Service Protection components installation guide

Update docs/how-to/service-protection-setup.md

Co-authored-by: Craig Brookes <maleck13@users.noreply.github.com>

config/kuadrant/redis/limitador/kustomization.yaml

@@ -6,4 +6,4 @@ secretGenerator:
     literals:
       -  URL=redis://172.31.0.3:30611
     options:
-      disableNameSuffixHash: true   
+      disableNameSuffixHash: true

config/service-protection-install-guide/kustomization.yaml

@@ -0,0 +1,3 @@
+resources:
+  - ../default
+  - managed-cluster-addon.yaml

config/service-protection-install-guide/managed-cluster-addon.yaml

@@ -0,0 +1,7 @@
+apiVersion: addon.open-cluster-management.io/v1alpha1
+kind: ManagedClusterAddOn
+metadata:
+ name: kuadrant-addon
+spec:
+ installNamespace: open-cluster-management-agent-addon
+

docs/how-to/kuadrant-hub-install.md

@@ -163,4 +163,4 @@ clusterissuer.cert-manager.io/mgc-ca condition met
 
 Now that you have MGC installed and configured in your hub cluster, you can now continue with any of these follow-on guides:
 
-- Installing the Kuadrant data-plane pieces [TODO: link to this]
+- Installing the [Kuadrant Service Protection components](./service-protection-setup.md)

docs/how-to/ratelimiting-shared-redis.md

@@ -66,4 +66,3 @@ Open three windows, which we'll refer to throughout this walkthrough as:
     while true; do curl -k -s -o /dev/null -w "%{http_code}\n"  replace.this.with.host && sleep 1; done
     ```
 2. You should see your host be limited to whatever limit you've chosen. This will be across **all** clusters. Meaning if you are trying to make a curl request to both clusters at the same time, it will maintain the limit and won't reset, allowing successful requests when it should be limited.
-

docs/how-to/service-protection-setup.md

@@ -0,0 +1,81 @@
+# Installing Kuadrant Service Protection into an existing OCM Managed Cluster
+
+## Introduction
+This walkthrough will show you how to install and setup the Kuadrant Operator into an [OCM](https://open-cluster-management.io/) [Managed Cluster](https://open-cluster-management.io/concepts/managedcluster/).
+
+## Prerequisites
+* Access to an Open Cluster Management (>= v0.11.0) Managed Cluster, which has already been bootstrapped and registered with a hub cluster
+  * We have [a guide](./kuadrant-hub-install.md) which covers this in detail
+  * Also see:
+    * https://open-cluster-management.io/getting-started/quick-start/
+    * https://open-cluster-management.io/concepts/managedcluster/
+* OLM will need to be installed into the ManagedCluster where you want to run the Kuadrant Service Protection components
+  * See https://olm.operatorframework.io/docs/getting-started/
+* Kuadrant uses Istio as a Gateway API provider - this will need to be installed into the data plane clusters
+  * We recommend installing Istio 1.17.0, including Gateway API v0.6.2
+  * ```bash
+    # On the Hub cluster:
+    kubectl get crd gateways.gateway.networking.k8s.io &> /dev/null || \
+    { kubectl kustomize "github.com/kubernetes-sigs/gateway-api/config/crd?ref=v0.6.2" | kubectl apply -f -; }
+    ```
+  * See also: https://istio.io/v1.17/blog/2022/getting-started-gtwapi/
+
+
+Alternatively, if you'd like to quickly get started locally, without having to worry to much about the pre-requisites, take a look our [Quickstart Guide](./ocm-control-plane-walkthrough.md). It will get you setup with Kind, OLM, OCM & Kuadrant in a few short steps.
+
+
+## Install the Kuadrant OCM Add-On
+
+
+**Note:** if you've run our [Quickstart Guide](./ocm-control-plane-walkthrough.md), you'll be set to run this command as-is.
+
+To install the Kuadrant Service Protection components into a `ManagedCluster`, target your OCM hub cluster with `kubectl` and run:
+
+`kubectl apply -k "github.com/kuadrant/multicluster-gateway-controller.git/config/service-protection-install-guide" -n <your-managed-cluster>`
+
+The above command will install the `ManagedClusterAddOn` resource needed to install the Kuadrant addon into the specified namespace, and install the Kuadrant data-plane components into the `open-cluster-management-agent-addon` namespace. 
+
+The Kuadrant addon will install:
+
+* the Kuadrant Operator
+* Limitador (and its associated operator)
+* Authorino  (and its associated operator)
+
+For more details, see the Kuadrant components installed by the (kuadrant-operator)[https://github.com/Kuadrant/kuadrant-operator#kuadrant-components]
+
+### Existing Istio installations and changing the default Istio Operator name
+In the case where you have an existing Istio installation to a cluster you may encounter an issue where the Kuadrant Operator expects Istio's Operator to be named `istiocontrolplane`.
+
+The `istioctl` command saves the IstioOperator CR that was used to install Istio in a copy of the CR named `installed-state`.
+
+To let the Kuadrant operator use this existing installation, set the following:
+
+`kubectl annotate managedclusteraddon kuadrant-addon "addon.open-cluster-management.io/values"='{"IstioOperator":"installed-state"}' -n <managed spoke cluster>`
+
+This will propogate down and update the Kuadrant Operator, used by the Kuadrant OCM Addon.
+
+## Verify the Kuadrant addon installation
+
+To verify the Kuadrant OCM addon has installed currently, run:
+
+```bash
+kubectl wait --timeout=5m -n kuadrant-system deployment/authorino-operator deployment/kuadrant-operator-controller-manager deployment/limitador-operator-controller-manager --for=condition=Available
+```
+
+You should see the namespace `kuadrant-system`, and the following pods come up:
+* authorino-*value*
+* authorino-operator-*value*
+* kuadrant-operator-controller-manager-*value*
+* limitador-*value*
+* limitador-operator-controller-manager-*value*
+
+# Further Reading
+With the Kuadrant data plane components installed, here is some further reading material to help you utilise Authorino and Limitador:
+
+[Getting started with Authorino](https://docs.kuadrant.io/authorino/)
+[Getting started With Limitador](https://docs.kuadrant.io/limitador-operator/)
+
+
+
+
+