kuadrant-operator
kuadrant-operator copied to clipboard
Published
20 hours ago •
Kuadrant
Kuadrant
Document how to install and setup in an OpenShift cluster
What
Provide documentation on how to install and setup Kuadrant with Project sail on an OpenShift cluster
- Pre-reqs
- Versions
- Steps
Pre Reqs
- OpenShift 4.14.x
- Cert-Manager (soon will be installed as a dependency)
- Project Sail (sailoperator.v3.0.0-nightly-2024-03-25)
- Gateway API (v1)
- AWS route 53 and zone
Steps
- kubectl create ns kuadrant-system
- kubectl create ns istio-system
- Install Cert-Manager (via catalog into kuadrant-system)
- Install Project Sail (via catalog into kuadrant-system)
- Install Gateway API v1
kubectl apply -f https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.0.0/standard-install.yaml - Install Kuadrant Operator (main nightly build)
kubectl apply -f - <<EOF
apiVersion: operators.coreos.com/v1alpha1
kind: CatalogSource
metadata:
name: kuadrant-operator-catalog
namespace: kuadrant-system
spec:
sourceType: grpc
image: quay.io/kuadrant/kuadrant-operator-catalog@sha256:c4f615c3d4c808187c99f7c784b65078317235ad908d4124447be7bcd72105ec
displayName: Kuadrant Operators
publisher: grpc
EOF
- Setup AWS creds
kubectl -n istio-system create secret generic aws-credentials \
--type=kuadrant.io/aws \
--from-literal=AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID \
--from-literal=AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY
- Create CRDs (ClusterIssuer, Sail, Kuadrant)
kubectl apply -f - <<EOF
apiVersion: operator.istio.io/v1alpha1
kind: Istio
metadata:
name: default
spec:
version: v1.20.3
namespace: istio-system
# Disable autoscaling to reduce dev resources
values:
pilot:
autoscaleEnabled: false
EOF
kubectl apply -f - <<EOF
apiVersion: kuadrant.io/v1beta1
kind: Kuadrant
metadata:
name: kuadrant
namespace: kuadrant-system
spec: {}
EOF
Verify
- create a gateway
kubectl -n istio-system apply -f - <<EOF
apiVersion: gateway.networking.k8s.io/v1
kind: Gateway
metadata:
name: prod-web
spec:
gatewayClassName: istio
listeners:
- allowedRoutes:
namespaces:
from: All
name: api
hostname: "*.$ROOT_DOMAIN"
port: 80
protocol: HTTP
EOF
create a ManagedZone
kubectl -n istio-system apply -f - <<EOF
apiVersion: kuadrant.io/v1alpha1
kind: ManagedZone
metadata:
name: $ROOT_DOMAIN
spec:
id: $AWS_HOSTED_ZONE_ID
domainName: $ROOT_DOMAIN
description: "my managed zone"
dnsProviderSecretRef:
name: aws-credentials
EOF
Create a DNSPolicy
kubectl -n istio-system apply -f - <<EOF
apiVersion: kuadrant.io/v1alpha1
kind: DNSPolicy
metadata:
name: prod-web
spec:
targetRef:
name: prod-web
group: gateway.networking.k8s.io
kind: Gateway
routingStrategy: simple
EOF
Create an simple backend
kubectl create ns app
kubectl create -f https://raw.githubusercontent.com/Kuadrant/kuadrant-operator/main/examples/toystore/toystore.yaml -n app
kubectl apply -n app -f - <<EOF
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: toystore
spec:
parentRefs:
- name: prod-web
namespace: istio-system
hostnames:
- "api.$ROOT_DOMAIN"
rules:
- matches:
- method: GET
path:
type: PathPrefix
value: "/cars"
- method: GET
path:
type: PathPrefix
value: "/dolls"
backendRefs:
- name: toystore
port: 80
- matches:
- path:
type: PathPrefix
value: "/admin"
backendRefs:
- name: toystore
port: 80
EOF
Should see DNSPolicy enforced
conditions:
- lastTransitionTime: "2024-03-25T16:20:23Z"
message: DNSPolicy has been accepted
reason: Accepted
status: "True"
type: Accepted
- lastTransitionTime: "2024-03-25T16:20:23Z"
message: DNSPolicy has been successfully enforced
reason: Enforced
status: "True"
type: Enforced
