HYPERFLEET-610: Add OCI/OKE deployment targets

Makefile

@@ -1,12 +1,14 @@
 
 .DEFAULT_GOAL := help
 
-# Possible envs are gcp, e2e-gcp, kind, e2e-kind
+# Possible envs are gcp, e2e-gcp, kind, e2e-kind, oci
 # Default to gcp
 HELMFILE_ENV ?= gcp
 
 
-ifeq ($(findstring gcp,$(HELMFILE_ENV)),)
+ifeq ($(HELMFILE_ENV),oci)
+	-include env.oci
+else ifeq ($(findstring gcp,$(HELMFILE_ENV)),)
 	-include env.kind
 else
 	-include env.gcp
@@ -273,8 +275,9 @@ check-helmfile-env-generated: ## Check that the generated directory exists based
 	elif [ "$(HELMFILE_ENV)" = "kind" ]; then \
 		test -d $(GENERATED_RABBITMQ_DIR) || { echo "ERROR: generated-values-rabbitmq directory does not exist"; exit 1; }; \
 		echo "OK: generated-values-rabbitmq directory exists"; \
+	else \
+		echo "OK: no generated values needed for environment: $(HELMFILE_ENV)"; \
 	fi
-	@echo "OK: Did not need to validate generated values for environment: $(HELMFILE_ENV)"
 
 
 .PHONY: check-kubectl-context
@@ -299,9 +302,12 @@ check-kubectl-context: check-kubectl ## Verify kubectl context matches HELMFILE_
 				exit 1; \
 			fi \
 			;; \
+		oci) \
+			echo "OK: connected to OCI/OKE cluster (context: $$CONTEXT)"; \
+			;; \
 		*) \
 			echo "ERROR: invalid HELMFILE_ENV: $(HELMFILE_ENV)"; \
-			echo "       Valid values: gcp, e2e-gcp, kind, e2e-kind"; \
+			echo "       Valid values: gcp, e2e-gcp, kind, e2e-kind, oci"; \
 			exit 1 \
 			;; \
 	esac \
@@ -372,7 +378,7 @@ help: ## Show this help message
 	@echo ""
 	@echo "Usage: make [target] [VARIABLE=value ...]"
 	@echo ""
-	@echo "Environment: HELMFILE_ENV=$(HELMFILE_ENV) (gcp|kind|e2e-gcp|e2e-kind)"
+	@echo "Environment: HELMFILE_ENV=$(HELMFILE_ENV) (gcp|kind|e2e-gcp|e2e-kind|oci)"
 	@echo ""
 	@awk '/^# ====/ { \
 		section = $$0; \
@@ -397,6 +403,16 @@ help: ## Show this help message
 
 
 
+# ==== OCI/OKE Deployment Targets ====
+
+.PHONY: install-all-oci
+install-all-oci: check-helmfile-env ## Full OCI/OKE install (rabbitmq + api + sentinel + adapter1 via helmfile)
+	helmfile -f helmfile/helmfile.yaml.gotmpl -e $(HELMFILE_ENV) apply
+
+.PHONY: uninstall-all-oci
+uninstall-all-oci: check-helmfile-env ## Uninstall all OCI components
+	helmfile -f helmfile/helmfile.yaml.gotmpl -e $(HELMFILE_ENV) destroy
+
 # ==== CI Targets ====
 # ci-dry-run: validation on terraform and helm plugins and maestro helm chart
 # ci-test: Run terraform install + maestro install + health check on maestro

env.oci

@@ -0,0 +1,25 @@
+# OCI/OKE Installation Configuration
+RABBITMQ_URL ?= "amqp://guest:guest@rabbitmq:5672"
+API_SERVICE_TYPE ?= ClusterIP
+API_BASE_URL ?= http://hyperfleet-api:8000
+
+# Container Registry Configuration
+REGISTRY ?= quay.io
+API_REPOSITORY ?= openshift-hyperfleet/hyperfleet-api
+SENTINEL_REPOSITORY ?= openshift-hyperfleet/hyperfleet-sentinel
+ADAPTER_REPOSITORY ?= openshift-hyperfleet/hyperfleet-adapter
+
+# Helm Charts
+CHART_ORG ?= openshift-hyperfleet
+API_CHART_REF ?= v0.2.1
+SENTINEL_CHART_REF ?= v0.2.1
+ADAPTER_CHART_REF ?= v0.2.1
+
+# Image Tags
+API_IMAGE_TAG ?= v0.2.1
+SENTINEL_IMAGE_TAG ?= v0.2.1
+ADAPTER_IMAGE_TAG ?= v0.2.1
+IMAGE_PULL_POLICY ?= Always
+
+# Kubernetes Namespaces
+NAMESPACE ?= hyperfleet

helm/adapter-hypershift-kubeconfig/Chart.yaml

@@ -0,0 +1,11 @@
+apiVersion: v2
+name: adapter-hypershift-kubeconfig
+description: HyperShift kubeconfig adapter - reads HostedCluster kubeconfig and exposes it via the CLM API
+type: application
+version: 0.1.0
+appVersion: "0.0.0-dev"
+
+dependencies:
+  - name: hyperfleet-adapter
+    version: "2.0.0"
+    repository: "git+https://github.com/openshift-hyperfleet/hyperfleet-adapter@charts?ref=main"

helm/adapter-hypershift-kubeconfig/adapter-config.yaml

@@ -0,0 +1,26 @@
+# HyperShift kubeconfig adapter deployment configuration
+# Reads the HostedCluster kubeconfig Secret and reports it via the CLM API
+adapter:
+  name: adapter-hypershift-kubeconfig
+  version: "0.2.0"
+
+debug_config: true
+log:
+  level: debug
+
+clients:
+  hyperfleet_api:
+    base_url: http://hyperfleet-api:8000
+    version: v1
+    timeout: 10s
+    retry_attempts: 3
+    retry_backoff: exponential
+
+  broker:
+    subscription_id: "adapter-hypershift-kubeconfig"
+    topic: "hyperfleet-clusters"
+
+  kubernetes:
+    api_version: "v1"
+    # Use the mounted kubeconfig to target the remote HyperShift management cluster
+    kube_config_path: /etc/hypershift/kubeconfig

helm/adapter-hypershift-kubeconfig/adapter-task-config.yaml

@@ -0,0 +1,110 @@
+# HyperShift kubeconfig adapter task configuration
+# Discovers the HostedCluster kubeconfig Secret and exposes it via the CLM API.
+# Platform-agnostic: works with any HyperShift management cluster.
+params:
+
+  - name: "clusterId"
+    source: "event.id"
+    type: "string"
+    required: true
+
+  - name: "generation"
+    source: "event.generation"
+    type: "int"
+    required: true
+
+  - name: "namespace"
+    source: "env.CLUSTERS_NAMESPACE"
+    type: "string"
+
+# Preconditions: fetch cluster name from API
+preconditions:
+  - name: "clusterStatus"
+    api_call:
+      method: "GET"
+      url: "/clusters/{{ .clusterId }}"
+      timeout: 10s
+      retry_attempts: 3
+      retry_backoff: "exponential"
+    capture:
+      - name: "clusterName"
+        field: "name"
+      - name: "generation"
+        field: "generation"
+
+# Resources: discover the kubeconfig Secret on the management cluster.
+# HyperShift creates a Secret named {clusterName}-admin-kubeconfig in the
+# clusters namespace. The adapter discovers it without modifying it.
+resources:
+
+  - name: "kubeconfigSecret"
+    transport:
+      client: "kubernetes"
+    manifest:
+      apiVersion: v1
+      kind: Secret
+      metadata:
+        name: "{{ .clusterName }}-admin-kubeconfig"
+        namespace: "{{ .namespace }}"
+    discovery:
+      namespace: "{{ .namespace }}"
+      by_name: "{{ .clusterName }}-admin-kubeconfig"
+
+# Post-processing: report kubeconfig back to the CLM API
+post:
+  payloads:
+    - name: "statusPayload"
+      build:
+        adapter: "{{ .adapter.name }}"
+        conditions:
+          - type: "Applied"
+            status:
+              expression: |
+                resources.?kubeconfigSecret.?metadata.?name.hasValue() ? "True" : "False"
+            reason:
+              expression: |
+                resources.?kubeconfigSecret.?metadata.?name.hasValue() ? "KubeconfigFound" : "KubeconfigNotFound"
+            message:
+              expression: |
+                resources.?kubeconfigSecret.?metadata.?name.hasValue()
+                ? "Kubeconfig secret discovered on management cluster"
+                : "Kubeconfig secret not yet available"
+          - type: "Available"
+            status:
+              expression: |
+                resources.?kubeconfigSecret.?data.?kubeconfig.hasValue() ? "True" : "False"
+            reason:
+              expression: |
+                resources.?kubeconfigSecret.?data.?kubeconfig.hasValue() ? "KubeconfigReady" : "KubeconfigPending"
+            message:
+              expression: |
+                resources.?kubeconfigSecret.?data.?kubeconfig.hasValue()
+                ? "Kubeconfig is available"
+                : "Waiting for kubeconfig to be populated"
+          - type: "Health"
+            status:
+              expression: |
+                adapter.?executionStatus.orValue("") == "success" ? "True" : (adapter.?executionStatus.orValue("") == "failed" ? "False" : "Unknown")
+            reason:
+              expression: |
+                adapter.?errorReason.orValue("") != "" ? adapter.?errorReason.orValue("") : "Healthy"
+            message:
+              expression: |
+                adapter.?errorMessage.orValue("") != "" ? adapter.?errorMessage.orValue("") : "Adapter executed successfully"
+        observed_generation:
+          expression: "generation"
+        observed_time: "{{ now | date \"2006-01-02T15:04:05Z07:00\" }}"
+        data:
+          kubeconfig:
+            expression: |
+              resources.?kubeconfigSecret.?data.?kubeconfig.orValue("")
+
+  post_actions:
+    - name: "reportClusterStatus"
+      api_call:
+        method: "POST"
+        url: "/clusters/{{ .clusterId }}/statuses"
+        headers:
+          - name: "Content-Type"
+            value: "application/json"
+        body: "{{ .statusPayload }}"

helm/adapter-hypershift-kubeconfig/values.yaml

@@ -0,0 +1,56 @@
+# Values for adapter-hypershift-kubeconfig
+# Reads HostedCluster kubeconfig and exposes it via the CLM API
+
+hyperfleet-adapter:
+  image:
+    registry: CHANGE_ME
+    repository: CHANGE_ME
+    tag: latest
+
+  adapterConfig:
+    create: true
+    log:
+      level: debug
+
+  adapterTaskConfig:
+    create: true
+
+  broker:
+    type: googlepubsub
+    googlepubsub:
+      projectId: CHANGE_ME
+      subscriptionId: CHANGE_ME
+      topic: CHANGE_ME
+      deadLetterTopic: ""
+      createTopicIfMissing: true
+      createSubscriptionIfMissing: true
+    rabbitmq:
+      url: CHANGE_ME
+      queue: ""
+      exchange: ""
+      routingKey: ""
+
+  env:
+    - name: NAMESPACE
+      valueFrom:
+        fieldRef:
+          fieldPath: metadata.namespace
+    - name: CLUSTERS_NAMESPACE
+      value: clusters
+
+  # Mount the management cluster kubeconfig
+  extraVolumeMounts:
+    - name: hypershift-kubeconfig
+      mountPath: /etc/hypershift
+      readOnly: true
+
+  extraVolumes:
+    - name: hypershift-kubeconfig
+      secret:
+        secretName: hypershift-mgmt-kubeconfig
+
+  # RBAC for reading Secrets on the local cluster (discovery uses the mounted kubeconfig)
+  rbac:
+    resources:
+      - configmaps
+      - secrets

helm/adapter-hypershift-nodepool/Chart.yaml

@@ -0,0 +1,11 @@
+apiVersion: v2
+name: adapter-hypershift-nodepool
+description: HyperShift NodePool adapter - creates NodePool resources on a remote management cluster
+type: application
+version: 0.1.0
+appVersion: "0.0.0-dev"
+
+dependencies:
+  - name: hyperfleet-adapter
+    version: "2.0.0"
+    repository: "git+https://github.com/openshift-hyperfleet/hyperfleet-adapter@charts?ref=main"

helm/adapter-hypershift-nodepool/adapter-config.yaml

@@ -0,0 +1,26 @@
+# HyperShift NodePool adapter deployment configuration
+# Creates NodePool resources on a remote HyperShift management cluster
+adapter:
+  name: adapter-hypershift-nodepool
+  version: "0.2.0"
+
+debug_config: true
+log:
+  level: debug
+
+clients:
+  hyperfleet_api:
+    base_url: http://hyperfleet-api:8000
+    version: v1
+    timeout: 10s
+    retry_attempts: 3
+    retry_backoff: exponential
+
+  broker:
+    subscription_id: "adapter-hypershift-nodepool"
+    topic: "hyperfleet-nodepools"
+
+  kubernetes:
+    api_version: "v1"
+    # Use the mounted kubeconfig to target the remote HyperShift management cluster
+    kube_config_path: /etc/hypershift/kubeconfig