Feature/OADP migration SREP-1607

deploy/oadp-configuration/100-oadp.Subscription.yaml

@@ -0,0 +1,11 @@
+apiVersion: operators.coreos.com/v1alpha1
+kind: Subscription
+metadata:
+  name: redhat-oadp-operator
+  namespace: openshift-adp
+spec:
+  channel: stable-1.4
+  name: redhat-oadp-operator
+  source: redhat-operators
+  sourceNamespace: openshift-marketplace
+  installPlanApproval: Automatic

deploy/oadp-configuration/110-oadp.Namespace.yaml

@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: openshift-adp
+  labels:
+    name: openshift-adp
+    openshift.io/cluster-monitoring: "true"

deploy/oadp-configuration/120-oadp.OperatorGroup.yaml

@@ -0,0 +1,8 @@
+apiVersion: operators.coreos.com/v1
+kind: OperatorGroup
+metadata:
+  name: redhat-oadp-operator
+  namespace: openshift-adp
+spec:
+  targetNamespaces:
+  - openshift-adp

deploy/oadp-configuration/130-oadp.DataProtectionApplication.yaml

@@ -0,0 +1,36 @@
+apiVersion: oadp.openshift.io/v1alpha1
+kind: DataProtectionApplication
+metadata:
+  name: dpa-sample
+  namespace: openshift-adp
+spec:
+  configuration:
+    velero:
+      defaultPlugins:
+      - openshift
+      - aws
+      - csi
+      resourceAllocations:
+        limits:
+          cpu: "1"
+          memory: 1Gi
+        requests:
+          cpu: 500m
+          memory: 256Mi
+      logLevel: info
+      podConfig:
+        nodeSelector:
+          kubernetes.io/os: linux
+  backupLocations:
+  - velero:
+      provider: aws
+      default: true
+      config:
+        region: ${AWS_REGION}
+        profile: "default"
+      credential:
+        name: cloud-credentials
+        key: cloud
+      objectStorage:
+        bucket: ${OADP_BACKUP_BUCKET}
+        prefix: velero

deploy/oadp-configuration/140-oadp.TestBackup.yaml

@@ -0,0 +1,15 @@
+apiVersion: velero.io/v1
+kind: Backup
+metadata:
+  name: oadp-validation-backup
+  namespace: openshift-adp
+  labels:
+    managed.openshift.io/oadp-validation: "true"
+spec:
+  includedNamespaces:
+  - openshift-adp
+  excludedResources:
+  - events
+  - events.events.k8s.io
+  snapshotVolumes: false
+  ttl: 1h0m0s

deploy/oadp-configuration/OWNERS

@@ -0,0 +1,4 @@
+reviewers:
+- app-sre
+approvers:
+- app-sre

deploy/oadp-configuration/README.md

@@ -0,0 +1,77 @@
+# OADP Configuration for Red Hat Managed Clusters
+
+This directory contains OpenShift API for Data Protection (OADP) operator configurations to replace the deprecated Managed Velero Operator (MVO) on Red Hat managed clusters.
+
+## Overview
+
+OADP provides backup and restore capabilities for OpenShift clusters and is the supported data protection solution for Red Hat managed clusters going forward.
+
+## Components
+
+### Main Configuration
+- `100-oadp.Subscription.yaml` - OADP operator subscription
+- `110-oadp.Namespace.yaml` - openshift-adp namespace creation
+- `120-oadp.OperatorGroup.yaml` - Operator group for OADP
+- `130-oadp.DataProtectionApplication.yaml` - Main DPA configuration
+- `140-oadp.TestBackup.yaml` - Validation backup for testing
+
+### Hive-Specific Configuration
+- `hive-specific/config.yaml` - SelectorSyncSet configuration for Hive clusters
+- `hive-specific/05-oadp-schedule-admins-cluster.ClusterRole.yaml` - RBAC for backup management
+- `hive-specific/111-oadp.Schedules.yaml` - Backup schedule configuration
+
+## Migration from MVO
+
+This configuration replaces the Managed Velero Operator (MVO) with the following changes:
+
+1. **Namespace**: Changed from `openshift-velero` to `openshift-adp`
+2. **Operator**: Uses OADP operator instead of MVO
+3. **API**: Uses DataProtectionApplication CRD instead of VeleroInstall
+4. **RBAC**: Updated cluster roles to include OADP resources
+
+## Environment Variables
+
+The following environment variables must be configured for the DataProtectionApplication:
+
+- `OADP_BACKUP_BUCKET` - S3 bucket name for storing backups
+- `AWS_REGION` - AWS region where the bucket is located
+
+## Deployment
+
+This configuration is deployed via Hive SelectorSyncSets to clusters matching the selector criteria:
+- Clusters with `ext-managed.openshift.io/hive-shard: "true"` label
+- Excludes FedRAMP clusters
+
+## Validation
+
+After deployment, validate the installation:
+
+1. Verify OADP operator is running:
+   ```bash
+   oc get pods -n openshift-adp
+   ```
+
+2. Check DataProtectionApplication status:
+   ```bash
+   oc get dpa -n openshift-adp
+   ```
+
+3. Verify backup schedule is created:
+   ```bash
+   oc get schedule -n openshift-adp
+   ```
+
+4. Test backup creation:
+   ```bash
+   oc create -f 140-oadp.TestBackup.yaml
+   oc get backup -n openshift-adp
+   ```
+
+## Related Issues
+
+- SREP-1607: Setup OADP for RH Internal Clusters after MVO Removal
+
+## References
+
+- [OADP Documentation](https://docs.openshift.com/container-platform/latest/backup_and_restore/application_backup_and_restore/oadp-features-plugins.html)
+- [Original Velero Configuration](../velero-configuration/hive-specific/)

deploy/oadp-configuration/config.yaml

@@ -0,0 +1,13 @@
+deploymentMode: "SelectorSyncSet"
+selectorSyncSet:
+  matchExpressions:
+  - key: api.openshift.com/product
+    operator: In
+    values:
+    - osd
+    - rosa
+  - key: api.openshift.com/fedramp
+    operator: NotIn
+    values:
+    - "true"
+  resourceApplyMode: "Sync"

deploy/oadp-configuration/hive-specific/05-oadp-schedule-admins-cluster.ClusterRole.yaml

@@ -0,0 +1,25 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    managed.openshift.io/aggregate-to-dedicated-admins: "cluster"
+  name: oadp-schedule-admins-cluster
+rules:
+- apiGroups:
+  - velero.io
+  attributeRestrictions: null
+  resources:
+  - schedules
+  - backups
+  - restores
+  verbs:
+  - "*"
+- apiGroups:
+  - oadp.openshift.io
+  attributeRestrictions: null
+  resources:
+  - dataprotectionapplications
+  verbs:
+  - get
+  - list
+  - watch

deploy/oadp-configuration/hive-specific/111-oadp.Schedules.yaml

@@ -0,0 +1,29 @@
+apiVersion: velero.io/v1
+kind: Schedule
+metadata:
+  name: 5min-object-backup
+  namespace: openshift-adp
+spec:
+  schedule: '*/5 * * * *'
+  template:
+    includedNamespaces:
+    - '*'
+    excludedResources:
+    - imagetags.image.openshift.io
+    - images.image.openshift.io
+    - oauthaccesstokens.oauth.openshift.io
+    - oauthauthorizetokens.oauth.openshift.io
+    - templateinstances.template.openshift.io
+    - clusterserviceversions.operators.coreos.com
+    - packagemanifests.packages.operators.coreos.com
+    - operatorgroups.operators.coreos.com
+    - subscriptions.operators.coreos.com
+    - servicebrokers.servicecatalog.k8s.io
+    - servicebindings.servicecatalog.k8s.io
+    - serviceclasses.servicecatalog.k8s.io
+    - serviceinstances.servicecatalog.k8s.io
+    - serviceplans.servicecatalog.k8s.io
+    - events.events.k8s.io
+    - events
+    snapshotVolumes: false
+    ttl: 0h25m0s

deploy/oadp-configuration/hive-specific/config.yaml

@@ -0,0 +1,9 @@
+deploymentMode: "SelectorSyncSet"
+selectorSyncSet:
+  matchLabels:
+    ext-managed.openshift.io/hive-shard: "true"
+  matchExpressions:
+  - key: api.openshift.com/fedramp
+    operator: NotIn
+    values:
+      - "true"