Secure applications by injecting SSO capabilities at runtime

[leochr]

Allow deployed applications to be secured by providing mechanism(s) to indirectly integrate with solutions like IBM Application Gateway (IAG), which can be deployed as a sidecar and intercept traffic to secure application endpoint(s).

Note that since Runtime Component Operator (RCO) is a generic operator, it can only provide the mechanism(s) for indirect integration. It should not install, place direct dependency on any particular solution.

For the IAG sidecar scenario, the annotations need to be added to the Deployment resource. One option is to utilize Runtime Component Operator's (RCO) propagation of labels and annotations from the custom resource (CR) to all the Kubernetes/OpenShift resources it creates (including Deployment). Another option is to create a new field to specify annotations for Deployment only. Users can also specify these annotations on the Deployment that RCO creates, but RCO currently reverts any manual changes to Deployment.

Test this scenario on OpenShift. Earlier tried the sidecar scenario using a sample application on OpenShift and encountered issues (some were related to certificates).