disapp: create namespace(s) on the secondary cluster

internal/controller/drplacementcontrol.go

@@ -169,13 +169,8 @@ func (d *DRPCInstance) RunInitialDeployment() (bool, error) {
 		return !done, nil
 	}
 
-	err := d.ensureVRGManifestWork(clusterName)
-	if err != nil {
-		return !done, err
-	}
-
 	// If we get here, the deployment is successful
-	err = d.EnsureSecondaryReplicationSetup(homeCluster)
+	err := d.finalizeInitialDeployment(homeCluster, clusterName)
 	if err != nil {
 		return !done, err
 	}
@@ -193,6 +188,19 @@ func (d *DRPCInstance) RunInitialDeployment() (bool, error) {
 	return done, nil
 }
 
+func (d *DRPCInstance) finalizeInitialDeployment(homeCluster, clusterName string) error {
+	if err := d.ensureVRGManifestWork(clusterName); err != nil {
+		return err
+	}
+
+	if err := d.createNamespacesOnRemote(homeCluster); err != nil {
+		return err
+	}
+
+	// If we get here, the deployment is successful
+	return d.EnsureSecondaryReplicationSetup(homeCluster)
+}
+
 func (d *DRPCInstance) getHomeClusterForInitialDeploy() (string, string) {
 	// Check if the user wants to use the preferredCluster
 	homeCluster := ""
@@ -2033,7 +2041,8 @@ func (d *DRPCInstance) ensureNamespaceManifestWork(homeCluster string) error {
 		annotations[DRPCNameAnnotation] = d.instance.Name
 		annotations[DRPCNamespaceAnnotation] = d.instance.Namespace
 
-		err := d.mwu.CreateOrUpdateNamespaceManifest(d.instance.Name, d.vrgNamespace, homeCluster, annotations)
+		err := d.mwu.CreateOrUpdateNamespaceManifest(d.instance.Name, d.vrgNamespace, homeCluster, annotations,
+			map[string]string{})
 		if err != nil {
 			return fmt.Errorf("failed to create namespace '%s' on cluster %s: %w", d.vrgNamespace, homeCluster, err)
 		}
@@ -2729,6 +2738,40 @@ func (d *DRPCInstance) setActionDuration() {
 		fmt.Sprintf("%v", d.instance.Status.Phase), d.instance.Status.ActionStartTime, duration))
 }
 
+func (d *DRPCInstance) createNamespacesOnRemote(homeCluster string) error {
+	protectedNamespaces := make([]*corev1.Namespace, 0)
+
+	var err error
+
+	for _, ns := range *d.instance.Spec.ProtectedNamespaces {
+		protectedNamespace, err := d.reconciler.MCVGetter.GetNSFromManagedCluster(homeCluster, ns)
+		if err != nil {
+			d.log.Error(err, fmt.Sprintf("error getting namespace %s from managed cluster %s using MCV", ns, homeCluster))
+
+			return err
+		}
+
+		protectedNamespaces = append(protectedNamespaces, protectedNamespace)
+	}
+
+	for _, protectedNamespaceObj := range protectedNamespaces {
+		annotations := removeSCCAnnotations(protectedNamespaceObj.Annotations)
+
+		for _, dstCluster := range rmnutil.DRPolicyClusterNames(d.drPolicy) {
+			if homeCluster == dstCluster {
+				continue
+			}
+
+			if err := d.mwu.CreateOrUpdateNamespaceManifest(d.instance.Name, protectedNamespaceObj.Name, dstCluster,
+				annotations, protectedNamespaceObj.Labels); err != nil {
+				return err
+			}
+		}
+	}
+
+	return err
+}
+
 func getCallerFunction(ancestorLevel int) string {
 	// this is a util function and the caller is not going to count this
 	// function in the skiplevel. Incrementing the skiplevel by 1
@@ -2750,3 +2793,15 @@ func getCallerFunction(ancestorLevel int) string {
 
 	return strings.TrimPrefix(details.Name(), "github.com/ramendr/ramen/internal/controller.")
 }
+
+func removeSCCAnnotations(annotations map[string]string) map[string]string {
+	filteredAnnotations := make(map[string]string)
+
+	for key, val := range annotations {
+		if !strings.Contains(key, "sa.scc") {
+			filteredAnnotations[key] = val
+		}
+	}
+
+	return filteredAnnotations
+}

internal/controller/drplacementcontrol_controller.go

@@ -2665,7 +2665,7 @@ func adoptOrphanVRG(
 	annotations[DRPCNamespaceAnnotation] = drpc.Namespace
 
 	// Adopt the namespace as well
-	err := mwu.CreateOrUpdateNamespaceManifest(drpc.Name, vrgNamespace, cluster, annotations)
+	err := mwu.CreateOrUpdateNamespaceManifest(drpc.Name, vrgNamespace, cluster, annotations, map[string]string{})
 	if err != nil {
 		log.Info("error creating namespace via ManifestWork during adoption", "error", err, "cluster", cluster)
 

internal/controller/fake_mcv_test.go

@@ -13,6 +13,7 @@ import (
 	"github.com/go-logr/logr"
 	snapv1 "github.com/kubernetes-csi/external-snapshotter/client/v8/apis/volumesnapshot/v1"
 	groupsnapv1beta1 "github.com/red-hat-storage/external-snapshotter/client/v8/apis/volumegroupsnapshot/v1beta1"
+	corev1 "k8s.io/api/core/v1"
 	k8serrors "k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/types"
@@ -197,3 +198,7 @@ func (f FakeMCVGetter) DeleteManagedClusterView(clusterName, mcvName string, log
 
 	return f.Delete(context.TODO(), mcv)
 }
+
+func (f FakeMCVGetter) GetNSFromManagedCluster(managedCluster, resourceName string) (*corev1.Namespace, error) {
+	return nil, nil
+}

internal/controller/util/mcv_util.go

@@ -14,6 +14,7 @@ import (
 	"github.com/go-logr/logr"
 	snapv1 "github.com/kubernetes-csi/external-snapshotter/client/v8/apis/volumesnapshot/v1"
 	groupsnapv1beta1 "github.com/red-hat-storage/external-snapshotter/client/v8/apis/volumegroupsnapshot/v1beta1"
+	corev1 "k8s.io/api/core/v1"
 	storagev1 "k8s.io/api/storage/v1"
 	k8serrors "k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -82,6 +83,9 @@ type ManagedClusterViewGetter interface {
 		resourceName, managedCluster string,
 		annotations map[string]string) (*volrep.VolumeGroupReplicationClass, error)
 
+	GetNSFromManagedCluster(
+		managedCluster, resourceName string) (*corev1.Namespace, error)
+
 	ListVGRClassMCVs(managedCluster string) (*viewv1beta1.ManagedClusterViewList, error)
 
 	GetResource(mcv *viewv1beta1.ManagedClusterView, resource interface{}) error
@@ -386,6 +390,24 @@ func (m ManagedClusterViewGetterImpl) GetVRClassFromManagedCluster(resourceName,
 	return vrc, err
 }
 
+func (m ManagedClusterViewGetterImpl) GetNSFromManagedCluster(cluster, resourceName string) (*corev1.Namespace, error) {
+	ns := &corev1.Namespace{}
+
+	err := m.getResourceFromManagedCluster(
+		resourceName,
+		"",
+		cluster,
+		map[string]string{},
+		map[string]string{},
+		BuildManagedClusterViewName(resourceName, "", "ns"),
+		"Namespace",
+		"",
+		"v1",
+		ns)
+
+	return ns, err
+}
+
 func (m ManagedClusterViewGetterImpl) ListVRClassMCVs(cluster string) (*viewv1beta1.ManagedClusterViewList, error) {
 	return m.listMCVsWithLabel(cluster, map[string]string{VRClassLabel: ""})
 }

internal/controller/util/mw_util.go

@@ -353,9 +353,14 @@ func (mwu *MWUtil) IsManifestApplied(cluster, mwType string) bool {
 // Namespace MW creation
 func (mwu *MWUtil) CreateOrUpdateNamespaceManifest(
 	name string, namespaceName string, managedClusterNamespace string,
-	annotations map[string]string,
+	annotations map[string]string, labels map[string]string,
 ) error {
-	manifest, err := mwu.GenerateManifest(Namespace(namespaceName))
+	ns := Namespace(namespaceName)
+	// Set labels and annotations on the namespace object itself
+	ns.Labels = labels
+	ns.Annotations = annotations
+
+	manifest, err := mwu.GenerateManifest(ns)
 	if err != nil {
 		return err
 	}
@@ -368,7 +373,7 @@ func (mwu *MWUtil) CreateOrUpdateNamespaceManifest(
 	manifestWork := mwu.newManifestWork(
 		mwName,
 		managedClusterNamespace,
-		map[string]string{},
+		labels,
 		manifests,
 		annotations)
 
@@ -637,7 +642,8 @@ func (mwu *MWUtil) DeleteNamespaceManifestWork(clusterName string, annotations m
 	// if not set, call CreateOrUpdateNamespaceManifest such that it is
 	// updated with the delete option
 	if mw.Spec.DeleteOption == nil {
-		err = mwu.CreateOrUpdateNamespaceManifest(mwu.InstName, mwu.TargetNamespace, clusterName, annotations)
+		err = mwu.CreateOrUpdateNamespaceManifest(mwu.InstName, mwu.TargetNamespace, clusterName, annotations,
+			map[string]string{})
 		if err != nil {
 			mwu.Log.Info("error creating namespace via ManifestWork", "error", err, "cluster", clusterName)