshift-marketplace
+ startingCSV: skupper-operator.v1.5.0
\ No newline at end of file
diff --git a/skupper/20-Subscription.yaml b/skupper/20-Subscription.yaml
new file mode 100644
index 0000000..15a0e73
--- /dev/null
+++ b/skupper/20-Subscription.yaml
@@ -0,0 +1,13 @@
+---
+apiVersion: operators.coreos.com/v1alpha1
+kind: Subscription
+metadata:
+ name: skupper-operator
+ namespace: "{{ username }}"
+spec:
+ channel: alpha
+ installPlanApproval: Automatic
+ name: skupper-operator
+ source: skupper-operator
+ sourceNamespace: openshift-marketplace
+ startingCSV: skupper-operator.v1.5.0
\ No newline at end of file
diff --git a/submariner/submariner-install.yml b/submariner/submariner-install.yml
new file mode 100644
index 0000000..eb2df92
--- /dev/null
+++ b/submariner/submariner-install.yml
@@ -0,0 +1,20 @@
+---
+- name: Install submariner pre-reqs
+ hosts: localhost
+ gather_facts: yes
+ vars_files: ../vars/vars.yml
+ tasks:
+
+ - name: Install subctl
+ uri:
+ url: "{{ subctl_cli_url }}"
+ method: GET
+
+ - name: Get path
+ shell: echo $PATH:~/.local/bin
+ register: path
+
+ - name: Export submariner path
+ ansible.builtin.lineinfile:
+ path: ~/.profile
+ line: "export PATH=$PATH:~/.local/bin"
diff --git a/templates/namespace.yml.j2 b/templates/namespace.yml.j2
new file mode 100644
index 0000000..2dc59d0
--- /dev/null
+++ b/templates/namespace.yml.j2
@@ -0,0 +1,6 @@
+kind: Namespace
+apiVersion: v1
+metadata:
+ name: "{{ ocp_namespace_name }}"
+ labels:
+ operator: "{{ ocp_operator_name }}"
\ No newline at end of file
diff --git a/templates/operator_source.yml.j2 b/templates/operator_source.yml.j2
new file mode 100644
index 0000000..459499e
--- /dev/null
+++ b/templates/operator_source.yml.j2
@@ -0,0 +1,13 @@
+apiVersion: "operators.coreos.com/v1"
+kind: "OperatorSource"
+metadata:
+ name: "test-operators"
+ namespace: "openshift-marketplace"
+spec:
+ type: appregistry
+ endpoint: "https://quay.io/cnr"
+ registryNamespace: {{ quay_namespace }}
+ displayName: "Test Operators"
+ publisher: "CVP"
+ authorizationToken:
+ secretName: marketplacesecret
\ No newline at end of file
diff --git a/vars/vars.yml b/vars/vars.yml
new file mode 100644
index 0000000..8814576
--- /dev/null
+++ b/vars/vars.yml
@@ -0,0 +1,10 @@
+---
+username: user1 # "{{ user }}"
+subctl_cli_url: "https://get.submariner.io"
+submariner_path: "$PATH:~/.local/bin"
+
+# ACM
+acm_channel: release-2.9
+acm_source: redhat-operators
+acm_version: 2.4.2
+acm_secret_name: acm-secret
\ No newline at end of file