Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

data-plane components installation guide #452

Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion config/kuadrant/redis/limitador/kustomization.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -6,4 +6,4 @@ secretGenerator:
literals:
- URL=redis://172.31.0.3:30611
options:
disableNameSuffixHash: true
disableNameSuffixHash: true
2 changes: 2 additions & 0 deletions config/service-protection-install-guide/kustomization.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
resources:
- managed-cluster-addon.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
apiVersion: addon.open-cluster-management.io/v1alpha1
kind: ManagedClusterAddOn
metadata:
name: kuadrant-addon
spec:
installNamespace: open-cluster-management-agent-addon

2 changes: 1 addition & 1 deletion docs/how-to/kuadrant-hub-install.md
Original file line number Diff line number Diff line change
Expand Up @@ -163,4 +163,4 @@ clusterissuer.cert-manager.io/mgc-ca condition met

Now that you have MGC installed and configured in your hub cluster, you can now continue with any of these follow-on guides:

- Installing the Kuadrant data-plane pieces [TODO: link to this]
- Installing the [Kuadrant Service Protection components](./service-protection-setup.md)
1 change: 0 additions & 1 deletion docs/how-to/ratelimiting-shared-redis.md
Original file line number Diff line number Diff line change
Expand Up @@ -66,4 +66,3 @@ Open three windows, which we'll refer to throughout this walkthrough as:
while true; do curl -k -s -o /dev/null -w "%{http_code}\n" replace.this.with.host && sleep 1; done
```
2. You should see your host be limited to whatever limit you've chosen. This will be across **all** clusters. Meaning if you are trying to make a curl request to both clusters at the same time, it will maintain the limit and won't reset, allowing successful requests when it should be limited.

79 changes: 79 additions & 0 deletions docs/how-to/service-protection-setup.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,79 @@
# Installing Kuadrant Service Protection into an existing OCM Managed Cluster

## Introduction
This walkthrough will show you how to install and setup the Kuadrant Operator into an [OCM](https://open-cluster-management.io/) [Managed Cluster](https://open-cluster-management.io/concepts/managedcluster/).

## Prerequisites
* Access to an Open Cluster Management (>= v0.11.0) Managed Cluster, which has already been bootstrapped and registered with a hub cluster
* We have [a guide](./kuadrant-hub-install.md) which covers this in detail
* Also see:
* https://open-cluster-management.io/getting-started/quick-start/
* https://open-cluster-management.io/concepts/managedcluster/
* OLM will need to be installed into the ManagedCluster where you want to run the Kuadrant Service Protection components
* See https://olm.operatorframework.io/docs/getting-started/
maleck13 marked this conversation as resolved.
Show resolved Hide resolved
* Kuadrant uses Istio as a Gateway API provider - this will need to be installed into the data plane clusters
* We recommend installing Istio 1.17.0, including Gateway API v0.6.2
* ```bash
kubectl apply -k "github.com/kubernetes-sigs/gateway-api/config/crd?ref=v0.6.2"
```
* See also: https://istio.io/v1.17/blog/2022/getting-started-gtwapi/

jasonmadigan marked this conversation as resolved.
Show resolved Hide resolved

Alternatively, if you'd like to quickly get started locally, without having to worry to much about the pre-requisites, take a look our [Quickstart Guide](./ocm-control-plane-walkthrough.md). It will get you setup with Kind, OLM, OCM & Kuadrant in a few short steps.


## Install the Kuadrant OCM Add-On


**Note:** if you've run our [Quickstart Guide](./ocm-control-plane-walkthrough.md), you'll be set to run this command as-is.

To install the Kuadrant Service Protection components into a `ManagedCluster`, target your OCM hub cluster with `kubectl` and run:

`kubectl apply -k "github.com/kuadrant/multicluster-gateway-controller.git/config/service-protection-install-guide?ref=main" -n <your-managed-cluster>`

The above command will install the `ManagedClusterAddOn` resource needed to install the Kuadrant addon into the specified namespace, and install the Kuadrant data-plane components into the `open-cluster-management-agent-addon` namespace.

The Kuadrant addon will install:

* the Kuadrant Operator
* Limitador (and its associated operator)
* Authorino (and its associated operator)

For more details, see the Kuadrant components installed by the (kuadrant-operator)[https://github.com/Kuadrant/kuadrant-operator#kuadrant-components]

### Existing Istio installations and changing the default Istio Operator name
In the case where you have an existing Istio installation on a cluster, you may encounter an issue where the Kuadrant Operator expects Istio's Operator to be named `istiocontrolplane`.

The `istioctl` command saves the IstioOperator CR that was used to install Istio in a copy of the CR named `installed-state`.

To let the Kuadrant operator use this existing installation, set the following:

`kubectl annotate managedclusteraddon kuadrant-addon "addon.open-cluster-management.io/values"='{"IstioOperator":"installed-state"}' -n <managed spoke cluster>`

This will propogate down and update the Kuadrant Operator, used by the Kuadrant OCM Addon.

## Verify the Kuadrant addon installation

To verify the Kuadrant OCM addon has installed currently, run:
jasonmadigan marked this conversation as resolved.
Show resolved Hide resolved

```bash
kubectl wait --timeout=5m -n kuadrant-system kuadrant/kuadrant-sample --for=condition=Ready
```

You should see the namespace `kuadrant-system`, and the following pods come up:
* authorino-*value*
* authorino-operator-*value*
* kuadrant-operator-controller-manager-*value*
* limitador-*value*
* limitador-operator-controller-manager-*value*

# Further Reading
With the Kuadrant data plane components installed, here is some further reading material to help you utilise Authorino and Limitador:

[Getting started with Authorino](https://docs.kuadrant.io/authorino/)
[Getting started With Limitador](https://docs.kuadrant.io/limitador-operator/)





Loading