Feature/OADP migration SREP-1607

deploy/oadp-configuration/130-oadp.DataProtectionApplication.yaml

@@ -0,0 +1,35 @@
+apiVersion: oadp.openshift.io/v1alpha1
+kind: DataProtectionApplication
+metadata:
+  name: dpa-sample
+  namespace: openshift-adp
+spec:
+  configuration:
+    velero:
+      defaultPlugins:
+      - openshift
+      - aws
+      resourceAllocations:
+        limits:
+          cpu: "1"
+          memory: 1Gi
+        requests:
+          cpu: 500m
+          memory: 256Mi
+      logLevel: info
+      podConfig:
+        nodeSelector:
+          kubernetes.io/os: linux
+  backupLocations:
+  - velero:
+      provider: aws
+      default: true
+      config:
+        region: ${AWS_REGION}
+        profile: "default"
+      credential:
+        name: cloud-credentials
+        key: cloud
+      objectStorage:
+        bucket: ${OADP_BACKUP_BUCKET}
+        prefix: velero

deploy/oadp-configuration/140-oadp.TestBackup.yaml

@@ -0,0 +1,15 @@
+apiVersion: velero.io/v1
+kind: Backup
+metadata:
+  name: oadp-validation-backup
+  namespace: openshift-adp
+  labels:
+    managed.openshift.io/oadp-validation: "true"
+spec:
+  includedNamespaces:
+  - openshift-adp
+  excludedResources:
+  - events
+  - events.events.k8s.io
+  snapshotVolumes: false
+  ttl: 1h0m0s

deploy/oadp-configuration/OWNERS

@@ -0,0 +1,7 @@
+reviewers:
+- srep-functional-leads
+- srep-team-leads
+- srep-functional-team-hulk
+approvers:
+- srep-team-leads
+- srep-functional-team-hulk

deploy/oadp-configuration/README.md

@@ -0,0 +1,81 @@
+# OADP Configuration for Red Hat Managed Clusters (Enable-Only)
+
+This directory contains OpenShift API for Data Protection (OADP) configurations to enable backup and restore functionality on clusters where the OADP operator is already installed.
+
+## Overview
+
+OADP provides backup and restore capabilities for OpenShift clusters and is the supported data protection solution for Red Hat managed clusters going forward. This configuration assumes the OADP operator is pre-installed and only enables/configures the backup functionality.
+
+## Prerequisites
+
+- OADP operator must be pre-installed in `openshift-adp` namespace
+- Cloud credentials must be properly configured for backup storage access
+- Environment variables `${OADP_BACKUP_BUCKET}` and `${AWS_REGION}` must be set
+
+## Components
+
+### Main Configuration
+- `130-oadp.DataProtectionApplication.yaml` - Main DPA configuration (enables OADP)
+- `140-oadp.TestBackup.yaml` - Validation backup for testing
+
+### Hive-Specific Configuration
+- `hive-specific/config.yaml` - SelectorSyncSet configuration for Hive clusters
+- `hive-specific/05-oadp-schedule-admins-cluster.ClusterRole.yaml` - RBAC for backup management
+- `hive-specific/111-oadp.Schedules.yaml` - Backup schedule configuration
+
+## Migration from MVO
+
+This configuration replaces the Managed Velero Operator (MVO) with the following changes:
+
+1. **Namespace**: Changed from `openshift-velero` to `openshift-adp`
+2. **Operator**: Uses OADP operator instead of MVO
+3. **API**: Uses DataProtectionApplication CRD instead of VeleroInstall
+4. **RBAC**: Updated cluster roles to include OADP resources
+
+## Environment Variables
+
+The following environment variables must be configured for the DataProtectionApplication:
+
+- `OADP_BACKUP_BUCKET` - S3 bucket name for storing backups
+- `AWS_REGION` - AWS region where the bucket is located
+
+## Deployment
+
+This configuration is deployed via Hive SelectorSyncSets to clusters matching the selector criteria:
+- Clusters with `ext-managed.openshift.io/hive-shard: "true"` label
+- Excludes FedRAMP clusters
+
+## Validation
+
+After deployment, validate the OADP configuration:
+
+1. Verify OADP operator is already running (prerequisite):
+   ```bash
+   oc get pods -n openshift-adp
+   ```
+
+2. Check DataProtectionApplication was created and is ready:
+   ```bash
+   oc get dpa -n openshift-adp
+   oc describe dpa dpa-sample -n openshift-adp
+   ```
+
+3. Verify backup schedule is created:
+   ```bash
+   oc get schedule -n openshift-adp
+   ```
+
+4. Test backup creation:
+   ```bash
+   oc create -f 140-oadp.TestBackup.yaml
+   oc get backup -n openshift-adp
+   ```
+
+## Related Issues
+
+- SREP-1607: Setup OADP for RH Internal Clusters after MVO Removal
+
+## References
+
+- [OADP Documentation](https://docs.openshift.com/container-platform/latest/backup_and_restore/application_backup_and_restore/oadp-features-plugins.html)
+- [Original Velero Configuration](../velero-configuration/hive-specific/)

deploy/oadp-configuration/config.yaml

@@ -0,0 +1,13 @@
+deploymentMode: "SelectorSyncSet"
+selectorSyncSet:
+  matchExpressions:
+  - key: api.openshift.com/product
+    operator: In
+    values:
+    - osd
+    - rosa
+  - key: api.openshift.com/fedramp
+    operator: NotIn
+    values:
+    - "true"
+  resourceApplyMode: "Sync"

deploy/oadp-configuration/hive-specific/05-oadp-schedule-admins-cluster.ClusterRole.yaml

@@ -0,0 +1,25 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    managed.openshift.io/aggregate-to-dedicated-admins: "cluster"
+  name: oadp-schedule-admins-cluster
+rules:
+- apiGroups:
+  - velero.io
+  attributeRestrictions: null
+  resources:
+  - schedules
+  - backups
+  - restores
+  verbs:
+  - "*"
+- apiGroups:
+  - oadp.openshift.io
+  attributeRestrictions: null
+  resources:
+  - dataprotectionapplications
+  verbs:
+  - get
+  - list
+  - watch

deploy/oadp-configuration/hive-specific/111-oadp.Schedules.yaml

@@ -0,0 +1,29 @@
+apiVersion: velero.io/v1
+kind: Schedule
+metadata:
+  name: 5min-object-backup
+  namespace: openshift-adp
+spec:
+  schedule: '*/5 * * * *'
+  template:
+    includedNamespaces:
+    - '*'
+    excludedResources:
+    - imagetags.image.openshift.io
+    - images.image.openshift.io
+    - oauthaccesstokens.oauth.openshift.io
+    - oauthauthorizetokens.oauth.openshift.io
+    - templateinstances.template.openshift.io
+    - clusterserviceversions.operators.coreos.com
+    - packagemanifests.packages.operators.coreos.com
+    - operatorgroups.operators.coreos.com
+    - subscriptions.operators.coreos.com
+    - servicebrokers.servicecatalog.k8s.io
+    - servicebindings.servicecatalog.k8s.io
+    - serviceclasses.servicecatalog.k8s.io
+    - serviceinstances.servicecatalog.k8s.io
+    - serviceplans.servicecatalog.k8s.io
+    - events.events.k8s.io
+    - events
+    snapshotVolumes: false
+    ttl: 0h25m0s

deploy/oadp-configuration/hive-specific/config.yaml

@@ -0,0 +1,9 @@
+deploymentMode: "SelectorSyncSet"
+selectorSyncSet:
+  matchLabels:
+    ext-managed.openshift.io/hive-shard: "true"
+  matchExpressions:
+  - key: api.openshift.com/fedramp
+    operator: NotIn
+    values:
+      - "true"

deploy/oadp-operator-install/100-oadp.Subscription.yaml

@@ -0,0 +1,11 @@
+apiVersion: operators.coreos.com/v1alpha1
+kind: Subscription
+metadata:
+  name: openshift-adp
+  namespace: openshift-adp
+spec:
+  channel: stable
+  name: redhat-oadp-operator
+  source: redhat-operators
+  sourceNamespace: openshift-marketplace
+  installPlanApproval: Automatic

deploy/oadp-operator-install/110-oadp.Namespace.yaml

@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: openshift-adp
+  labels:
+    name: openshift-adp
+    openshift.io/cluster-monitoring: "true"

deploy/oadp-operator-install/120-oadp.OperatorGroup.yaml

@@ -0,0 +1,8 @@
+apiVersion: operators.coreos.com/v1
+kind: OperatorGroup
+metadata:
+  name: oadp-operator-group
+  namespace: openshift-adp
+spec:
+  targetNamespaces:
+  - openshift-adp

deploy/oadp-operator-install/OWNERS

@@ -0,0 +1,7 @@
+reviewers:
+- srep-functional-leads
+- srep-team-leads
+- srep-functional-team-hulk
+approvers:
+- srep-team-leads
+- srep-functional-team-hulk

deploy/oadp-operator-install/README.md

@@ -0,0 +1,49 @@
+# OADP Operator Installation for Hive Clusters
+
+This directory contains OpenShift API for Data Protection (OADP) operator installation manifests specifically for Hive-managed clusters.
+
+## Overview
+
+This configuration installs the OADP operator on Hive clusters only. It is designed to work alongside the main OADP configuration in `/deploy/oadp-configuration/` which provides the DataProtectionApplication and backup schedules.
+
+## Target Clusters
+
+This installation targets **Hive clusters only**:
+- Clusters with `ext-managed.openshift.io/hive-shard: "true"` label
+- Excludes FedRAMP clusters
+
+## Components
+
+- `100-oadp.Subscription.yaml` - OADP operator subscription
+- `110-oadp.Namespace.yaml` - openshift-adp namespace creation
+- `120-oadp.OperatorGroup.yaml` - Operator group for OADP
+
+## Deployment Strategy
+
+1. **Phase 1**: This configuration installs OADP operator on Red Hat clusters
+2. **Phase 2**: The `/deploy/oadp-configuration/` enables OADP with DataProtectionApplication
+3. **Phase 3**: Remove MVO from clusters where OADP is successfully running
+
+## Validation
+
+After deployment, verify the operator installation:
+
+```bash
+# Check operator is installed
+oc get csv -n openshift-adp | grep oadp
+
+# Check operator pods are running
+oc get pods -n openshift-adp
+
+# Verify operator group and subscription
+oc get operatorgroup,subscription -n openshift-adp
+```
+
+## Related Issues
+
+- SREP-1607: Setup OADP for RH Internal Clusters after MVO Removal
+
+## References
+
+- [OADP Documentation](https://docs.openshift.com/container-platform/latest/backup_and_restore/application_backup_and_restore/oadp-features-plugins.html)
+- [Main OADP Configuration](../oadp-configuration/)

deploy/oadp-operator-install/config.yaml

@@ -0,0 +1,9 @@
+deploymentMode: "SelectorSyncSet"
+selectorSyncSet:
+  matchLabels:
+    ext-managed.openshift.io/hive-shard: "true"
+  matchExpressions:
+  - key: api.openshift.com/fedramp
+    operator: NotIn
+    values:
+      - "true"