Skip to content

Feature/OADP migration SREP-1607 #2531

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 13 commits into
base: master
Choose a base branch
from
Open

Feature/OADP migration SREP-1607 #2531

wants to merge 13 commits into from

Conversation

@charlesgong
Copy link
Contributor

@charlesgong charlesgong commented Sep 23, 2025
edited by openshift-ci bot
Loading

What type of PR is this?

(bug/feature/cleanup/documentation)
feature

What this PR does / why we need it?

  • Add OpenShift API for Data Protection (OADP) operator deployment manifests
  • Migrate existing Velero configuration to OADP-compatible format
  • Update namespace from openshift-velero to openshift-adp
  • Include hive-specific configurations for cluster targeting
  • Add RBAC for backup schedule management
  • Use environment variables for bucket configuration (${OADP_BACKUP_BUCKET}, ${AWS_REGION})
  • Provide validation backup configuration for testing
  • Document migration from MVO to OADP

Which Jira/Github issue(s) this PR fixes?

SREP-1607

Fixes #

Special notes for your reviewer:

Pre-checks (if applicable):

  • Tested latest changes against a cluster

  • Included documentation changes with PR

  • If this is a new object that is not intended for the FedRAMP environment (if unsure, please reach out to team FedRAMP), please exclude it with:

    matchExpressions:
- key: api.openshift.com/fedramp
  operator: NotIn
  values: ["true"]

charlesgong and others added 2 commits September 24, 2025 10:54
@charlesgong
Add OADP configuration to replace MVO for Red Hat managed clusters
f891f63
@charlesgong @claude
Use environment variables for OADP bucket configuration
e17c1b3 
- Replace hardcoded bucket name with ${OADP_BACKUP_BUCKET}
- Replace hardcoded AWS region with ${AWS_REGION}
- Document required environment variables in README

This allows for proper configuration management and avoids
hardcoded values that would be inappropriate for production.

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <[email protected]>
@openshift-ci
Copy link
Contributor

openshift-ci bot commented Sep 23, 2025

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: charlesgong
Once this PR has been reviewed and has the lgtm label, please assign xiaoyu74 for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci openshift-ci bot added the do-not-merge/invalid-owners-file Indicates that a PR should not merge because it has an invalid OWNERS file in it. label Sep 23, 2025
@charlesgong
Copy link
Contributor Author

/hold need confirmation of owners

@openshift-ci openshift-ci bot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Sep 23, 2025
rbhilare
rbhilare reviewed Sep 24, 2025
View reviewed changes
@charlesgong
Address reviewer feedback for OADP configuration
2997192 
- Remove CSI plugin from DataProtectionApplication (not needed without snapshots)
- Update subscription channel from 'stable-1.4' to 'stable' for latest version
- Fix OperatorGroup name from 'redhat-oadp-operator' to 'oadp-operator-group'
- Fix Subscription name from 'redhat-oadp-operator' to 'openshift-adp'

These changes align with testing recommendations and best practices.
@charlesgong
Update OWNERS file with correct SREP team assignments
7abe844 
- Set reviewers to srep-functional-leads and srep-team-leads
- Set approvers to srep-team-leads
- Aligns with team structure for OADP/backup related changes
@charlesgong
Copy link
Contributor Author

/unhold

@openshift-ci openshift-ci bot removed do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. do-not-merge/invalid-owners-file Indicates that a PR should not merge because it has an invalid OWNERS file in it. labels Sep 24, 2025
@charlesgong
Add generated template files for OADP configuration
b0bed6d 
Generated by running 'make' to create SelectorSyncSet templates
for integration, staging, and production environments.

This resolves the CI build error requiring generated files.
@ravitri
Copy link
Member

ravitri commented Sep 25, 2025

/hold

@openshift-ci openshift-ci bot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Sep 25, 2025
@charlesgong
Add srep-functional-team-hulk to OADP configuration OWNERS
191817a 
- Add srep-functional-team-hulk as reviewer and approver
- Ensures team hulk can review and approve OADP/backup related changes
@openshift-ci openshift-ci bot added the do-not-merge/invalid-owners-file Indicates that a PR should not merge because it has an invalid OWNERS file in it. label Sep 25, 2025
@charlesgong
Convert OADP configuration to enable-only mode
08635ec 
- Remove operator installation files (Subscription, Namespace, OperatorGroup)
- Keep only DataProtectionApplication and related configuration files
- Update README to reflect enable-only approach with prerequisites
- This assumes OADP operator is pre-installed on target clusters

Benefits:
- Safer deployment (no operator installation conflicts)
- Works with existing OADP installations
- Focuses on configuration rather than installation

Files removed:
- 100-oadp.Subscription.yaml (operator installation)
- 110-oadp.Namespace.yaml (namespace creation)
- 120-oadp.OperatorGroup.yaml (operator group setup)

Files kept:
- 130-oadp.DataProtectionApplication.yaml (main config)
- 140-oadp.TestBackup.yaml (validation)
- hive-specific/ configurations (RBAC, schedules)

Addresses feedback for SREP-1607 migration strategy.
@charlesgong
Add OADP operator installation for Red Hat managed clusters
45bd460 
- Create deploy/oadp-operator-install/ directory for Red Hat managed clusters
- Add operator installation manifests (Subscription, Namespace, OperatorGroup)
- Target clusters with api.openshift.com/customer=redhat selector
- Exclude FedRAMP and customer production clusters
- Update generated Hive templates via make

Components:
- 100-oadp.Subscription.yaml - OADP operator subscription
- 110-oadp.Namespace.yaml - openshift-adp namespace creation
- 120-oadp.OperatorGroup.yaml - Operator group setup
- config.yaml - SelectorSyncSet targeting Red Hat clusters
- OWNERS - Team ownership (srep-functional-leads, srep-team-leads, srep-functional-team-hulk)
- README.md - Documentation for Red Hat cluster installation

This complements the existing deploy/oadp-configuration/ which provides
enable-only functionality for clusters with pre-installed OADP operators.

Deployment Strategy:
1. Install OADP operator on Red Hat managed clusters (this config)
2. Enable OADP with DataProtectionApplication (existing config)
3. Remove MVO after successful OADP deployment

Addresses SREP-1607: Setup OADP for RH Internal Clusters after MVO Removal
@charlesgong
Update OADP operator installation to target Hive clusters only
e4f3b07 
- Change config.yaml selector to match Hive clusters specifically
- Use ext-managed.openshift.io/hive-shard: "true" label selector
- Exclude FedRAMP clusters only (remove custom customer filtering)
- Update README to reflect Hive-only targeting
- Regenerate Hive templates via make

This aligns with leadership guidance to focus OADP operator
installation on Hive-managed clusters specifically, following
the same pattern as the existing velero-configuration.

Target clusters:
- ext-managed.openshift.io/hive-shard: "true"
- NOT api.openshift.com/fedramp: "true"

Addresses feedback on SREP-1607 implementation strategy.
ravitri
ravitri reviewed Sep 29, 2025
View reviewed changes
deploy/velero-configuration/hive-specific/130-oadp.DataProtectionApplication.yaml
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we move all the OADP configuration to https://github.com/openshift/managed-cluster-config/tree/master/deploy/velero-configuration/hive-specific directory such that it's known and clear that the configuration is only meant for Hive clusters?

@charlesgong
Consolidate OADP configuration into velero-configuration/hive-specific
4d07af9 
Move all OADP operator installation and configuration files to the
existing velero-configuration/hive-specific directory to make it
clear that this configuration is only for Hive clusters.

Changes:
✅ Moved OADP operator installation to velero-configuration/hive-specific/
   - 100-oadp.Subscription.yaml (operator subscription)
   - 110-oadp.Namespace.yaml (openshift-adp namespace)
   - 120-oadp.OperatorGroup.yaml (operator group)

✅ Moved OADP configuration to velero-configuration/hive-specific/
   - 130-oadp.DataProtectionApplication.yaml (main DPA config)
   - 140-oadp.TestBackup.yaml (validation backup)

✅ Replaced legacy Velero files with OADP equivalents:
   - 05-oadp-schedule-admins-cluster.ClusterRole.yaml (replaces velero version)
   - 111-oadp.Schedules.yaml (replaces velero schedules)

✅ Removed separate OADP directories:
   - deploy/oadp-configuration/ (consolidated into velero-configuration)
   - deploy/oadp-operator-install/ (consolidated into velero-configuration)

✅ Added comprehensive README.md documenting the OADP migration strategy

✅ Regenerated Hive templates via make

Target Clusters: Hive clusters with ext-managed.openshift.io/hive-shard=true
Excludes: FedRAMP clusters

This consolidation makes it clear that OADP is the Hive-specific
replacement for MVO and provides a single location for all
backup/restore configuration targeting Hive clusters.

Addresses SREP-1607: Setup OADP for RH Internal Clusters after MVO Removal
@openshift-ci openshift-ci bot removed the do-not-merge/invalid-owners-file Indicates that a PR should not merge because it has an invalid OWNERS file in it. label Sep 29, 2025
@charlesgong
Copy link
Contributor Author

/hold commit is untested

charlesgong and others added 3 commits September 29, 2025 16:00
@charlesgong
Add resourceApplyMode: Upsert for safe OADP deployment
7c6ca71 
Critical fix for SyncSet resource management during MVO to OADP migration.

Changes:
✅ Add resourceApplyMode: "Upsert" to hive-specific config.yaml
✅ Update README with detailed migration strategy documentation
✅ Regenerate Hive templates with updated configuration

Why this is critical:
- Without explicit resourceApplyMode, defaults to "Upsert"
- Ensures old Velero resources are NOT automatically deleted
- Allows safe coexistence of MVO and OADP during transition
- Prevents resource conflicts during deployment

Migration Strategy:
Phase 1 (this PR): Deploy OADP with Upsert mode
- ✅ OADP resources created alongside existing Velero resources
- ✅ Both backup systems can coexist safely
- ✅ No automatic deletion of existing resources

Phase 2 (future): Validate OADP functionality
Phase 3 (future): Clean up old resources with Sync mode

References:
- https://github.com/openshift/hive/blob/master/docs/syncset.md
- SREP-1607: Setup OADP for RH Internal Clusters after MVO Removal

This addresses the resource naming conflicts identified during
migration planning and ensures a safe deployment path.
@charlesgong @claude
Fix OADP subscription channel from 'stable' to 'stable-1.4'
2bab8d0 
- Changed channel from 'stable' to 'stable-1.4' in OADP Subscription
- The generic 'stable' channel does not exist for redhat-oadp-operator
- 'stable-1.4' is the default channel and provides OADP v1.4.5
- Tested and validated on oadp-test-cluster (OpenShift 4.18.24)
- Resolves subscription installation failures

Related: SREP-1607

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <[email protected]>
@charlesgong @claude
Generate Hive templates after OADP channel fix
1be082c 
- Updated all environment templates (integration/stage/production)
- Propagated channel change from 'stable' to 'stable-1.4' to templates
- Generated via 'make' command as required before push

Related: SREP-1607

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <[email protected]>
@charlesgong
Copy link
Contributor Author

/unhold tested in personal cluster

@openshift-ci openshift-ci bot removed the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Sep 29, 2025
@openshift-ci
Copy link
Contributor

openshift-ci bot commented Sep 29, 2025

@charlesgong: all tests passed!

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

@Tafhim
Copy link
Contributor

Tafhim commented Oct 9, 2025

/hold

@openshift-ci openshift-ci bot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Oct 9, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@hectorakemp hectorakemp Awaiting requested review from hectorakemp

@zmird-r zmird-r Awaiting requested review from zmird-r

2 more reviewers

@ravitri ravitri ravitri left review comments

@rbhilare rbhilare rbhilare left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@charlesgong @ravitri @Tafhim @rbhilare