fix: ensure all required acm addons are deployed for the spoke cluster

butler54 · butler54 · commit 75075b1229f8 · 2025-10-21T15:59:02.000+09:00
Signed-off-by: Chris Butler &lt;chris.butler@redhat.com&gt;
diff --git a/rhdp/wrapper-multicluster.sh b/rhdp/wrapper-multicluster.sh
@@ -291,6 +291,79 @@ EOF
         echo "WARNING: Cluster label is '$CLUSTER_LABEL' (expected: spoke)"
     fi
     
+    # Install required ACM policy addons on spoke cluster
+    echo "---------------------"
+    echo "Installing ACM policy addons on spoke cluster"
+    echo "---------------------"
+    
+    # Ensure we're using the hub cluster kubeconfig
+    export KUBECONFIG="$(pwd)/openshift-install-hub/auth/kubeconfig"
+    
+    # Create config-policy-controller addon
+    cat <<EOF | kubectl apply -f -
+apiVersion: addon.open-cluster-management.io/v1alpha1
+kind: ManagedClusterAddOn
+metadata:
+  name: config-policy-controller
+  namespace: coco-spoke
+spec:
+  installNamespace: open-cluster-management-agent-addon
+EOF
+    
+    # Create governance-policy-framework addon
+    cat <<EOF | kubectl apply -f -
+apiVersion: addon.open-cluster-management.io/v1alpha1
+kind: ManagedClusterAddOn
+metadata:
+  name: governance-policy-framework
+  namespace: coco-spoke
+spec:
+  installNamespace: open-cluster-management-agent-addon
+EOF
+    
+    # Create cert-policy-controller addon
+    cat <<EOF | kubectl apply -f -
+apiVersion: addon.open-cluster-management.io/v1alpha1
+kind: ManagedClusterAddOn
+metadata:
+  name: cert-policy-controller
+  namespace: coco-spoke
+spec:
+  installNamespace: open-cluster-management-agent-addon
+EOF
+    
+    # Create application-manager addon
+    cat <<EOF | kubectl apply -f -
+apiVersion: addon.open-cluster-management.io/v1alpha1
+kind: ManagedClusterAddOn
+metadata:
+  name: application-manager
+  namespace: coco-spoke
+spec:
+  installNamespace: open-cluster-management-agent-addon
+EOF
+    
+    # Wait for addons to become available
+    echo "Waiting for addons to become available..."
+    ADDON_WAIT=0
+    while [ $ADDON_WAIT -lt 180 ]; do
+        ADDONS_READY=$(kubectl get managedclusteraddons -n coco-spoke -o jsonpath='{range .items[?(@.spec.installNamespace=="open-cluster-management-agent-addon")]}{.metadata.name}={.status.conditions[?(@.type=="Available")].status}{"\n"}{end}' 2>/dev/null | grep -c "=True" || echo "0")
+        if [ "$ADDONS_READY" -ge 4 ]; then
+            echo "✓ All policy addons are available"
+            ADDON_INSTALL_STATUS="SUCCESS"
+            break
+        fi
+        sleep 10
+        ADDON_WAIT=$((ADDON_WAIT + 10))
+        echo "Addon status: $ADDONS_READY/4 available ($ADDON_WAIT/180 seconds)"
+    done
+    
+    if [ $ADDON_WAIT -ge 180 ]; then
+        echo "WARNING: Some addons may not be fully available yet"
+        kubectl get managedclusteraddons -n coco-spoke
+        ADDON_INSTALL_STATUS="TIMEOUT"
+    fi
+    
     echo "---------------------"
 else
     echo "Skipping spoke cluster import (ACM: $ACM_STATUS, Spoke Exit Code: $SPOKE_EXIT_CODE)"
@@ -327,6 +400,13 @@ if [ -n "$SPOKE_IMPORT_STATUS" ]; then
     if [ "$SPOKE_IMPORT_STATUS" == "SUCCESS" ]; then
         echo "  - Cluster name: coco-spoke"
         echo "  - Label: clusterGroup=spoke"
+        if [ -n "$ADDON_INSTALL_STATUS" ]; then
+            echo "  - Policy addons: $ADDON_INSTALL_STATUS"
+            if [ "$ADDON_INSTALL_STATUS" == "SUCCESS" ]; then
+                ADDON_COUNT=$(kubectl get managedclusteraddons -n coco-spoke --no-headers 2>/dev/null | wc -l | tr -d ' ')
+                echo "  - Total addons installed: $ADDON_COUNT"
+            fi
+        fi
     fi
 fi
 
