operators

README.md

@@ -90,7 +90,7 @@ ansible-playbook submariner/submariner-install.yml
 **_NOTE:_** This part of the laboratory has already been provisioned, to focus on the deployment of the ecosystem's own services.
 
 <details>
-<summary> Deploy ACM </summary>
+<summary> Deploy Advanced Cluster Management for Kubernetes </summary>
 
 You can use either the OpenShift 4 web console's built-in OperatorHub or the OpenShift CLI to install ACM. The installation breaks down to six steps:
 
@@ -114,49 +114,61 @@ ansible-playbook lab-deployment.yml --tags acm
 
 ### Configure Submariner
 
-### Deploy Skupper Operator
+## Security and Data Protection
 
-If you want to try a cluster-wide installation, you don't need to create the `OperatorGroup` as it is already defined at the destination namespaces, so you just need to create the subscription at the correct namespaces, see below.
+**_NOTE:_** This part of the laboratory has already been provisioned, to focus on the deployment of the ecosystem's own services.
 
-```sh
-# Create a Project
-oc new-project "{{ username }}"
+<details>
+<summary> Deploy Advanced Cluster Security for Kubernetes </summary>
 
-# Creating a CatalogSource in the `openshift-marketplace` namespace
-oc apply -f ocp/00-CatalogSource.yaml
+When RHACM is available, you can create RHACM policies to deploy RHACS to your cluster fleet. This approach ensures that all fleet clusters are protected by RHACS.
 
-# Wait for the skupper-operator catalog pod to be running
-oc -n openshift-marketplace get pods | grep skupper-operator
+To implement RHACS, you must create two policies in RHACM, one for centralized services and one for protected cluster services. The policy to install centralized services must be applied to the hub cluster. The policy for installing protected cluster services must be applied to the clusters that you want RHACS to protect. You can achieve this separation by using a clusterSelector parameter of the PlacementRule object.
 
-# Create an OperatorGroup in the `my-namespace` namespace
-oc apply -f ocp/10-OperatorGroup.yaml
+```vars.yml
+ansible-playbook lab-deployment.yml --tags acs
+```
+</details>
 
+<details>
+<summary> Deploy Openshift Data Protection </summary>
 
-oc apply -f ocp /20-Subscription-cluster.yaml
+When RHACM is available, you can create RHACM policies to deploy RHACS to your cluster fleet. This approach ensures that all fleet clusters are protected by RHACS.
 
-# Create a Subscription in the `my-namespace` namespace
-oc apply -f ocp/20-Subscription.yaml
-```
+To implement RHACS, you must create two policies in RHACM, one for centralized services and one for protected cluster services. The policy to install centralized services must be applied to the hub cluster. The policy for installing protected cluster services must be applied to the clusters that you want RHACS to protect. You can achieve this separation by using a clusterSelector parameter of the PlacementRule object.
 
-### Configure Skupper
+```vars.yml
+ansible-playbook lab-deployment.yml --tags oadp
+```
+</details>
 
-## Security and Data Protection
+## Monitoring and Follow-up
 
 **_NOTE:_** This part of the laboratory has already been provisioned, to focus on the deployment of the ecosystem's own services.
 
 <details>
-<summary> Deploy ACS </summary>
+<summary> Deploy Openshift Monitoring </summary>
 
-When RHACM is available, you can create RHACM policies to deploy RHACS to your cluster fleet. This approach ensures that all fleet clusters are protected by RHACS.
-
-To implement RHACS, you must create two policies in RHACM, one for centralized services and one for protected cluster services. The policy to install centralized services must be applied to the hub cluster. The policy for installing protected cluster services must be applied to the clusters that you want RHACS to protect. You can achieve this separation by using a clusterSelector parameter of the PlacementRule object.
+```vars.yml
+ansible-playbook lab-deployment.yml --tags acs
+```
+</details>
+<details>
+<summary> Deploy Openshift Logging </summary>
 
 ```vars.yml
 ansible-playbook lab-deployment.yml --tags acs
 ```
 </details>
+<details>
+<summary> Deploy Thanos </summary>
+
+```vars.yml
+ansible-playbook lab-deployment.yml --tags thanos
+```
+</details>
+
 
-## Monitoring and Follow-up
 ## Testing and Continuous Deployment
 ## Cultural and Organizational Change
 ## Network Overload and Latency
@@ -168,6 +180,32 @@ ansible-playbook lab-deployment.yml --tags acs
 
 ### Hybrid Cloud Balancing
 
+### Deploy Skupper Operator
+
+If you want to try a cluster-wide installation, you don't need to create the `OperatorGroup` as it is already defined at the destination namespaces, so you just need to create the subscription at the correct namespaces, see below.
+
+```sh
+# Create a Project
+oc new-project "{{ username }}"
+
+# Creating a CatalogSource in the `openshift-marketplace` namespace
+oc apply -f ocp/00-CatalogSource.yaml
+
+# Wait for the skupper-operator catalog pod to be running
+oc -n openshift-marketplace get pods | grep skupper-operator
+
+# Create an OperatorGroup in the `my-namespace` namespace
+oc apply -f ocp/10-OperatorGroup.yaml
+
+
+oc apply -f ocp /20-Subscription-cluster.yaml
+
+# Create a Subscription in the `my-namespace` namespace
+oc apply -f ocp/20-Subscription.yaml
+```
+
+### Configure Skupper
+
 ### DRP
 
 ### Backup

lab-deployment.yml

@@ -54,7 +54,7 @@
     - acm
     - full
 
-  - name: Create a project open-cluster-management
+  - name: Create a project managed-cluster
     community.kubernetes.k8s:
       state: present
       resource_definition:
@@ -92,7 +92,7 @@
 ####################################################################
 # Deploy ACS on Openshift
 ####################################################################
-  - name: Create a project open-cluster-management
+  - name: Create a project rhacs-operator
     community.kubernetes.k8s:
       state: present
       resource_definition:
@@ -104,14 +104,58 @@
     - acs
     - full
 
-  - name: Deploy KlusterletAddonConfig 
+  - name: Deploy ASC Policy
     community.kubernetes.k8s:
       state: present
       src: "acs/policy-acs-operator-secured-clusters.yml"
     tags:
     - acs
     - full
 
-
+####################################################################
+# Deploy OADP on Openshift
+####################################################################  
+
+  - name: Create a project open-cluster-management
+    community.kubernetes.k8s:
+      state: present
+      resource_definition:
+        apiVersion: project.openshift.io/v1
+        kind: Project
+        metadata:
+          name: openshift-adp
+    tags:
+    - oadp
+    - full
+
+  - name: Deploy OADP Policy 
+    community.kubernetes.k8s:
+      state: present
+      src: "oadp/policy-oadp.yaml"
+    tags:
+    - oadp
+    - full
 
+####################################################################
+# Deploy Thanos on Openshift
+####################################################################  
 
+  - name: Create a project openshift-monitoring
+    community.kubernetes.k8s:
+      state: present
+      resource_definition:
+        apiVersion: project.openshift.io/v1
+        kind: Project
+        metadata:
+          name: openshift-monitoring
+    tags:
+    - thanos
+    - full
+
+  - name: Deploy Thanos Policy 
+    community.kubernetes.k8s:
+      state: present
+      src: "thanos/thanos-deployment.yaml"
+    tags:
+    - thanos
+    - full

oadp/policy-oadp.yaml

@@ -0,0 +1,129 @@
+apiVersion: policy.open-cluster-management.io/v1
+kind: Policy
+metadata:
+  name: "policy-oadp-operator"
+  namespace: openshift-adp
+spec:
+  disabled: false
+  policy-templates:
+    - objectDefinition:
+        apiVersion: policy.open-cluster-management.io/v1
+        kind: ConfigurationPolicy
+        metadata:
+          name: policy-oadp-namespace
+          namespace: openshift-adp
+        spec:
+          object-templates:
+            - complianceType: musthave
+              objectDefinition:
+                apiVersion: v1
+                kind: Namespace
+                metadata:
+                  name: openshift-adp
+                  labels:
+                    openshift.io/cluster-monitoring: "true"
+          remediationAction: inform
+          severity: high
+    - objectDefinition:
+        apiVersion: policy.open-cluster-management.io/v1
+        kind: ConfigurationPolicy
+        metadata:
+          name: policy-oadp-operator-operatorgroup
+          namespace: openshift-adp
+        spec:
+          object-templates:
+            - complianceType: musthave
+              objectDefinition:
+                apiVersion: operators.coreos.com/v1alpha2
+                kind: OperatorGroup
+                metadata:
+                  name: openshift-adp-operatorgroup
+                  namespace: openshift-adp
+                spec:
+                  targetNamespaces:
+                    - openshift-adp
+          remediationAction: inform
+          severity: high
+    - objectDefinition:
+        apiVersion: policy.open-cluster-management.io/v1
+        kind: ConfigurationPolicy
+        metadata:
+          name: policy-oadp-operator-subscription
+          namespace: openshift-adp
+        spec:
+          object-templates:
+            - complianceType: musthave
+              objectDefinition:
+                apiVersion: operators.coreos.com/v1alpha1
+                kind: Subscription
+                metadata:
+                  name: redhat-oadp-operator
+                  namespace: openshift-adp
+                spec:
+                  channel: stable
+                  installPlanApproval: Automatic
+                  name: redhat-oadp-operator
+                  source: redhat-operators
+                  sourceNamespace: openshift-marketplace
+          remediationAction: inform
+          severity: high
+    - objectDefinition:
+        apiVersion: policy.open-cluster-management.io/v1
+        kind: ConfigurationPolicy
+        metadata:
+          name: policy-dataprotectionapplication
+          namespace: openshift-adp
+        spec:
+          object-templates:
+            - complianceType: musthave
+              objectDefinition:
+                apiVersion: oadp.openshift.io/v1alpha1
+                kind: DataProtectionApplication
+                metadata:
+                  name: cluster-dpa
+                  namespace: openshift-adp
+                spec:
+                  backupImages: false
+                  configuration:
+                    restic:
+                      enable: true
+                    velero:
+                      defaultPlugins:
+                        - openshift
+                        - aws
+                        - kubevirt
+                        - csi
+                      noDefaultBackupLocation: true
+          remediationAction: inform
+          severity: low
+  remediationAction: enforce
+---
+apiVersion: policy.open-cluster-management.io/v1
+kind: PlacementBinding
+metadata:
+ name: binding-policy-oadp-operator
+ namespace: openshift-adp
+placementRef:
+ apiGroup: apps.open-cluster-management.io
+ kind: PlacementRule
+ name: placement-policy-oadp-operator
+subjects:
+ - apiGroup: policy.open-cluster-management.io
+   kind: Policy
+   name: policy-oadp-operator
+---
+apiVersion: apps.open-cluster-management.io/v1
+kind: PlacementRule
+metadata:
+ name: placement-policy-oadp-operator
+ namespace: openshift-adp
+spec:
+ clusterConditions:
+   - status: 'True'
+     type: ManagedClusterConditionAvailable
+ clusterSelector:
+   matchExpressions:
+     - key: environment
+       operator: In
+       values:
+         - dev