From 3f9721b5e386f83e86757c88cc1c19cb3d5710b8 Mon Sep 17 00:00:00 2001 From: Nivedithaa Mahendran Date: Fri, 12 Dec 2025 12:17:31 +0530 Subject: [PATCH 01/39] initial checkin --- .../templates/12-dro-public-route.yaml | 24 +++++++++++++++++++ 1 file changed, 24 insertions(+) create mode 100644 cluster-applications/020-ibm-dro/templates/12-dro-public-route.yaml diff --git a/cluster-applications/020-ibm-dro/templates/12-dro-public-route.yaml b/cluster-applications/020-ibm-dro/templates/12-dro-public-route.yaml new file mode 100644 index 000000000..7192b7fa3 --- /dev/null +++ b/cluster-applications/020-ibm-dro/templates/12-dro-public-route.yaml @@ -0,0 +1,24 @@ +{{- if .Values.dro_public_host }} + +--- +kind: Route +apiVersion: route.openshift.io/v1 +metadata: + name: ibm-data-reporter + namespace: ibm-software-central + labels: + type: external +spec: + host: {{ .Values.dro_public_host }} + to: + kind: Service + name: ibm-data-reporter-operator-controller-manager-metrics-service + weight: 100 + port: + targetPort: 8443 + tls: + termination: reencrypt + insecureEdgeTerminationPolicy: Redirect + name: dro-secret + wildcardPolicy: None +{{- end }} \ No newline at end of file From 321c7846982e015ede7a93d5d539567832fa2b73 Mon Sep 17 00:00:00 2001 From: Nivedithaa Mahendran Date: Wed, 17 Dec 2025 13:31:03 +0530 Subject: [PATCH 02/39] using clusterissuer --- .../12-0-dro-cluster-issuer-staging.yaml | 36 +++++++++++++++++++ .../12-1-dro-cluster-issuer-prod.yaml | 35 ++++++++++++++++++ ...ic-route.yaml => 13-dro-public-route.yaml} | 4 +++ 3 files changed, 75 insertions(+) create mode 100644 cluster-applications/020-ibm-dro/templates/12-0-dro-cluster-issuer-staging.yaml create mode 100644 cluster-applications/020-ibm-dro/templates/12-1-dro-cluster-issuer-prod.yaml rename cluster-applications/020-ibm-dro/templates/{12-dro-public-route.yaml => 13-dro-public-route.yaml} (74%) diff --git a/cluster-applications/020-ibm-dro/templates/12-0-dro-cluster-issuer-staging.yaml b/cluster-applications/020-ibm-dro/templates/12-0-dro-cluster-issuer-staging.yaml new file mode 100644 index 000000000..d89caf75c --- /dev/null +++ b/cluster-applications/020-ibm-dro/templates/12-0-dro-cluster-issuer-staging.yaml @@ -0,0 +1,36 @@ +{{- if and (eq .Values.dns_provider "cis") (not .Values.mas_manual_cert_mgmt) }} + +{{ $cis_apiservice_group_name := "acme.cis.ibm.com" }} +{{ $cis_stg_issuer_name := printf "%s-cis-le-stg" .Values.cluster_id }} + +--- +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + annotations: + argocd.argoproj.io/sync-wave: "138" + name: "{{ $cis_stg_issuer_name }}" +{{- if .Values.custom_labels }} + labels: +{{ .Values.custom_labels | toYaml | indent 4 }} +{{- end }} +spec: + acme: + email: "{{ .Values.cis_email }}" + preferredChain: '' + privateKeySecretRef: + name: cis-letsencrypt-staging-account-key + server: 'https://acme-staging-v02.api.letsencrypt.org/directory' + solvers: + - dns01: + webhook: + config: + apiKeySecretRef: + key: key + name: cis-api-key + crn: >- + {{ .Values.cis_crn }} + groupName: {{ $cis_apiservice_group_name }} + solverName: cis + +{{- end }} \ No newline at end of file diff --git a/cluster-applications/020-ibm-dro/templates/12-1-dro-cluster-issuer-prod.yaml b/cluster-applications/020-ibm-dro/templates/12-1-dro-cluster-issuer-prod.yaml new file mode 100644 index 000000000..42548c09a --- /dev/null +++ b/cluster-applications/020-ibm-dro/templates/12-1-dro-cluster-issuer-prod.yaml @@ -0,0 +1,35 @@ +{{- if and (eq .Values.dns_provider "cis") (not .Values.mas_manual_cert_mgmt) }} + +{{ $cis_apiservice_group_name := "acme.cis.ibm.com" }} +{{ $cis_prod_issuer_name := printf "%s-cis-le-prod" .Values.cluster_id }} +--- +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + annotations: + argocd.argoproj.io/sync-wave: "138" + name: "{{ $cis_prod_issuer_name }}" +{{- if .Values.custom_labels }} + labels: +{{ .Values.custom_labels | toYaml | indent 4 }} +{{- end }} +spec: + acme: + email: "{{ .Values.cis_email }}" + preferredChain: '' + privateKeySecretRef: + name: cis-letsencrypt-production-account-key + server: 'https://acme-v02.api.letsencrypt.org/directory' + solvers: + - dns01: + webhook: + config: + apiKeySecretRef: + key: key + name: cis-api-key + crn: >- + {{ .Values.cis_crn }} + groupName: {{ $cis_apiservice_group_name }} + solverName: cis + +{{- end }} \ No newline at end of file diff --git a/cluster-applications/020-ibm-dro/templates/12-dro-public-route.yaml b/cluster-applications/020-ibm-dro/templates/13-dro-public-route.yaml similarity index 74% rename from cluster-applications/020-ibm-dro/templates/12-dro-public-route.yaml rename to cluster-applications/020-ibm-dro/templates/13-dro-public-route.yaml index 7192b7fa3..a1e63204b 100644 --- a/cluster-applications/020-ibm-dro/templates/12-dro-public-route.yaml +++ b/cluster-applications/020-ibm-dro/templates/13-dro-public-route.yaml @@ -1,3 +1,4 @@ +{{- if and (eq .Values.dns_provider "cis") (not .Values.mas_manual_cert_mgmt) }} {{- if .Values.dro_public_host }} --- @@ -20,5 +21,8 @@ spec: termination: reencrypt insecureEdgeTerminationPolicy: Redirect name: dro-secret + certificate: {{ .Values.dro_certificate }} + key: {{ .Values.dro_key }} wildcardPolicy: None +{{- end }} {{- end }} \ No newline at end of file From 1be5dad5fe5ce15e44907c834ebf70be0df7f2a9 Mon Sep 17 00:00:00 2001 From: Nivedithaa Mahendran Date: Wed, 17 Dec 2025 15:25:54 +0530 Subject: [PATCH 03/39] reorder --- .../Chart.yaml | 0 .../README.md | 0 .../templates/00-1-ibm-cis-webhook_rbac.yml | 16 ++++++++-------- .../templates/00-2-ibm-cis-webhook_pki.yml | 8 ++++---- .../00-3-ibm-cis-webhook_deployment.yml | 2 +- .../00-4-ibm-cis-webhook_apiservice.yml | 2 +- .../templates/00-5-ibm-cis-webhook_service.yml | 2 +- .../00-6-ibm-cis-webhook_cis-apikey-secret.yml | 2 +- .../00-7-ibm-cis-webhook_cis-proxy-route.yml | 2 +- ...8-ibm-cis-webhook_cis-ingress-controller.yaml | 0 .../templates/00-placeholder_ConfigMap.yaml | 0 .../values.yaml | 0 .../{020-ibm-dro => 030-ibm-dro}/Chart.yaml | 0 .../{020-ibm-dro => 030-ibm-dro}/README.md | 0 .../templates/01-dro_OperatorGroup.yaml | 2 +- .../templates/02-dro-pull_Secret.yaml | 2 +- .../templates/03-imo_Subscription.yaml | 2 +- .../templates/04-dro_Subscription.yaml | 2 +- .../06-marketplaceconfig_Marketplaceconfig.yaml | 2 +- .../templates/07-dro-api-token_Secret.yaml | 0 .../templates/07-dro_rbac.yaml | 6 +++--- .../templates/08-postsync-update-sm_Job.yaml | 6 +++--- .../templates/09-dro-cmm_Secret.yaml | 6 +++--- .../templates/10-dro-cmm_ConfigMap.yaml | 2 +- .../templates/11-dro-cmm_DataReporterConfig.yaml | 2 +- .../12-0-dro-cluster-issuer-staging.yaml | 0 .../templates/12-1-dro-cluster-issuer-prod.yaml | 0 .../templates/13-dro-public-route.yaml | 0 .../postdelete-MarketplaceConfigs-resources.yaml | 0 .../{020-ibm-dro => 030-ibm-dro}/values.yaml | 0 .../Chart.yaml | 0 .../README.md | 0 .../templates/00-placeholder_ConfigMap.yaml | 0 .../templates/postdelete-MarketplaceConfigs.yaml | 0 .../values.yaml | 0 ...anager.yaml => 020-ibm-cis-cert-manager.yaml} | 2 +- ...020-ibm-dro-app.yaml => 030-ibm-dro-app.yaml} | 6 +++++- ...dro-cleanup.yaml => 031-ibm-dro-cleanup.yaml} | 2 +- 38 files changed, 40 insertions(+), 36 deletions(-) rename cluster-applications/{030-ibm-cis-cert-manager => 020-0-ibm-cis-cert-manager}/Chart.yaml (100%) rename cluster-applications/{030-ibm-cis-cert-manager => 020-0-ibm-cis-cert-manager}/README.md (100%) rename cluster-applications/{030-ibm-cis-cert-manager => 020-0-ibm-cis-cert-manager}/templates/00-1-ibm-cis-webhook_rbac.yml (93%) rename cluster-applications/{030-ibm-cis-cert-manager => 020-0-ibm-cis-cert-manager}/templates/00-2-ibm-cis-webhook_pki.yml (93%) rename cluster-applications/{030-ibm-cis-cert-manager => 020-0-ibm-cis-cert-manager}/templates/00-3-ibm-cis-webhook_deployment.yml (98%) rename cluster-applications/{030-ibm-cis-cert-manager => 020-0-ibm-cis-cert-manager}/templates/00-4-ibm-cis-webhook_apiservice.yml (95%) rename cluster-applications/{030-ibm-cis-cert-manager => 020-0-ibm-cis-cert-manager}/templates/00-5-ibm-cis-webhook_service.yml (94%) rename cluster-applications/{030-ibm-cis-cert-manager => 020-0-ibm-cis-cert-manager}/templates/00-6-ibm-cis-webhook_cis-apikey-secret.yml (90%) rename cluster-applications/{030-ibm-cis-cert-manager => 020-0-ibm-cis-cert-manager}/templates/00-7-ibm-cis-webhook_cis-proxy-route.yml (94%) rename cluster-applications/{030-ibm-cis-cert-manager => 020-0-ibm-cis-cert-manager}/templates/00-8-ibm-cis-webhook_cis-ingress-controller.yaml (100%) rename cluster-applications/{030-ibm-cis-cert-manager => 020-0-ibm-cis-cert-manager}/templates/00-placeholder_ConfigMap.yaml (100%) rename cluster-applications/{021-ibm-dro-cleanup => 020-0-ibm-cis-cert-manager}/values.yaml (100%) rename cluster-applications/{020-ibm-dro => 030-ibm-dro}/Chart.yaml (100%) rename cluster-applications/{020-ibm-dro => 030-ibm-dro}/README.md (100%) rename cluster-applications/{020-ibm-dro => 030-ibm-dro}/templates/01-dro_OperatorGroup.yaml (88%) rename cluster-applications/{020-ibm-dro => 030-ibm-dro}/templates/02-dro-pull_Secret.yaml (88%) rename cluster-applications/{020-ibm-dro => 030-ibm-dro}/templates/03-imo_Subscription.yaml (92%) rename cluster-applications/{020-ibm-dro => 030-ibm-dro}/templates/04-dro_Subscription.yaml (92%) rename cluster-applications/{020-ibm-dro => 030-ibm-dro}/templates/06-marketplaceconfig_Marketplaceconfig.yaml (90%) rename cluster-applications/{020-ibm-dro => 030-ibm-dro}/templates/07-dro-api-token_Secret.yaml (100%) rename cluster-applications/{020-ibm-dro => 030-ibm-dro}/templates/07-dro_rbac.yaml (95%) rename cluster-applications/{020-ibm-dro => 030-ibm-dro}/templates/08-postsync-update-sm_Job.yaml (98%) rename cluster-applications/{020-ibm-dro => 030-ibm-dro}/templates/09-dro-cmm_Secret.yaml (84%) rename cluster-applications/{020-ibm-dro => 030-ibm-dro}/templates/10-dro-cmm_ConfigMap.yaml (96%) rename cluster-applications/{020-ibm-dro => 030-ibm-dro}/templates/11-dro-cmm_DataReporterConfig.yaml (97%) rename cluster-applications/{020-ibm-dro => 030-ibm-dro}/templates/12-0-dro-cluster-issuer-staging.yaml (100%) rename cluster-applications/{020-ibm-dro => 030-ibm-dro}/templates/12-1-dro-cluster-issuer-prod.yaml (100%) rename cluster-applications/{020-ibm-dro => 030-ibm-dro}/templates/13-dro-public-route.yaml (100%) rename cluster-applications/{020-ibm-dro => 030-ibm-dro}/templates/postdelete-MarketplaceConfigs-resources.yaml (100%) rename cluster-applications/{020-ibm-dro => 030-ibm-dro}/values.yaml (100%) rename cluster-applications/{021-ibm-dro-cleanup => 031-ibm-dro-cleanup}/Chart.yaml (100%) rename cluster-applications/{021-ibm-dro-cleanup => 031-ibm-dro-cleanup}/README.md (100%) rename cluster-applications/{021-ibm-dro-cleanup => 031-ibm-dro-cleanup}/templates/00-placeholder_ConfigMap.yaml (100%) rename cluster-applications/{021-ibm-dro-cleanup => 031-ibm-dro-cleanup}/templates/postdelete-MarketplaceConfigs.yaml (100%) rename cluster-applications/{030-ibm-cis-cert-manager => 031-ibm-dro-cleanup}/values.yaml (100%) rename root-applications/ibm-mas-cluster-root/templates/{030-ibm-cis-cert-manager.yaml => 020-ibm-cis-cert-manager.yaml} (98%) rename root-applications/ibm-mas-cluster-root/templates/{020-ibm-dro-app.yaml => 030-ibm-dro-app.yaml} (91%) rename root-applications/ibm-mas-cluster-root/templates/{021-ibm-dro-cleanup.yaml => 031-ibm-dro-cleanup.yaml} (98%) diff --git a/cluster-applications/030-ibm-cis-cert-manager/Chart.yaml b/cluster-applications/020-0-ibm-cis-cert-manager/Chart.yaml similarity index 100% rename from cluster-applications/030-ibm-cis-cert-manager/Chart.yaml rename to cluster-applications/020-0-ibm-cis-cert-manager/Chart.yaml diff --git a/cluster-applications/030-ibm-cis-cert-manager/README.md b/cluster-applications/020-0-ibm-cis-cert-manager/README.md similarity index 100% rename from cluster-applications/030-ibm-cis-cert-manager/README.md rename to cluster-applications/020-0-ibm-cis-cert-manager/README.md diff --git a/cluster-applications/030-ibm-cis-cert-manager/templates/00-1-ibm-cis-webhook_rbac.yml b/cluster-applications/020-0-ibm-cis-cert-manager/templates/00-1-ibm-cis-webhook_rbac.yml similarity index 93% rename from cluster-applications/030-ibm-cis-cert-manager/templates/00-1-ibm-cis-webhook_rbac.yml rename to cluster-applications/020-0-ibm-cis-cert-manager/templates/00-1-ibm-cis-webhook_rbac.yml index 545965f7b..0820db6f6 100644 --- a/cluster-applications/030-ibm-cis-cert-manager/templates/00-1-ibm-cis-webhook_rbac.yml +++ b/cluster-applications/020-0-ibm-cis-cert-manager/templates/00-1-ibm-cis-webhook_rbac.yml @@ -10,7 +10,7 @@ apiVersion: v1 kind: ServiceAccount metadata: annotations: - argocd.argoproj.io/sync-wave: "030" + argocd.argoproj.io/sync-wave: "020" name: "cert-manager-webhook-ibm-cis" namespace: "{{ $cert_manager_namespace }}" labels: @@ -27,7 +27,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: annotations: - argocd.argoproj.io/sync-wave: "031" + argocd.argoproj.io/sync-wave: "021" namespace: "{{ $cert_manager_namespace }}" name: "cert-manager-webhook-ibm-cis" labels: @@ -51,7 +51,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: annotations: - argocd.argoproj.io/sync-wave: "030" + argocd.argoproj.io/sync-wave: "020" name: "cert-manager-webhook-ibm-cis" namespace: "{{ $cert_manager_namespace }}" labels: @@ -75,7 +75,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: annotations: - argocd.argoproj.io/sync-wave: "031" + argocd.argoproj.io/sync-wave: "021" name: "cert-manager-webhook-ibm-cis:webhook-authentication-reader" namespace: kube-system labels: @@ -100,7 +100,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: annotations: - argocd.argoproj.io/sync-wave: "031" + argocd.argoproj.io/sync-wave: "021" name: "cert-manager-webhook-ibm-cis:auth-delegator" labels: app: "cert-manager-webhook-ibm-cis" @@ -123,7 +123,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: annotations: - argocd.argoproj.io/sync-wave: "030" + argocd.argoproj.io/sync-wave: "020" name: "cert-manager-webhook-ibm-cis:domain-solver" labels: app: "cert-manager-webhook-ibm-cis" @@ -143,7 +143,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: annotations: - argocd.argoproj.io/sync-wave: "031" + argocd.argoproj.io/sync-wave: "021" name: "cert-manager-webhook-ibm-cis:domain-solver" labels: app: "cert-manager-webhook-ibm-cis" @@ -165,7 +165,7 @@ kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: annotations: - argocd.argoproj.io/sync-wave: "031" + argocd.argoproj.io/sync-wave: "021" labels: app: "cert-manager-webhook-ibm-cis" name: 'system:openshift:scc:anyuid' diff --git a/cluster-applications/030-ibm-cis-cert-manager/templates/00-2-ibm-cis-webhook_pki.yml b/cluster-applications/020-0-ibm-cis-cert-manager/templates/00-2-ibm-cis-webhook_pki.yml similarity index 93% rename from cluster-applications/030-ibm-cis-cert-manager/templates/00-2-ibm-cis-webhook_pki.yml rename to cluster-applications/020-0-ibm-cis-cert-manager/templates/00-2-ibm-cis-webhook_pki.yml index 8ee21112e..dde3fbc4f 100644 --- a/cluster-applications/030-ibm-cis-cert-manager/templates/00-2-ibm-cis-webhook_pki.yml +++ b/cluster-applications/020-0-ibm-cis-cert-manager/templates/00-2-ibm-cis-webhook_pki.yml @@ -9,7 +9,7 @@ apiVersion: cert-manager.io/v1 kind: Issuer metadata: annotations: - argocd.argoproj.io/sync-wave: "032" + argocd.argoproj.io/sync-wave: "022" name: "cert-manager-webhook-ibm-cis-self-signed-issuer" namespace: "{{ $cert_manager_namespace }}" labels: @@ -26,7 +26,7 @@ apiVersion: cert-manager.io/v1 kind: Certificate metadata: annotations: - argocd.argoproj.io/sync-wave: "033" + argocd.argoproj.io/sync-wave: "023" name: "cert-manager-webhook-ibm-cis-root-ca-certificate" namespace: "{{ $cert_manager_namespace }}" labels: @@ -48,7 +48,7 @@ apiVersion: cert-manager.io/v1 kind: Issuer metadata: annotations: - argocd.argoproj.io/sync-wave: "033" + argocd.argoproj.io/sync-wave: "023" name: "cert-manager-webhook-ibm-cis-root-ca-issuer" namespace: "{{ $cert_manager_namespace }}" labels: @@ -66,7 +66,7 @@ apiVersion: cert-manager.io/v1 kind: Certificate metadata: annotations: - argocd.argoproj.io/sync-wave: "034" + argocd.argoproj.io/sync-wave: "024" name: "cert-manager-webhook-ibm-cis-serving-cert" namespace: "{{ $cert_manager_namespace }}" labels: diff --git a/cluster-applications/030-ibm-cis-cert-manager/templates/00-3-ibm-cis-webhook_deployment.yml b/cluster-applications/020-0-ibm-cis-cert-manager/templates/00-3-ibm-cis-webhook_deployment.yml similarity index 98% rename from cluster-applications/030-ibm-cis-cert-manager/templates/00-3-ibm-cis-webhook_deployment.yml rename to cluster-applications/020-0-ibm-cis-cert-manager/templates/00-3-ibm-cis-webhook_deployment.yml index 7e8c284d0..008acf952 100644 --- a/cluster-applications/030-ibm-cis-cert-manager/templates/00-3-ibm-cis-webhook_deployment.yml +++ b/cluster-applications/020-0-ibm-cis-cert-manager/templates/00-3-ibm-cis-webhook_deployment.yml @@ -13,7 +13,7 @@ apiVersion: apps/v1 kind: Deployment metadata: annotations: - argocd.argoproj.io/sync-wave: "035" + argocd.argoproj.io/sync-wave: "025" name: "cert-manager-webhook-ibm-cis" namespace: "{{ $cert_manager_namespace }}" labels: diff --git a/cluster-applications/030-ibm-cis-cert-manager/templates/00-4-ibm-cis-webhook_apiservice.yml b/cluster-applications/020-0-ibm-cis-cert-manager/templates/00-4-ibm-cis-webhook_apiservice.yml similarity index 95% rename from cluster-applications/030-ibm-cis-cert-manager/templates/00-4-ibm-cis-webhook_apiservice.yml rename to cluster-applications/020-0-ibm-cis-cert-manager/templates/00-4-ibm-cis-webhook_apiservice.yml index dffb8229a..a7e103c03 100644 --- a/cluster-applications/030-ibm-cis-cert-manager/templates/00-4-ibm-cis-webhook_apiservice.yml +++ b/cluster-applications/020-0-ibm-cis-cert-manager/templates/00-4-ibm-cis-webhook_apiservice.yml @@ -8,7 +8,7 @@ apiVersion: apiregistration.k8s.io/v1 kind: APIService metadata: annotations: - argocd.argoproj.io/sync-wave: "036" + argocd.argoproj.io/sync-wave: "026" cert-manager.io/inject-ca-from: "{{ $cert_manager_namespace }}/cert-manager-webhook-ibm-cis-serving-cert" name: "v1alpha1.{{ $cis_apiservice_group_name }}" namespace: "{{ $cert_manager_namespace }}" diff --git a/cluster-applications/030-ibm-cis-cert-manager/templates/00-5-ibm-cis-webhook_service.yml b/cluster-applications/020-0-ibm-cis-cert-manager/templates/00-5-ibm-cis-webhook_service.yml similarity index 94% rename from cluster-applications/030-ibm-cis-cert-manager/templates/00-5-ibm-cis-webhook_service.yml rename to cluster-applications/020-0-ibm-cis-cert-manager/templates/00-5-ibm-cis-webhook_service.yml index 7e43cf362..e0f025d9f 100644 --- a/cluster-applications/030-ibm-cis-cert-manager/templates/00-5-ibm-cis-webhook_service.yml +++ b/cluster-applications/020-0-ibm-cis-cert-manager/templates/00-5-ibm-cis-webhook_service.yml @@ -9,7 +9,7 @@ apiVersion: v1 kind: Service metadata: annotations: - argocd.argoproj.io/sync-wave: "036" + argocd.argoproj.io/sync-wave: "026" name: "cert-manager-webhook-ibm-cis" namespace: "{{ $cert_manager_namespace }}" labels: diff --git a/cluster-applications/030-ibm-cis-cert-manager/templates/00-6-ibm-cis-webhook_cis-apikey-secret.yml b/cluster-applications/020-0-ibm-cis-cert-manager/templates/00-6-ibm-cis-webhook_cis-apikey-secret.yml similarity index 90% rename from cluster-applications/030-ibm-cis-cert-manager/templates/00-6-ibm-cis-webhook_cis-apikey-secret.yml rename to cluster-applications/020-0-ibm-cis-cert-manager/templates/00-6-ibm-cis-webhook_cis-apikey-secret.yml index 17a7b6f71..c2b21e7b8 100644 --- a/cluster-applications/030-ibm-cis-cert-manager/templates/00-6-ibm-cis-webhook_cis-apikey-secret.yml +++ b/cluster-applications/020-0-ibm-cis-cert-manager/templates/00-6-ibm-cis-webhook_cis-apikey-secret.yml @@ -7,7 +7,7 @@ apiVersion: v1 kind: Secret metadata: annotations: - argocd.argoproj.io/sync-wave: "030" + argocd.argoproj.io/sync-wave: "020" name: cis-api-key namespace: "{{ $cert_manager_namespace }}" {{- if .Values.custom_labels }} diff --git a/cluster-applications/030-ibm-cis-cert-manager/templates/00-7-ibm-cis-webhook_cis-proxy-route.yml b/cluster-applications/020-0-ibm-cis-cert-manager/templates/00-7-ibm-cis-webhook_cis-proxy-route.yml similarity index 94% rename from cluster-applications/030-ibm-cis-cert-manager/templates/00-7-ibm-cis-webhook_cis-proxy-route.yml rename to cluster-applications/020-0-ibm-cis-cert-manager/templates/00-7-ibm-cis-webhook_cis-proxy-route.yml index d5ab2b31f..d8e3dc02a 100644 --- a/cluster-applications/030-ibm-cis-cert-manager/templates/00-7-ibm-cis-webhook_cis-proxy-route.yml +++ b/cluster-applications/020-0-ibm-cis-cert-manager/templates/00-7-ibm-cis-webhook_cis-proxy-route.yml @@ -8,7 +8,7 @@ kind: Route apiVersion: route.openshift.io/v1 metadata: annotations: - argocd.argoproj.io/sync-wave: "038" + argocd.argoproj.io/sync-wave: "028" name: cis-proxy-route namespace: "{{ $cert_manager_namespace }}" {{- if .Values.custom_labels }} diff --git a/cluster-applications/030-ibm-cis-cert-manager/templates/00-8-ibm-cis-webhook_cis-ingress-controller.yaml b/cluster-applications/020-0-ibm-cis-cert-manager/templates/00-8-ibm-cis-webhook_cis-ingress-controller.yaml similarity index 100% rename from cluster-applications/030-ibm-cis-cert-manager/templates/00-8-ibm-cis-webhook_cis-ingress-controller.yaml rename to cluster-applications/020-0-ibm-cis-cert-manager/templates/00-8-ibm-cis-webhook_cis-ingress-controller.yaml diff --git a/cluster-applications/030-ibm-cis-cert-manager/templates/00-placeholder_ConfigMap.yaml b/cluster-applications/020-0-ibm-cis-cert-manager/templates/00-placeholder_ConfigMap.yaml similarity index 100% rename from cluster-applications/030-ibm-cis-cert-manager/templates/00-placeholder_ConfigMap.yaml rename to cluster-applications/020-0-ibm-cis-cert-manager/templates/00-placeholder_ConfigMap.yaml diff --git a/cluster-applications/021-ibm-dro-cleanup/values.yaml b/cluster-applications/020-0-ibm-cis-cert-manager/values.yaml similarity index 100% rename from cluster-applications/021-ibm-dro-cleanup/values.yaml rename to cluster-applications/020-0-ibm-cis-cert-manager/values.yaml diff --git a/cluster-applications/020-ibm-dro/Chart.yaml b/cluster-applications/030-ibm-dro/Chart.yaml similarity index 100% rename from cluster-applications/020-ibm-dro/Chart.yaml rename to cluster-applications/030-ibm-dro/Chart.yaml diff --git a/cluster-applications/020-ibm-dro/README.md b/cluster-applications/030-ibm-dro/README.md similarity index 100% rename from cluster-applications/020-ibm-dro/README.md rename to cluster-applications/030-ibm-dro/README.md diff --git a/cluster-applications/020-ibm-dro/templates/01-dro_OperatorGroup.yaml b/cluster-applications/030-ibm-dro/templates/01-dro_OperatorGroup.yaml similarity index 88% rename from cluster-applications/020-ibm-dro/templates/01-dro_OperatorGroup.yaml rename to cluster-applications/030-ibm-dro/templates/01-dro_OperatorGroup.yaml index a2ee7d2ff..4f1efcedc 100644 --- a/cluster-applications/020-ibm-dro/templates/01-dro_OperatorGroup.yaml +++ b/cluster-applications/030-ibm-dro/templates/01-dro_OperatorGroup.yaml @@ -5,7 +5,7 @@ metadata: name: ibm-mas-operator-group namespace: "{{ .Values.dro_namespace }}" annotations: - argocd.argoproj.io/sync-wave: "021" + argocd.argoproj.io/sync-wave: "031" {{- if .Values.custom_labels }} labels: {{ .Values.custom_labels | toYaml | indent 4 }} diff --git a/cluster-applications/020-ibm-dro/templates/02-dro-pull_Secret.yaml b/cluster-applications/030-ibm-dro/templates/02-dro-pull_Secret.yaml similarity index 88% rename from cluster-applications/020-ibm-dro/templates/02-dro-pull_Secret.yaml rename to cluster-applications/030-ibm-dro/templates/02-dro-pull_Secret.yaml index 7224a0b75..5be7c1297 100644 --- a/cluster-applications/020-ibm-dro/templates/02-dro-pull_Secret.yaml +++ b/cluster-applications/030-ibm-dro/templates/02-dro-pull_Secret.yaml @@ -5,7 +5,7 @@ metadata: name: redhat-marketplace-pull-secret namespace: "{{ .Values.dro_namespace }}" annotations: - argocd.argoproj.io/sync-wave: "021" + argocd.argoproj.io/sync-wave: "031" {{- if .Values.custom_labels }} labels: {{ .Values.custom_labels | toYaml | indent 4 }} diff --git a/cluster-applications/020-ibm-dro/templates/03-imo_Subscription.yaml b/cluster-applications/030-ibm-dro/templates/03-imo_Subscription.yaml similarity index 92% rename from cluster-applications/020-ibm-dro/templates/03-imo_Subscription.yaml rename to cluster-applications/030-ibm-dro/templates/03-imo_Subscription.yaml index 02930c513..6a2ae7daa 100644 --- a/cluster-applications/020-ibm-dro/templates/03-imo_Subscription.yaml +++ b/cluster-applications/030-ibm-dro/templates/03-imo_Subscription.yaml @@ -5,7 +5,7 @@ metadata: name: ibm-metrics-operator namespace: "{{ .Values.dro_namespace }}" annotations: - argocd.argoproj.io/sync-wave: "022" + argocd.argoproj.io/sync-wave: "032" labels: app.kubernetes.io/name: imo {{- if .Values.custom_labels }} diff --git a/cluster-applications/020-ibm-dro/templates/04-dro_Subscription.yaml b/cluster-applications/030-ibm-dro/templates/04-dro_Subscription.yaml similarity index 92% rename from cluster-applications/020-ibm-dro/templates/04-dro_Subscription.yaml rename to cluster-applications/030-ibm-dro/templates/04-dro_Subscription.yaml index fea6b95d3..995962617 100644 --- a/cluster-applications/020-ibm-dro/templates/04-dro_Subscription.yaml +++ b/cluster-applications/030-ibm-dro/templates/04-dro_Subscription.yaml @@ -5,7 +5,7 @@ metadata: name: ibm-data-reporter-operator namespace: "{{ .Values.dro_namespace }}" annotations: - argocd.argoproj.io/sync-wave: "022" + argocd.argoproj.io/sync-wave: "032" labels: app.kubernetes.io/name: dro {{- if .Values.custom_labels }} diff --git a/cluster-applications/020-ibm-dro/templates/06-marketplaceconfig_Marketplaceconfig.yaml b/cluster-applications/030-ibm-dro/templates/06-marketplaceconfig_Marketplaceconfig.yaml similarity index 90% rename from cluster-applications/020-ibm-dro/templates/06-marketplaceconfig_Marketplaceconfig.yaml rename to cluster-applications/030-ibm-dro/templates/06-marketplaceconfig_Marketplaceconfig.yaml index ff87d47e4..f83bec37a 100644 --- a/cluster-applications/020-ibm-dro/templates/06-marketplaceconfig_Marketplaceconfig.yaml +++ b/cluster-applications/030-ibm-dro/templates/06-marketplaceconfig_Marketplaceconfig.yaml @@ -4,7 +4,7 @@ metadata: name: marketplaceconfig namespace: "{{ .Values.dro_namespace }}" annotations: - argocd.argoproj.io/sync-wave: "024" + argocd.argoproj.io/sync-wave: "034" argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true {{- if .Values.custom_labels }} labels: diff --git a/cluster-applications/020-ibm-dro/templates/07-dro-api-token_Secret.yaml b/cluster-applications/030-ibm-dro/templates/07-dro-api-token_Secret.yaml similarity index 100% rename from cluster-applications/020-ibm-dro/templates/07-dro-api-token_Secret.yaml rename to cluster-applications/030-ibm-dro/templates/07-dro-api-token_Secret.yaml diff --git a/cluster-applications/020-ibm-dro/templates/07-dro_rbac.yaml b/cluster-applications/030-ibm-dro/templates/07-dro_rbac.yaml similarity index 95% rename from cluster-applications/020-ibm-dro/templates/07-dro_rbac.yaml rename to cluster-applications/030-ibm-dro/templates/07-dro_rbac.yaml index d1f1352fb..31924511a 100644 --- a/cluster-applications/020-ibm-dro/templates/07-dro_rbac.yaml +++ b/cluster-applications/030-ibm-dro/templates/07-dro_rbac.yaml @@ -6,7 +6,7 @@ apiVersion: rbac.authorization.k8s.io/v1 metadata: name: metric-state-view-binding annotations: - argocd.argoproj.io/sync-wave: "025" + argocd.argoproj.io/sync-wave: "035" {{- if .Values.custom_labels }} labels: {{ .Values.custom_labels | toYaml | indent 4 }} @@ -34,7 +34,7 @@ apiVersion: rbac.authorization.k8s.io/v1 metadata: name: reporter-cluster-monitoring-binding annotations: - argocd.argoproj.io/sync-wave: "025" + argocd.argoproj.io/sync-wave: "035" {{- if .Values.custom_labels }} labels: {{ .Values.custom_labels | toYaml | indent 4 }} @@ -62,7 +62,7 @@ apiVersion: rbac.authorization.k8s.io/v1 metadata: name: manager-cluster-monitoring-binding annotations: - argocd.argoproj.io/sync-wave: "025" + argocd.argoproj.io/sync-wave: "035" {{- if .Values.custom_labels }} labels: {{ .Values.custom_labels | toYaml | indent 4 }} diff --git a/cluster-applications/020-ibm-dro/templates/08-postsync-update-sm_Job.yaml b/cluster-applications/030-ibm-dro/templates/08-postsync-update-sm_Job.yaml similarity index 98% rename from cluster-applications/020-ibm-dro/templates/08-postsync-update-sm_Job.yaml rename to cluster-applications/030-ibm-dro/templates/08-postsync-update-sm_Job.yaml index d7dc26b62..72bfe945b 100644 --- a/cluster-applications/020-ibm-dro/templates/08-postsync-update-sm_Job.yaml +++ b/cluster-applications/030-ibm-dro/templates/08-postsync-update-sm_Job.yaml @@ -102,7 +102,7 @@ metadata: name: {{ $role_name }} namespace: {{ $ns }} annotations: - argocd.argoproj.io/sync-wave: "026" + argocd.argoproj.io/sync-wave: "036" {{- if .Values.custom_labels }} labels: {{ .Values.custom_labels | toYaml | indent 4 }} @@ -123,7 +123,7 @@ metadata: name: {{ $rb_name }} namespace: {{ $ns }} annotations: - argocd.argoproj.io/sync-wave: "027" + argocd.argoproj.io/sync-wave: "037" {{- if .Values.custom_labels }} labels: {{ .Values.custom_labels | toYaml | indent 4 }} @@ -144,7 +144,7 @@ metadata: name: {{ $_job_name }} namespace: {{ $ns }} annotations: - argocd.argoproj.io/sync-wave: "028" + argocd.argoproj.io/sync-wave: "038" labels: mas.ibm.com/job-cleanup-group: {{ $_job_cleanup_group }} {{- if .Values.custom_labels }} diff --git a/cluster-applications/020-ibm-dro/templates/09-dro-cmm_Secret.yaml b/cluster-applications/030-ibm-dro/templates/09-dro-cmm_Secret.yaml similarity index 84% rename from cluster-applications/020-ibm-dro/templates/09-dro-cmm_Secret.yaml rename to cluster-applications/030-ibm-dro/templates/09-dro-cmm_Secret.yaml index e11b9cf54..b76f5196e 100644 --- a/cluster-applications/020-ibm-dro/templates/09-dro-cmm_Secret.yaml +++ b/cluster-applications/030-ibm-dro/templates/09-dro-cmm_Secret.yaml @@ -7,7 +7,7 @@ metadata: name: dest-header-map-secret namespace: "{{ .Values.dro_namespace }}" annotations: - argocd.argoproj.io/sync-wave: "029" + argocd.argoproj.io/sync-wave: "039" type: Opaque stringData: accept: application/json @@ -18,7 +18,7 @@ metadata: name: auth-header-map-secret namespace: "{{ .Values.dro_namespace }}" annotations: - argocd.argoproj.io/sync-wave: "029" + argocd.argoproj.io/sync-wave: "039" type: Opaque stringData: accept: application/json @@ -30,7 +30,7 @@ metadata: name: auth-body-data-secret namespace: "{{ .Values.dro_namespace }}" annotations: - argocd.argoproj.io/sync-wave: "029" + argocd.argoproj.io/sync-wave: "039" type: Opaque stringData: bodydata: | diff --git a/cluster-applications/020-ibm-dro/templates/10-dro-cmm_ConfigMap.yaml b/cluster-applications/030-ibm-dro/templates/10-dro-cmm_ConfigMap.yaml similarity index 96% rename from cluster-applications/020-ibm-dro/templates/10-dro-cmm_ConfigMap.yaml rename to cluster-applications/030-ibm-dro/templates/10-dro-cmm_ConfigMap.yaml index e64ce8a9c..b6fefd3f2 100644 --- a/cluster-applications/020-ibm-dro/templates/10-dro-cmm_ConfigMap.yaml +++ b/cluster-applications/030-ibm-dro/templates/10-dro-cmm_ConfigMap.yaml @@ -7,7 +7,7 @@ metadata: name: kazaam-configmap namespace: "{{ .Values.dro_namespace }}" annotations: - argocd.argoproj.io/sync-wave: "029" + argocd.argoproj.io/sync-wave: "039" data: kazaam.json: | [ diff --git a/cluster-applications/020-ibm-dro/templates/11-dro-cmm_DataReporterConfig.yaml b/cluster-applications/030-ibm-dro/templates/11-dro-cmm_DataReporterConfig.yaml similarity index 97% rename from cluster-applications/020-ibm-dro/templates/11-dro-cmm_DataReporterConfig.yaml rename to cluster-applications/030-ibm-dro/templates/11-dro-cmm_DataReporterConfig.yaml index 6bde3c541..da27296f8 100644 --- a/cluster-applications/020-ibm-dro/templates/11-dro-cmm_DataReporterConfig.yaml +++ b/cluster-applications/030-ibm-dro/templates/11-dro-cmm_DataReporterConfig.yaml @@ -7,7 +7,7 @@ metadata: name: datareporterconfig namespace: "{{ .Values.dro_namespace }}" annotations: - argocd.argoproj.io/sync-wave: "030" + argocd.argoproj.io/sync-wave: "040" argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true spec: confirmDelivery: false diff --git a/cluster-applications/020-ibm-dro/templates/12-0-dro-cluster-issuer-staging.yaml b/cluster-applications/030-ibm-dro/templates/12-0-dro-cluster-issuer-staging.yaml similarity index 100% rename from cluster-applications/020-ibm-dro/templates/12-0-dro-cluster-issuer-staging.yaml rename to cluster-applications/030-ibm-dro/templates/12-0-dro-cluster-issuer-staging.yaml diff --git a/cluster-applications/020-ibm-dro/templates/12-1-dro-cluster-issuer-prod.yaml b/cluster-applications/030-ibm-dro/templates/12-1-dro-cluster-issuer-prod.yaml similarity index 100% rename from cluster-applications/020-ibm-dro/templates/12-1-dro-cluster-issuer-prod.yaml rename to cluster-applications/030-ibm-dro/templates/12-1-dro-cluster-issuer-prod.yaml diff --git a/cluster-applications/020-ibm-dro/templates/13-dro-public-route.yaml b/cluster-applications/030-ibm-dro/templates/13-dro-public-route.yaml similarity index 100% rename from cluster-applications/020-ibm-dro/templates/13-dro-public-route.yaml rename to cluster-applications/030-ibm-dro/templates/13-dro-public-route.yaml diff --git a/cluster-applications/020-ibm-dro/templates/postdelete-MarketplaceConfigs-resources.yaml b/cluster-applications/030-ibm-dro/templates/postdelete-MarketplaceConfigs-resources.yaml similarity index 100% rename from cluster-applications/020-ibm-dro/templates/postdelete-MarketplaceConfigs-resources.yaml rename to cluster-applications/030-ibm-dro/templates/postdelete-MarketplaceConfigs-resources.yaml diff --git a/cluster-applications/020-ibm-dro/values.yaml b/cluster-applications/030-ibm-dro/values.yaml similarity index 100% rename from cluster-applications/020-ibm-dro/values.yaml rename to cluster-applications/030-ibm-dro/values.yaml diff --git a/cluster-applications/021-ibm-dro-cleanup/Chart.yaml b/cluster-applications/031-ibm-dro-cleanup/Chart.yaml similarity index 100% rename from cluster-applications/021-ibm-dro-cleanup/Chart.yaml rename to cluster-applications/031-ibm-dro-cleanup/Chart.yaml diff --git a/cluster-applications/021-ibm-dro-cleanup/README.md b/cluster-applications/031-ibm-dro-cleanup/README.md similarity index 100% rename from cluster-applications/021-ibm-dro-cleanup/README.md rename to cluster-applications/031-ibm-dro-cleanup/README.md diff --git a/cluster-applications/021-ibm-dro-cleanup/templates/00-placeholder_ConfigMap.yaml b/cluster-applications/031-ibm-dro-cleanup/templates/00-placeholder_ConfigMap.yaml similarity index 100% rename from cluster-applications/021-ibm-dro-cleanup/templates/00-placeholder_ConfigMap.yaml rename to cluster-applications/031-ibm-dro-cleanup/templates/00-placeholder_ConfigMap.yaml diff --git a/cluster-applications/021-ibm-dro-cleanup/templates/postdelete-MarketplaceConfigs.yaml b/cluster-applications/031-ibm-dro-cleanup/templates/postdelete-MarketplaceConfigs.yaml similarity index 100% rename from cluster-applications/021-ibm-dro-cleanup/templates/postdelete-MarketplaceConfigs.yaml rename to cluster-applications/031-ibm-dro-cleanup/templates/postdelete-MarketplaceConfigs.yaml diff --git a/cluster-applications/030-ibm-cis-cert-manager/values.yaml b/cluster-applications/031-ibm-dro-cleanup/values.yaml similarity index 100% rename from cluster-applications/030-ibm-cis-cert-manager/values.yaml rename to cluster-applications/031-ibm-dro-cleanup/values.yaml diff --git a/root-applications/ibm-mas-cluster-root/templates/030-ibm-cis-cert-manager.yaml b/root-applications/ibm-mas-cluster-root/templates/020-ibm-cis-cert-manager.yaml similarity index 98% rename from root-applications/ibm-mas-cluster-root/templates/030-ibm-cis-cert-manager.yaml rename to root-applications/ibm-mas-cluster-root/templates/020-ibm-cis-cert-manager.yaml index bd2363ce4..3a902c5c4 100644 --- a/root-applications/ibm-mas-cluster-root/templates/030-ibm-cis-cert-manager.yaml +++ b/root-applications/ibm-mas-cluster-root/templates/020-ibm-cis-cert-manager.yaml @@ -11,7 +11,7 @@ metadata: region: '{{ .Values.region.id }}' cluster: '{{ .Values.cluster.id }}' annotations: - argocd.argoproj.io/sync-wave: "030" + argocd.argoproj.io/sync-wave: "020" healthCheckTimeout: "1800" {{- if and .Values.notifications .Values.notifications.slack_channel_id }} notifications.argoproj.io/subscribe.on-sync-failed.workspace1: {{ .Values.notifications.slack_channel_id }} diff --git a/root-applications/ibm-mas-cluster-root/templates/020-ibm-dro-app.yaml b/root-applications/ibm-mas-cluster-root/templates/030-ibm-dro-app.yaml similarity index 91% rename from root-applications/ibm-mas-cluster-root/templates/020-ibm-dro-app.yaml rename to root-applications/ibm-mas-cluster-root/templates/030-ibm-dro-app.yaml index fefce35dc..09db706bd 100644 --- a/root-applications/ibm-mas-cluster-root/templates/020-ibm-dro-app.yaml +++ b/root-applications/ibm-mas-cluster-root/templates/030-ibm-dro-app.yaml @@ -11,7 +11,7 @@ metadata: region: '{{ .Values.region.id }}' cluster: '{{ .Values.cluster.id }}' annotations: - argocd.argoproj.io/sync-wave: "020" + argocd.argoproj.io/sync-wave: "030" healthCheckTimeout: "1800" {{- if and .Values.notifications .Values.notifications.slack_channel_id }} notifications.argoproj.io/subscribe.on-sync-failed.workspace1: {{ .Values.notifications.slack_channel_id }} @@ -49,6 +49,10 @@ spec: ibm_entitlement_key: "{{ .Values.ibm_dro.ibm_entitlement_key }}" dro_cmm_setup: "{{ .Values.ibm_dro.dro_cmm_setup }}" dro_install_plan: "{{ .Values.ibm_dro.dro_install_plan }}" + dro_public_host: "{{ .Values.ibm_dro.dro_public_host }}" + dns_provider: "{{ .Values.ibm_cis_cert_manager.dns_provider }}" + ocp_cluster_domain: "{{ .Values.ibm_cis_cert_manager.ocp_cluster_domain }}" + cis_apikey: "{{ .Values.ibm_cis_cert_manager.cis_apikey }}" imo_install_plan: "{{ .Values.ibm_dro.imo_install_plan }}" cli_image_repo: {{ .Values.cli_image_repo }} junitreporter: diff --git a/root-applications/ibm-mas-cluster-root/templates/021-ibm-dro-cleanup.yaml b/root-applications/ibm-mas-cluster-root/templates/031-ibm-dro-cleanup.yaml similarity index 98% rename from root-applications/ibm-mas-cluster-root/templates/021-ibm-dro-cleanup.yaml rename to root-applications/ibm-mas-cluster-root/templates/031-ibm-dro-cleanup.yaml index 6498308cb..80351dcd2 100644 --- a/root-applications/ibm-mas-cluster-root/templates/021-ibm-dro-cleanup.yaml +++ b/root-applications/ibm-mas-cluster-root/templates/031-ibm-dro-cleanup.yaml @@ -11,7 +11,7 @@ metadata: region: '{{ .Values.region.id }}' cluster: '{{ .Values.cluster.id }}' annotations: - argocd.argoproj.io/sync-wave: "021" + argocd.argoproj.io/sync-wave: "031" healthCheckTimeout: "1800" {{- if and .Values.notifications .Values.notifications.slack_channel_id }} notifications.argoproj.io/subscribe.on-sync-failed.workspace1: {{ .Values.notifications.slack_channel_id }} From 99190ce08b159b2de0d358258069b038d157d996 Mon Sep 17 00:00:00 2001 From: Nivedithaa Mahendran Date: Wed, 17 Dec 2025 15:34:39 +0530 Subject: [PATCH 04/39] update path --- .../templates/020-ibm-cis-cert-manager.yaml | 2 +- .../ibm-mas-cluster-root/templates/030-ibm-dro-app.yaml | 2 +- .../ibm-mas-cluster-root/templates/031-ibm-dro-cleanup.yaml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/root-applications/ibm-mas-cluster-root/templates/020-ibm-cis-cert-manager.yaml b/root-applications/ibm-mas-cluster-root/templates/020-ibm-cis-cert-manager.yaml index 3a902c5c4..dca96215d 100644 --- a/root-applications/ibm-mas-cluster-root/templates/020-ibm-cis-cert-manager.yaml +++ b/root-applications/ibm-mas-cluster-root/templates/020-ibm-cis-cert-manager.yaml @@ -26,7 +26,7 @@ spec: namespace: default source: repoURL: "{{ .Values.source.repo_url }}" - path: cluster-applications/030-ibm-cis-cert-manager + path: cluster-applications/020-ibm-cis-cert-manager targetRevision: "{{ .Values.source.revision }}" plugin: name: {{ .Values.avp.name }} diff --git a/root-applications/ibm-mas-cluster-root/templates/030-ibm-dro-app.yaml b/root-applications/ibm-mas-cluster-root/templates/030-ibm-dro-app.yaml index 09db706bd..b02dfa019 100644 --- a/root-applications/ibm-mas-cluster-root/templates/030-ibm-dro-app.yaml +++ b/root-applications/ibm-mas-cluster-root/templates/030-ibm-dro-app.yaml @@ -31,7 +31,7 @@ spec: namespace: "{{ .Values.ibm_dro.dro_namespace }}" source: repoURL: "{{ .Values.source.repo_url }}" - path: cluster-applications/020-ibm-dro + path: cluster-applications/030-ibm-dro targetRevision: "{{ .Values.source.revision }}" plugin: name: {{ .Values.avp.name }} diff --git a/root-applications/ibm-mas-cluster-root/templates/031-ibm-dro-cleanup.yaml b/root-applications/ibm-mas-cluster-root/templates/031-ibm-dro-cleanup.yaml index 80351dcd2..851de71cd 100644 --- a/root-applications/ibm-mas-cluster-root/templates/031-ibm-dro-cleanup.yaml +++ b/root-applications/ibm-mas-cluster-root/templates/031-ibm-dro-cleanup.yaml @@ -28,7 +28,7 @@ spec: namespace: default source: repoURL: "{{ .Values.source.repo_url }}" - path: cluster-applications/021-ibm-dro-cleanup + path: cluster-applications/031-ibm-dro-cleanup targetRevision: "{{ .Values.source.revision }}" plugin: name: {{ .Values.avp.name }} From 06861034d96650036d38248fe9ba084fb273a135 Mon Sep 17 00:00:00 2001 From: Nivedithaa Mahendran Date: Wed, 17 Dec 2025 15:40:26 +0530 Subject: [PATCH 05/39] update path --- .../Chart.yaml | 0 .../README.md | 0 .../templates/00-1-ibm-cis-webhook_rbac.yml | 0 .../templates/00-2-ibm-cis-webhook_pki.yml | 0 .../templates/00-3-ibm-cis-webhook_deployment.yml | 0 .../templates/00-4-ibm-cis-webhook_apiservice.yml | 0 .../templates/00-5-ibm-cis-webhook_service.yml | 0 .../templates/00-6-ibm-cis-webhook_cis-apikey-secret.yml | 0 .../templates/00-7-ibm-cis-webhook_cis-proxy-route.yml | 0 .../templates/00-8-ibm-cis-webhook_cis-ingress-controller.yaml | 0 .../templates/00-placeholder_ConfigMap.yaml | 0 .../values.yaml | 0 12 files changed, 0 insertions(+), 0 deletions(-) rename cluster-applications/{020-0-ibm-cis-cert-manager => 020-ibm-cis-cert-manager}/Chart.yaml (100%) rename cluster-applications/{020-0-ibm-cis-cert-manager => 020-ibm-cis-cert-manager}/README.md (100%) rename cluster-applications/{020-0-ibm-cis-cert-manager => 020-ibm-cis-cert-manager}/templates/00-1-ibm-cis-webhook_rbac.yml (100%) rename cluster-applications/{020-0-ibm-cis-cert-manager => 020-ibm-cis-cert-manager}/templates/00-2-ibm-cis-webhook_pki.yml (100%) rename cluster-applications/{020-0-ibm-cis-cert-manager => 020-ibm-cis-cert-manager}/templates/00-3-ibm-cis-webhook_deployment.yml (100%) rename cluster-applications/{020-0-ibm-cis-cert-manager => 020-ibm-cis-cert-manager}/templates/00-4-ibm-cis-webhook_apiservice.yml (100%) rename cluster-applications/{020-0-ibm-cis-cert-manager => 020-ibm-cis-cert-manager}/templates/00-5-ibm-cis-webhook_service.yml (100%) rename cluster-applications/{020-0-ibm-cis-cert-manager => 020-ibm-cis-cert-manager}/templates/00-6-ibm-cis-webhook_cis-apikey-secret.yml (100%) rename cluster-applications/{020-0-ibm-cis-cert-manager => 020-ibm-cis-cert-manager}/templates/00-7-ibm-cis-webhook_cis-proxy-route.yml (100%) rename cluster-applications/{020-0-ibm-cis-cert-manager => 020-ibm-cis-cert-manager}/templates/00-8-ibm-cis-webhook_cis-ingress-controller.yaml (100%) rename cluster-applications/{020-0-ibm-cis-cert-manager => 020-ibm-cis-cert-manager}/templates/00-placeholder_ConfigMap.yaml (100%) rename cluster-applications/{020-0-ibm-cis-cert-manager => 020-ibm-cis-cert-manager}/values.yaml (100%) diff --git a/cluster-applications/020-0-ibm-cis-cert-manager/Chart.yaml b/cluster-applications/020-ibm-cis-cert-manager/Chart.yaml similarity index 100% rename from cluster-applications/020-0-ibm-cis-cert-manager/Chart.yaml rename to cluster-applications/020-ibm-cis-cert-manager/Chart.yaml diff --git a/cluster-applications/020-0-ibm-cis-cert-manager/README.md b/cluster-applications/020-ibm-cis-cert-manager/README.md similarity index 100% rename from cluster-applications/020-0-ibm-cis-cert-manager/README.md rename to cluster-applications/020-ibm-cis-cert-manager/README.md diff --git a/cluster-applications/020-0-ibm-cis-cert-manager/templates/00-1-ibm-cis-webhook_rbac.yml b/cluster-applications/020-ibm-cis-cert-manager/templates/00-1-ibm-cis-webhook_rbac.yml similarity index 100% rename from cluster-applications/020-0-ibm-cis-cert-manager/templates/00-1-ibm-cis-webhook_rbac.yml rename to cluster-applications/020-ibm-cis-cert-manager/templates/00-1-ibm-cis-webhook_rbac.yml diff --git a/cluster-applications/020-0-ibm-cis-cert-manager/templates/00-2-ibm-cis-webhook_pki.yml b/cluster-applications/020-ibm-cis-cert-manager/templates/00-2-ibm-cis-webhook_pki.yml similarity index 100% rename from cluster-applications/020-0-ibm-cis-cert-manager/templates/00-2-ibm-cis-webhook_pki.yml rename to cluster-applications/020-ibm-cis-cert-manager/templates/00-2-ibm-cis-webhook_pki.yml diff --git a/cluster-applications/020-0-ibm-cis-cert-manager/templates/00-3-ibm-cis-webhook_deployment.yml b/cluster-applications/020-ibm-cis-cert-manager/templates/00-3-ibm-cis-webhook_deployment.yml similarity index 100% rename from cluster-applications/020-0-ibm-cis-cert-manager/templates/00-3-ibm-cis-webhook_deployment.yml rename to cluster-applications/020-ibm-cis-cert-manager/templates/00-3-ibm-cis-webhook_deployment.yml diff --git a/cluster-applications/020-0-ibm-cis-cert-manager/templates/00-4-ibm-cis-webhook_apiservice.yml b/cluster-applications/020-ibm-cis-cert-manager/templates/00-4-ibm-cis-webhook_apiservice.yml similarity index 100% rename from cluster-applications/020-0-ibm-cis-cert-manager/templates/00-4-ibm-cis-webhook_apiservice.yml rename to cluster-applications/020-ibm-cis-cert-manager/templates/00-4-ibm-cis-webhook_apiservice.yml diff --git a/cluster-applications/020-0-ibm-cis-cert-manager/templates/00-5-ibm-cis-webhook_service.yml b/cluster-applications/020-ibm-cis-cert-manager/templates/00-5-ibm-cis-webhook_service.yml similarity index 100% rename from cluster-applications/020-0-ibm-cis-cert-manager/templates/00-5-ibm-cis-webhook_service.yml rename to cluster-applications/020-ibm-cis-cert-manager/templates/00-5-ibm-cis-webhook_service.yml diff --git a/cluster-applications/020-0-ibm-cis-cert-manager/templates/00-6-ibm-cis-webhook_cis-apikey-secret.yml b/cluster-applications/020-ibm-cis-cert-manager/templates/00-6-ibm-cis-webhook_cis-apikey-secret.yml similarity index 100% rename from cluster-applications/020-0-ibm-cis-cert-manager/templates/00-6-ibm-cis-webhook_cis-apikey-secret.yml rename to cluster-applications/020-ibm-cis-cert-manager/templates/00-6-ibm-cis-webhook_cis-apikey-secret.yml diff --git a/cluster-applications/020-0-ibm-cis-cert-manager/templates/00-7-ibm-cis-webhook_cis-proxy-route.yml b/cluster-applications/020-ibm-cis-cert-manager/templates/00-7-ibm-cis-webhook_cis-proxy-route.yml similarity index 100% rename from cluster-applications/020-0-ibm-cis-cert-manager/templates/00-7-ibm-cis-webhook_cis-proxy-route.yml rename to cluster-applications/020-ibm-cis-cert-manager/templates/00-7-ibm-cis-webhook_cis-proxy-route.yml diff --git a/cluster-applications/020-0-ibm-cis-cert-manager/templates/00-8-ibm-cis-webhook_cis-ingress-controller.yaml b/cluster-applications/020-ibm-cis-cert-manager/templates/00-8-ibm-cis-webhook_cis-ingress-controller.yaml similarity index 100% rename from cluster-applications/020-0-ibm-cis-cert-manager/templates/00-8-ibm-cis-webhook_cis-ingress-controller.yaml rename to cluster-applications/020-ibm-cis-cert-manager/templates/00-8-ibm-cis-webhook_cis-ingress-controller.yaml diff --git a/cluster-applications/020-0-ibm-cis-cert-manager/templates/00-placeholder_ConfigMap.yaml b/cluster-applications/020-ibm-cis-cert-manager/templates/00-placeholder_ConfigMap.yaml similarity index 100% rename from cluster-applications/020-0-ibm-cis-cert-manager/templates/00-placeholder_ConfigMap.yaml rename to cluster-applications/020-ibm-cis-cert-manager/templates/00-placeholder_ConfigMap.yaml diff --git a/cluster-applications/020-0-ibm-cis-cert-manager/values.yaml b/cluster-applications/020-ibm-cis-cert-manager/values.yaml similarity index 100% rename from cluster-applications/020-0-ibm-cis-cert-manager/values.yaml rename to cluster-applications/020-ibm-cis-cert-manager/values.yaml From 8a5297adbc51e4494217a861abf36d3180fc6d5b Mon Sep 17 00:00:00 2001 From: Nivedithaa Mahendran Date: Wed, 17 Dec 2025 22:03:07 +0530 Subject: [PATCH 06/39] update certificate --- .../templates/13-dro-certificate.yaml | 17 +++++++++++++++++ ...blic-route.yaml => 14-dro-public-route.yaml} | 8 ++++---- 2 files changed, 21 insertions(+), 4 deletions(-) create mode 100644 cluster-applications/030-ibm-dro/templates/13-dro-certificate.yaml rename cluster-applications/030-ibm-dro/templates/{13-dro-public-route.yaml => 14-dro-public-route.yaml} (77%) diff --git a/cluster-applications/030-ibm-dro/templates/13-dro-certificate.yaml b/cluster-applications/030-ibm-dro/templates/13-dro-certificate.yaml new file mode 100644 index 000000000..a51eaca7c --- /dev/null +++ b/cluster-applications/030-ibm-dro/templates/13-dro-certificate.yaml @@ -0,0 +1,17 @@ +{{- if and (eq .Values.dns_provider "cis") (not .Values.mas_manual_cert_mgmt) }} +--- +kind: Certificate +metadata: + name: dro-tls-cert + namespace: ibm-software-central +spec: + secretName: dro-tls-secret # The Secret that will be created + issuerRef: + name: letsencrypt-staging # Name of the ClusterIssuer created in Step 1 + kind: ClusterIssuer + commonName: {{ .Values.dro_public_domain }} + dnsNames: + - {{ .Values.dro_public_domain }} + privateKey: + rotationPolicy: Always +{{- end }} \ No newline at end of file diff --git a/cluster-applications/030-ibm-dro/templates/13-dro-public-route.yaml b/cluster-applications/030-ibm-dro/templates/14-dro-public-route.yaml similarity index 77% rename from cluster-applications/030-ibm-dro/templates/13-dro-public-route.yaml rename to cluster-applications/030-ibm-dro/templates/14-dro-public-route.yaml index a1e63204b..1bf70ed12 100644 --- a/cluster-applications/030-ibm-dro/templates/13-dro-public-route.yaml +++ b/cluster-applications/030-ibm-dro/templates/14-dro-public-route.yaml @@ -1,5 +1,5 @@ {{- if and (eq .Values.dns_provider "cis") (not .Values.mas_manual_cert_mgmt) }} -{{- if .Values.dro_public_host }} +{{- if .Values.dro_public_domain }} --- kind: Route @@ -10,7 +10,7 @@ metadata: labels: type: external spec: - host: {{ .Values.dro_public_host }} + host: "{{ .Values.cluster.id }}.{{ .Values.dro_public_domain }}" to: kind: Service name: ibm-data-reporter-operator-controller-manager-metrics-service @@ -21,8 +21,8 @@ spec: termination: reencrypt insecureEdgeTerminationPolicy: Redirect name: dro-secret - certificate: {{ .Values.dro_certificate }} - key: {{ .Values.dro_key }} + externalCertificate: + name: dro-tls-secret wildcardPolicy: None {{- end }} {{- end }} \ No newline at end of file From 02c9dfef44002f98fc2f1253a0e4b5c23b80530c Mon Sep 17 00:00:00 2001 From: Nivedithaa Mahendran Date: Wed, 17 Dec 2025 22:37:44 +0530 Subject: [PATCH 07/39] update --- .../030-ibm-dro/templates/13-dro-certificate.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/cluster-applications/030-ibm-dro/templates/13-dro-certificate.yaml b/cluster-applications/030-ibm-dro/templates/13-dro-certificate.yaml index a51eaca7c..f36a20585 100644 --- a/cluster-applications/030-ibm-dro/templates/13-dro-certificate.yaml +++ b/cluster-applications/030-ibm-dro/templates/13-dro-certificate.yaml @@ -1,4 +1,5 @@ {{- if and (eq .Values.dns_provider "cis") (not .Values.mas_manual_cert_mgmt) }} +{{- if .Values.dro_public_domain }} --- kind: Certificate metadata: @@ -14,4 +15,5 @@ spec: - {{ .Values.dro_public_domain }} privateKey: rotationPolicy: Always +{{- end }} {{- end }} \ No newline at end of file From 8015be3dc7120333cb934a737413959e6f67acf8 Mon Sep 17 00:00:00 2001 From: Nivedithaa Mahendran Date: Wed, 17 Dec 2025 22:54:11 +0530 Subject: [PATCH 08/39] update --- .../030-ibm-dro/templates/13-dro-certificate.yaml | 4 +--- .../030-ibm-dro/templates/14-dro-public-route.yaml | 2 +- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/cluster-applications/030-ibm-dro/templates/13-dro-certificate.yaml b/cluster-applications/030-ibm-dro/templates/13-dro-certificate.yaml index f36a20585..e706f1970 100644 --- a/cluster-applications/030-ibm-dro/templates/13-dro-certificate.yaml +++ b/cluster-applications/030-ibm-dro/templates/13-dro-certificate.yaml @@ -10,9 +10,7 @@ spec: issuerRef: name: letsencrypt-staging # Name of the ClusterIssuer created in Step 1 kind: ClusterIssuer - commonName: {{ .Values.dro_public_domain }} - dnsNames: - - {{ .Values.dro_public_domain }} + commonName: dro-{{ .Values.cluster.id }} privateKey: rotationPolicy: Always {{- end }} diff --git a/cluster-applications/030-ibm-dro/templates/14-dro-public-route.yaml b/cluster-applications/030-ibm-dro/templates/14-dro-public-route.yaml index 1bf70ed12..1dab8c34a 100644 --- a/cluster-applications/030-ibm-dro/templates/14-dro-public-route.yaml +++ b/cluster-applications/030-ibm-dro/templates/14-dro-public-route.yaml @@ -10,7 +10,7 @@ metadata: labels: type: external spec: - host: "{{ .Values.cluster.id }}.{{ .Values.dro_public_domain }}" + host: "dro-{{ .Values.cluster.id }}.{{ .Values.dro_public_domain }}" to: kind: Service name: ibm-data-reporter-operator-controller-manager-metrics-service From 28730743b816726faca7fdfdc4f3052515054fb1 Mon Sep 17 00:00:00 2001 From: Nivedithaa Mahendran Date: Wed, 17 Dec 2025 23:08:11 +0530 Subject: [PATCH 09/39] update var --- .../ibm-mas-cluster-root/templates/030-ibm-dro-app.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/root-applications/ibm-mas-cluster-root/templates/030-ibm-dro-app.yaml b/root-applications/ibm-mas-cluster-root/templates/030-ibm-dro-app.yaml index b02dfa019..d916d7cee 100644 --- a/root-applications/ibm-mas-cluster-root/templates/030-ibm-dro-app.yaml +++ b/root-applications/ibm-mas-cluster-root/templates/030-ibm-dro-app.yaml @@ -49,7 +49,7 @@ spec: ibm_entitlement_key: "{{ .Values.ibm_dro.ibm_entitlement_key }}" dro_cmm_setup: "{{ .Values.ibm_dro.dro_cmm_setup }}" dro_install_plan: "{{ .Values.ibm_dro.dro_install_plan }}" - dro_public_host: "{{ .Values.ibm_dro.dro_public_host }}" + dro_public_domain: "{{ .Values.ibm_dro.dro_public_domain }}" dns_provider: "{{ .Values.ibm_cis_cert_manager.dns_provider }}" ocp_cluster_domain: "{{ .Values.ibm_cis_cert_manager.ocp_cluster_domain }}" cis_apikey: "{{ .Values.ibm_cis_cert_manager.cis_apikey }}" From e6929ffd51af8c1350df0fc17e96d3dada835903 Mon Sep 17 00:00:00 2001 From: Nivedithaa Mahendran Date: Wed, 17 Dec 2025 23:18:30 +0530 Subject: [PATCH 10/39] update cluster id --- .../030-ibm-dro/templates/13-dro-certificate.yaml | 2 +- .../030-ibm-dro/templates/14-dro-public-route.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/cluster-applications/030-ibm-dro/templates/13-dro-certificate.yaml b/cluster-applications/030-ibm-dro/templates/13-dro-certificate.yaml index e706f1970..e3c5aa31d 100644 --- a/cluster-applications/030-ibm-dro/templates/13-dro-certificate.yaml +++ b/cluster-applications/030-ibm-dro/templates/13-dro-certificate.yaml @@ -10,7 +10,7 @@ spec: issuerRef: name: letsencrypt-staging # Name of the ClusterIssuer created in Step 1 kind: ClusterIssuer - commonName: dro-{{ .Values.cluster.id }} + commonName: dro-{{ .Values.cluster_id }} privateKey: rotationPolicy: Always {{- end }} diff --git a/cluster-applications/030-ibm-dro/templates/14-dro-public-route.yaml b/cluster-applications/030-ibm-dro/templates/14-dro-public-route.yaml index 1dab8c34a..a6ae57ffc 100644 --- a/cluster-applications/030-ibm-dro/templates/14-dro-public-route.yaml +++ b/cluster-applications/030-ibm-dro/templates/14-dro-public-route.yaml @@ -10,7 +10,7 @@ metadata: labels: type: external spec: - host: "dro-{{ .Values.cluster.id }}.{{ .Values.dro_public_domain }}" + host: "dro-{{ .Values.cluster_id }}.{{ .Values.dro_public_domain }}" to: kind: Service name: ibm-data-reporter-operator-controller-manager-metrics-service From ea6ef161ee6f0470e2a63a13781be87dcddd09f3 Mon Sep 17 00:00:00 2001 From: Nivedithaa Mahendran Date: Wed, 17 Dec 2025 23:24:16 +0530 Subject: [PATCH 11/39] update --- .../030-ibm-dro/templates/12-0-dro-cluster-issuer-staging.yaml | 1 - .../030-ibm-dro/templates/12-1-dro-cluster-issuer-prod.yaml | 1 - .../ibm-mas-cluster-root/templates/030-ibm-dro-app.yaml | 1 + 3 files changed, 1 insertion(+), 2 deletions(-) diff --git a/cluster-applications/030-ibm-dro/templates/12-0-dro-cluster-issuer-staging.yaml b/cluster-applications/030-ibm-dro/templates/12-0-dro-cluster-issuer-staging.yaml index d89caf75c..9bd8b22c6 100644 --- a/cluster-applications/030-ibm-dro/templates/12-0-dro-cluster-issuer-staging.yaml +++ b/cluster-applications/030-ibm-dro/templates/12-0-dro-cluster-issuer-staging.yaml @@ -16,7 +16,6 @@ metadata: {{- end }} spec: acme: - email: "{{ .Values.cis_email }}" preferredChain: '' privateKeySecretRef: name: cis-letsencrypt-staging-account-key diff --git a/cluster-applications/030-ibm-dro/templates/12-1-dro-cluster-issuer-prod.yaml b/cluster-applications/030-ibm-dro/templates/12-1-dro-cluster-issuer-prod.yaml index 42548c09a..3d197a14e 100644 --- a/cluster-applications/030-ibm-dro/templates/12-1-dro-cluster-issuer-prod.yaml +++ b/cluster-applications/030-ibm-dro/templates/12-1-dro-cluster-issuer-prod.yaml @@ -15,7 +15,6 @@ metadata: {{- end }} spec: acme: - email: "{{ .Values.cis_email }}" preferredChain: '' privateKeySecretRef: name: cis-letsencrypt-production-account-key diff --git a/root-applications/ibm-mas-cluster-root/templates/030-ibm-dro-app.yaml b/root-applications/ibm-mas-cluster-root/templates/030-ibm-dro-app.yaml index d916d7cee..8e33c87ad 100644 --- a/root-applications/ibm-mas-cluster-root/templates/030-ibm-dro-app.yaml +++ b/root-applications/ibm-mas-cluster-root/templates/030-ibm-dro-app.yaml @@ -53,6 +53,7 @@ spec: dns_provider: "{{ .Values.ibm_cis_cert_manager.dns_provider }}" ocp_cluster_domain: "{{ .Values.ibm_cis_cert_manager.ocp_cluster_domain }}" cis_apikey: "{{ .Values.ibm_cis_cert_manager.cis_apikey }}" + cis_arn: "{{ .Values.ibm_dro.cis_crn }}" imo_install_plan: "{{ .Values.ibm_dro.imo_install_plan }}" cli_image_repo: {{ .Values.cli_image_repo }} junitreporter: From 38075720b6ace1b39a811af3cb85ae0df598704e Mon Sep 17 00:00:00 2001 From: Nivedithaa Mahendran Date: Wed, 17 Dec 2025 23:26:22 +0530 Subject: [PATCH 12/39] fix typo --- .../ibm-mas-cluster-root/templates/030-ibm-dro-app.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/root-applications/ibm-mas-cluster-root/templates/030-ibm-dro-app.yaml b/root-applications/ibm-mas-cluster-root/templates/030-ibm-dro-app.yaml index 8e33c87ad..6da381e21 100644 --- a/root-applications/ibm-mas-cluster-root/templates/030-ibm-dro-app.yaml +++ b/root-applications/ibm-mas-cluster-root/templates/030-ibm-dro-app.yaml @@ -53,7 +53,7 @@ spec: dns_provider: "{{ .Values.ibm_cis_cert_manager.dns_provider }}" ocp_cluster_domain: "{{ .Values.ibm_cis_cert_manager.ocp_cluster_domain }}" cis_apikey: "{{ .Values.ibm_cis_cert_manager.cis_apikey }}" - cis_arn: "{{ .Values.ibm_dro.cis_crn }}" + cis_crn: "{{ .Values.ibm_dro.cis_crn }}" imo_install_plan: "{{ .Values.ibm_dro.imo_install_plan }}" cli_image_repo: {{ .Values.cli_image_repo }} junitreporter: From be46a8886dbe8430972f0483e2da89993936ffc2 Mon Sep 17 00:00:00 2001 From: Nivedithaa Mahendran Date: Wed, 17 Dec 2025 23:38:04 +0530 Subject: [PATCH 13/39] update api version --- .../030-ibm-dro/templates/13-dro-certificate.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/cluster-applications/030-ibm-dro/templates/13-dro-certificate.yaml b/cluster-applications/030-ibm-dro/templates/13-dro-certificate.yaml index e3c5aa31d..202f2e184 100644 --- a/cluster-applications/030-ibm-dro/templates/13-dro-certificate.yaml +++ b/cluster-applications/030-ibm-dro/templates/13-dro-certificate.yaml @@ -1,6 +1,7 @@ {{- if and (eq .Values.dns_provider "cis") (not .Values.mas_manual_cert_mgmt) }} {{- if .Values.dro_public_domain }} --- +apiVersion: cert-manager.io/v1 kind: Certificate metadata: name: dro-tls-cert From 04756fe325be603c65b8ea0b4d83f8e9fe7795d9 Mon Sep 17 00:00:00 2001 From: Nivedithaa Mahendran Date: Thu, 18 Dec 2025 16:12:05 +0530 Subject: [PATCH 14/39] comment lets encrypt --- .../12-1-dro-cluster-issuer-prod.yaml | 54 +++++++++---------- .../templates/13-dro-certificate.yaml | 26 ++++----- 2 files changed, 40 insertions(+), 40 deletions(-) diff --git a/cluster-applications/030-ibm-dro/templates/12-1-dro-cluster-issuer-prod.yaml b/cluster-applications/030-ibm-dro/templates/12-1-dro-cluster-issuer-prod.yaml index 3d197a14e..540f27f38 100644 --- a/cluster-applications/030-ibm-dro/templates/12-1-dro-cluster-issuer-prod.yaml +++ b/cluster-applications/030-ibm-dro/templates/12-1-dro-cluster-issuer-prod.yaml @@ -3,32 +3,32 @@ {{ $cis_apiservice_group_name := "acme.cis.ibm.com" }} {{ $cis_prod_issuer_name := printf "%s-cis-le-prod" .Values.cluster_id }} --- -apiVersion: cert-manager.io/v1 -kind: ClusterIssuer -metadata: - annotations: - argocd.argoproj.io/sync-wave: "138" - name: "{{ $cis_prod_issuer_name }}" -{{- if .Values.custom_labels }} - labels: -{{ .Values.custom_labels | toYaml | indent 4 }} -{{- end }} -spec: - acme: - preferredChain: '' - privateKeySecretRef: - name: cis-letsencrypt-production-account-key - server: 'https://acme-v02.api.letsencrypt.org/directory' - solvers: - - dns01: - webhook: - config: - apiKeySecretRef: - key: key - name: cis-api-key - crn: >- - {{ .Values.cis_crn }} - groupName: {{ $cis_apiservice_group_name }} - solverName: cis +# apiVersion: cert-manager.io/v1 +# kind: ClusterIssuer +# metadata: +# annotations: +# argocd.argoproj.io/sync-wave: "138" +# name: "{{ $cis_prod_issuer_name }}" +# {{- if .Values.custom_labels }} +# labels: +# {{ .Values.custom_labels | toYaml | indent 4 }} +# {{- end }} +# spec: +# acme: +# preferredChain: '' +# privateKeySecretRef: +# name: cis-letsencrypt-production-account-key +# server: 'https://acme-v02.api.letsencrypt.org/directory' +# solvers: +# - dns01: +# webhook: +# config: +# apiKeySecretRef: +# key: key +# name: cis-api-key +# crn: >- +# {{ .Values.cis_crn }} +# groupName: {{ $cis_apiservice_group_name }} +# solverName: cis {{- end }} \ No newline at end of file diff --git a/cluster-applications/030-ibm-dro/templates/13-dro-certificate.yaml b/cluster-applications/030-ibm-dro/templates/13-dro-certificate.yaml index 202f2e184..6df0a4d33 100644 --- a/cluster-applications/030-ibm-dro/templates/13-dro-certificate.yaml +++ b/cluster-applications/030-ibm-dro/templates/13-dro-certificate.yaml @@ -1,18 +1,18 @@ {{- if and (eq .Values.dns_provider "cis") (not .Values.mas_manual_cert_mgmt) }} {{- if .Values.dro_public_domain }} --- -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: dro-tls-cert - namespace: ibm-software-central -spec: - secretName: dro-tls-secret # The Secret that will be created - issuerRef: - name: letsencrypt-staging # Name of the ClusterIssuer created in Step 1 - kind: ClusterIssuer - commonName: dro-{{ .Values.cluster_id }} - privateKey: - rotationPolicy: Always +# apiVersion: cert-manager.io/v1 +# kind: Certificate +# metadata: +# name: dro-tls-cert +# namespace: ibm-software-central +# spec: +# secretName: dro-tls-secret # The Secret that will be created +# issuerRef: +# name: letsencrypt-staging # Name of the ClusterIssuer created in Step 1 +# kind: ClusterIssuer +# commonName: dro-{{ .Values.cluster_id }} +# privateKey: +# rotationPolicy: Always {{- end }} {{- end }} \ No newline at end of file From 16d91412078af60f6c43b64eaf9293b73602d510 Mon Sep 17 00:00:00 2001 From: Nivedithaa Mahendran Date: Thu, 18 Dec 2025 16:27:21 +0530 Subject: [PATCH 15/39] Testing with self sign --- .../13-0-dro-selfsigncertificate.yaml | 77 +++++++++++++++++++ .../templates/14-dro-public-route.yaml | 3 +- 2 files changed, 79 insertions(+), 1 deletion(-) create mode 100644 cluster-applications/030-ibm-dro/templates/13-0-dro-selfsigncertificate.yaml diff --git a/cluster-applications/030-ibm-dro/templates/13-0-dro-selfsigncertificate.yaml b/cluster-applications/030-ibm-dro/templates/13-0-dro-selfsigncertificate.yaml new file mode 100644 index 000000000..830c58fbc --- /dev/null +++ b/cluster-applications/030-ibm-dro/templates/13-0-dro-selfsigncertificate.yaml @@ -0,0 +1,77 @@ +{{- if and (eq .Values.dns_provider "cis") (not .Values.mas_manual_cert_mgmt) }} +{{- if .Values.dro_public_domain }} +--- +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + name: "dro-rootca-issuer" + namespace: "{{ .Values.dro_namespace }}" + annotations: + argocd.argoproj.io/sync-wave: "02" +{{- if .Values.custom_labels }} + labels: +{{ .Values.custom_labels | toYaml | indent 4 }} +{{- end }} +spec: + ca: + secretName: "dro-rootca" + +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: "dro-server-certificate" + namespace: "{{ .Values.dro_namespace }}" + annotations: + argocd.argoproj.io/sync-wave: "03" +{{- if .Values.custom_labels }} + labels: +{{ .Values.custom_labels | toYaml | indent 4 }} +{{- end }} +spec: + secretName: "dro-server-tls" + duration: "2160h" # 90 days + renewBefore: "360h" # 15 days + commonName: "dro-service" + issuerRef: + name: "dro-rootca-issuer" + kind: Issuer + usages: + - server auth + dnsNames: + - "dro-{{ .Values.cluster_id }}.{{ .Values.dro_public_domain }}" + subject: + countries: + - US + streetAddresses: + - New York + localities: + - New York + organizationalUnits: + - IBM Maximo Application Suite + +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: "dro-client-certificate" + namespace: "{{ .Values.provisioner_namespace }}" + annotations: + argocd.argoproj.io/sync-wave: "03" +{{- if .Values.custom_labels }} + labels: +{{ .Values.custom_labels | toYaml | indent 4 }} +{{- end }} +spec: + secretName: "dro-client-tls" + duration: "2160h" # 90 days + renewBefore: "360h" # 15 days + commonName: "dro-client" + issuerRef: + name: "dro-rootca-issuer" + kind: Issuer + usages: + - client auth + +{{- end }} +{{- end }} \ No newline at end of file diff --git a/cluster-applications/030-ibm-dro/templates/14-dro-public-route.yaml b/cluster-applications/030-ibm-dro/templates/14-dro-public-route.yaml index a6ae57ffc..96f751eaa 100644 --- a/cluster-applications/030-ibm-dro/templates/14-dro-public-route.yaml +++ b/cluster-applications/030-ibm-dro/templates/14-dro-public-route.yaml @@ -22,7 +22,8 @@ spec: insecureEdgeTerminationPolicy: Redirect name: dro-secret externalCertificate: - name: dro-tls-secret + # name: dro-tls-secret + name: "dro-client-tls" wildcardPolicy: None {{- end }} {{- end }} \ No newline at end of file From 9dc4b61d8910d4a269c500d2ccad57b49b2fe5cb Mon Sep 17 00:00:00 2001 From: Nivedithaa Mahendran Date: Thu, 18 Dec 2025 19:35:40 +0530 Subject: [PATCH 16/39] update for selfsigned --- .../13-0-dro-selfsigncertificate.yaml | 41 +++++++++++++++++++ 1 file changed, 41 insertions(+) diff --git a/cluster-applications/030-ibm-dro/templates/13-0-dro-selfsigncertificate.yaml b/cluster-applications/030-ibm-dro/templates/13-0-dro-selfsigncertificate.yaml index 830c58fbc..bb988fbad 100644 --- a/cluster-applications/030-ibm-dro/templates/13-0-dro-selfsigncertificate.yaml +++ b/cluster-applications/030-ibm-dro/templates/13-0-dro-selfsigncertificate.yaml @@ -1,5 +1,46 @@ {{- if and (eq .Values.dns_provider "cis") (not .Values.mas_manual_cert_mgmt) }} {{- if .Values.dro_public_domain }} +--- +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + name: "dro-selfsigned-issuer" + namespace: "{{ .Values.provisioner_namespace }}" + annotations: + argocd.argoproj.io/sync-wave: "00" +{{- if .Values.custom_labels }} + labels: +{{ .Values.custom_labels | toYaml | indent 4 }} +{{- end }} +spec: + selfSigned: {} + +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: "dro-rootca-certificate" + namespace: "{{ .Values.provisioner_namespace }}" + annotations: + argocd.argoproj.io/sync-wave: "01" +{{- if .Values.custom_labels }} + labels: +{{ .Values.custom_labels | toYaml | indent 4 }} +{{- end }} +spec: + secretName: "dro-rootca" + duration: "175200h0m0s" + renewBefore: "2160h0m0s" + issuerRef: + name: "dro-selfsigned-issuer" + kind: Issuer + isCA: true + commonName: "dro-app" + usages: + - cert sign + - digital signature + - key encipherment + --- apiVersion: cert-manager.io/v1 kind: Issuer From faed6169b50b91af9bd815663bf87a90850e76f5 Mon Sep 17 00:00:00 2001 From: Nivedithaa Mahendran Date: Fri, 19 Dec 2025 15:31:45 +0530 Subject: [PATCH 17/39] udpate route name --- .../030-ibm-dro/templates/14-dro-public-route.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cluster-applications/030-ibm-dro/templates/14-dro-public-route.yaml b/cluster-applications/030-ibm-dro/templates/14-dro-public-route.yaml index 96f751eaa..afdb3150d 100644 --- a/cluster-applications/030-ibm-dro/templates/14-dro-public-route.yaml +++ b/cluster-applications/030-ibm-dro/templates/14-dro-public-route.yaml @@ -5,7 +5,7 @@ kind: Route apiVersion: route.openshift.io/v1 metadata: - name: ibm-data-reporter + name: ibm-data-reporter-public-route namespace: ibm-software-central labels: type: external From e96ca59f3bf8316f651706e25c2f7d9d384b9520 Mon Sep 17 00:00:00 2001 From: Nivedithaa Mahendran Date: Fri, 19 Dec 2025 15:35:56 +0530 Subject: [PATCH 18/39] update https in route --- .../030-ibm-dro/templates/14-dro-public-route.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cluster-applications/030-ibm-dro/templates/14-dro-public-route.yaml b/cluster-applications/030-ibm-dro/templates/14-dro-public-route.yaml index afdb3150d..6beb1ca96 100644 --- a/cluster-applications/030-ibm-dro/templates/14-dro-public-route.yaml +++ b/cluster-applications/030-ibm-dro/templates/14-dro-public-route.yaml @@ -10,7 +10,7 @@ metadata: labels: type: external spec: - host: "dro-{{ .Values.cluster_id }}.{{ .Values.dro_public_domain }}" + host: "https://dro-{{ .Values.cluster_id }}.{{ .Values.dro_public_domain }}" to: kind: Service name: ibm-data-reporter-operator-controller-manager-metrics-service From fdf3a4bde7c52c64fcfef2551c4bf299f62d7aa3 Mon Sep 17 00:00:00 2001 From: Nivedithaa Mahendran Date: Fri, 19 Dec 2025 15:40:23 +0530 Subject: [PATCH 19/39] update --- .../030-ibm-dro/templates/14-dro-public-route.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cluster-applications/030-ibm-dro/templates/14-dro-public-route.yaml b/cluster-applications/030-ibm-dro/templates/14-dro-public-route.yaml index 6beb1ca96..afdb3150d 100644 --- a/cluster-applications/030-ibm-dro/templates/14-dro-public-route.yaml +++ b/cluster-applications/030-ibm-dro/templates/14-dro-public-route.yaml @@ -10,7 +10,7 @@ metadata: labels: type: external spec: - host: "https://dro-{{ .Values.cluster_id }}.{{ .Values.dro_public_domain }}" + host: "dro-{{ .Values.cluster_id }}.{{ .Values.dro_public_domain }}" to: kind: Service name: ibm-data-reporter-operator-controller-manager-metrics-service From f12eb7c517b14914a49110af1d0969371284af29 Mon Sep 17 00:00:00 2001 From: Nivedithaa Mahendran Date: Fri, 19 Dec 2025 15:54:15 +0530 Subject: [PATCH 20/39] update host for testing --- .../030-ibm-dro/templates/14-dro-public-route.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/cluster-applications/030-ibm-dro/templates/14-dro-public-route.yaml b/cluster-applications/030-ibm-dro/templates/14-dro-public-route.yaml index afdb3150d..1c3a5c593 100644 --- a/cluster-applications/030-ibm-dro/templates/14-dro-public-route.yaml +++ b/cluster-applications/030-ibm-dro/templates/14-dro-public-route.yaml @@ -10,7 +10,8 @@ metadata: labels: type: external spec: - host: "dro-{{ .Values.cluster_id }}.{{ .Values.dro_public_domain }}" + # host: "dro.{{ .Values.cluster_id }}.{{ .Values.dro_public_domain }}" + host: "dro.apps.noble6.cp.fyre.ibm.com" to: kind: Service name: ibm-data-reporter-operator-controller-manager-metrics-service From a03e1764bb26b84234b42256e3861551b12d9da9 Mon Sep 17 00:00:00 2001 From: Nivedithaa Mahendran Date: Fri, 19 Dec 2025 16:01:26 +0530 Subject: [PATCH 21/39] testing --- .../030-ibm-dro/templates/14-dro-public-route.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/cluster-applications/030-ibm-dro/templates/14-dro-public-route.yaml b/cluster-applications/030-ibm-dro/templates/14-dro-public-route.yaml index 1c3a5c593..d79b14f59 100644 --- a/cluster-applications/030-ibm-dro/templates/14-dro-public-route.yaml +++ b/cluster-applications/030-ibm-dro/templates/14-dro-public-route.yaml @@ -25,6 +25,8 @@ spec: externalCertificate: # name: dro-tls-secret name: "dro-client-tls" + destinationCACertificate: + name: "dro-server-tls" wildcardPolicy: None {{- end }} {{- end }} \ No newline at end of file From 2f58b0c627761beba1f2663c0894bb4c663217f1 Mon Sep 17 00:00:00 2001 From: Nivedithaa Mahendran Date: Fri, 19 Dec 2025 17:04:56 +0530 Subject: [PATCH 22/39] update --- .../030-ibm-dro/templates/14-dro-public-route.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cluster-applications/030-ibm-dro/templates/14-dro-public-route.yaml b/cluster-applications/030-ibm-dro/templates/14-dro-public-route.yaml index d79b14f59..faf513fb9 100644 --- a/cluster-applications/030-ibm-dro/templates/14-dro-public-route.yaml +++ b/cluster-applications/030-ibm-dro/templates/14-dro-public-route.yaml @@ -21,7 +21,7 @@ spec: tls: termination: reencrypt insecureEdgeTerminationPolicy: Redirect - name: dro-secret + # name: dro-secret externalCertificate: # name: dro-tls-secret name: "dro-client-tls" From 79c9e79aff827b2967c1e064e3e0b025cc9da800 Mon Sep 17 00:00:00 2001 From: Nivedithaa Mahendran Date: Fri, 19 Dec 2025 18:08:11 +0530 Subject: [PATCH 23/39] update --- .../030-ibm-dro/templates/14-dro-public-route.yaml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/cluster-applications/030-ibm-dro/templates/14-dro-public-route.yaml b/cluster-applications/030-ibm-dro/templates/14-dro-public-route.yaml index faf513fb9..17e9546c2 100644 --- a/cluster-applications/030-ibm-dro/templates/14-dro-public-route.yaml +++ b/cluster-applications/030-ibm-dro/templates/14-dro-public-route.yaml @@ -9,6 +9,8 @@ metadata: namespace: ibm-software-central labels: type: external + route.openshift.io/destination-ca-certificate-secret: dro-server-tls + spec: # host: "dro.{{ .Values.cluster_id }}.{{ .Values.dro_public_domain }}" host: "dro.apps.noble6.cp.fyre.ibm.com" @@ -25,8 +27,8 @@ spec: externalCertificate: # name: dro-tls-secret name: "dro-client-tls" - destinationCACertificate: - name: "dro-server-tls" + # destinationCACertificate: + # name: "dro-server-tls" wildcardPolicy: None {{- end }} {{- end }} \ No newline at end of file From fecc240e093b867fb48f25af763ad31cf458105b Mon Sep 17 00:00:00 2001 From: Nivedithaa Mahendran Date: Sat, 20 Dec 2025 00:41:54 +0530 Subject: [PATCH 24/39] using tls certs and key --- .../030-ibm-dro/templates/14-dro-public-route.yaml | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/cluster-applications/030-ibm-dro/templates/14-dro-public-route.yaml b/cluster-applications/030-ibm-dro/templates/14-dro-public-route.yaml index 17e9546c2..8151a4094 100644 --- a/cluster-applications/030-ibm-dro/templates/14-dro-public-route.yaml +++ b/cluster-applications/030-ibm-dro/templates/14-dro-public-route.yaml @@ -23,10 +23,20 @@ spec: tls: termination: reencrypt insecureEdgeTerminationPolicy: Redirect + crt: + valueFrom: + secretKeyRef: + name: dro-client-tls # Name of the existing K8s secret + key: tls.crt # Key within the secret's data + key: + valueFrom: + secretKeyRef: + name: dro-client-tls # Name of the existing K8s secret + key: tls.key # Key within the secret's data # name: dro-secret - externalCertificate: + # externalCertificate: # name: dro-tls-secret - name: "dro-client-tls" + # name: "dro-client-tls" # destinationCACertificate: # name: "dro-server-tls" wildcardPolicy: None From d70a50cc487523a00c689b17629c5ca2548453b2 Mon Sep 17 00:00:00 2001 From: Nivedithaa Mahendran Date: Sat, 20 Dec 2025 01:08:05 +0530 Subject: [PATCH 25/39] update key and crt --- .../030-ibm-dro/templates/14-dro-public-route.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/cluster-applications/030-ibm-dro/templates/14-dro-public-route.yaml b/cluster-applications/030-ibm-dro/templates/14-dro-public-route.yaml index 8151a4094..76bcbf230 100644 --- a/cluster-applications/030-ibm-dro/templates/14-dro-public-route.yaml +++ b/cluster-applications/030-ibm-dro/templates/14-dro-public-route.yaml @@ -12,8 +12,8 @@ metadata: route.openshift.io/destination-ca-certificate-secret: dro-server-tls spec: - # host: "dro.{{ .Values.cluster_id }}.{{ .Values.dro_public_domain }}" - host: "dro.apps.noble6.cp.fyre.ibm.com" + host: "dro.{{ .Values.cluster_id }}.{{ .Values.dro_public_domain }}" + # host: "dro.apps.noble6.cp.fyre.ibm.com" to: kind: Service name: ibm-data-reporter-operator-controller-manager-metrics-service @@ -23,7 +23,7 @@ spec: tls: termination: reencrypt insecureEdgeTerminationPolicy: Redirect - crt: + certificate: valueFrom: secretKeyRef: name: dro-client-tls # Name of the existing K8s secret From ad74563a9bcbe7cb19cbc57a9a8ff37c5040b3f8 Mon Sep 17 00:00:00 2001 From: Nivedithaa Mahendran Date: Sat, 20 Dec 2025 01:29:07 +0530 Subject: [PATCH 26/39] update values --- .../030-ibm-dro/templates/14-dro-public-route.yaml | 12 ++---------- 1 file changed, 2 insertions(+), 10 deletions(-) diff --git a/cluster-applications/030-ibm-dro/templates/14-dro-public-route.yaml b/cluster-applications/030-ibm-dro/templates/14-dro-public-route.yaml index 76bcbf230..3fd349c86 100644 --- a/cluster-applications/030-ibm-dro/templates/14-dro-public-route.yaml +++ b/cluster-applications/030-ibm-dro/templates/14-dro-public-route.yaml @@ -23,16 +23,8 @@ spec: tls: termination: reencrypt insecureEdgeTerminationPolicy: Redirect - certificate: - valueFrom: - secretKeyRef: - name: dro-client-tls # Name of the existing K8s secret - key: tls.crt # Key within the secret's data - key: - valueFrom: - secretKeyRef: - name: dro-client-tls # Name of the existing K8s secret - key: tls.key # Key within the secret's data + certificate: {{ (lookup "v1" "Secret" .Release.Namespace "dro-client-tls").tls.crt | base64decode | quote }} + key: {{ (lookup "v1" "Secret" .Release.Namespace "dro-client-tls").tls.key | base64decode | quote }} # name: dro-secret # externalCertificate: # name: dro-tls-secret From eec05eeaf6c276e80501f7ce9826b5887dbf43a9 Mon Sep 17 00:00:00 2001 From: Nivedithaa Mahendran Date: Sat, 20 Dec 2025 01:32:14 +0530 Subject: [PATCH 27/39] update values --- .../030-ibm-dro/templates/14-dro-public-route.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/cluster-applications/030-ibm-dro/templates/14-dro-public-route.yaml b/cluster-applications/030-ibm-dro/templates/14-dro-public-route.yaml index 3fd349c86..34c866c57 100644 --- a/cluster-applications/030-ibm-dro/templates/14-dro-public-route.yaml +++ b/cluster-applications/030-ibm-dro/templates/14-dro-public-route.yaml @@ -23,8 +23,8 @@ spec: tls: termination: reencrypt insecureEdgeTerminationPolicy: Redirect - certificate: {{ (lookup "v1" "Secret" .Release.Namespace "dro-client-tls").tls.crt | base64decode | quote }} - key: {{ (lookup "v1" "Secret" .Release.Namespace "dro-client-tls").tls.key | base64decode | quote }} + certificate: {{ (lookup "v1" "Secret" .Release.Namespace "dro-client-tls").data.tls.crt | base64decode | quote }} + key: {{ (lookup "v1" "Secret" .Release.Namespace "dro-client-tls").data.tls.key | base64decode | quote }} # name: dro-secret # externalCertificate: # name: dro-tls-secret From 72571708b00a36beb1bb50d4944148a5e2dad433 Mon Sep 17 00:00:00 2001 From: Nivedithaa Mahendran Date: Sat, 20 Dec 2025 01:36:01 +0530 Subject: [PATCH 28/39] update --- .../030-ibm-dro/templates/14-dro-public-route.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/cluster-applications/030-ibm-dro/templates/14-dro-public-route.yaml b/cluster-applications/030-ibm-dro/templates/14-dro-public-route.yaml index 34c866c57..9e99c913e 100644 --- a/cluster-applications/030-ibm-dro/templates/14-dro-public-route.yaml +++ b/cluster-applications/030-ibm-dro/templates/14-dro-public-route.yaml @@ -23,8 +23,8 @@ spec: tls: termination: reencrypt insecureEdgeTerminationPolicy: Redirect - certificate: {{ (lookup "v1" "Secret" .Release.Namespace "dro-client-tls").data.tls.crt | base64decode | quote }} - key: {{ (lookup "v1" "Secret" .Release.Namespace "dro-client-tls").data.tls.key | base64decode | quote }} + certificate: {{ (lookup "v1" "Secret" .Release.Namespace "dro-client-tls").data.tls.crt | b64dec | quote }} + key: {{ (lookup "v1" "Secret" .Release.Namespace "dro-client-tls").data.tls.key | b64dec | quote }} # name: dro-secret # externalCertificate: # name: dro-tls-secret From e3e131b8421c436b83859c21209e2933ec23a723 Mon Sep 17 00:00:00 2001 From: Nivedithaa Mahendran Date: Wed, 24 Dec 2025 00:28:53 +0530 Subject: [PATCH 29/39] update --- .../030-ibm-dro/templates/14-dro-public-route.yaml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/cluster-applications/030-ibm-dro/templates/14-dro-public-route.yaml b/cluster-applications/030-ibm-dro/templates/14-dro-public-route.yaml index 9e99c913e..265087e96 100644 --- a/cluster-applications/030-ibm-dro/templates/14-dro-public-route.yaml +++ b/cluster-applications/030-ibm-dro/templates/14-dro-public-route.yaml @@ -23,8 +23,10 @@ spec: tls: termination: reencrypt insecureEdgeTerminationPolicy: Redirect - certificate: {{ (lookup "v1" "Secret" .Release.Namespace "dro-client-tls").data.tls.crt | b64dec | quote }} - key: {{ (lookup "v1" "Secret" .Release.Namespace "dro-client-tls").data.tls.key | b64dec | quote }} + certificate: | + {{- (lookup "v1" "Secret" .Release.Namespace "dro-client-tls").data.["tls.crt"] | b64dec | nindent 6 }} + key: | + {{- (lookup "v1" "Secret" .Release.Namespace "dro-client-tls").data.["tls.key"] | b64dec | nindent 6 }} # name: dro-secret # externalCertificate: # name: dro-tls-secret From 5b91018aeeb19ccff0ea240a12477c5ff8e3e0b0 Mon Sep 17 00:00:00 2001 From: Nivedithaa Mahendran Date: Wed, 24 Dec 2025 00:35:51 +0530 Subject: [PATCH 30/39] update --- .../030-ibm-dro/templates/14-dro-public-route.yaml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/cluster-applications/030-ibm-dro/templates/14-dro-public-route.yaml b/cluster-applications/030-ibm-dro/templates/14-dro-public-route.yaml index 265087e96..760be2ac4 100644 --- a/cluster-applications/030-ibm-dro/templates/14-dro-public-route.yaml +++ b/cluster-applications/030-ibm-dro/templates/14-dro-public-route.yaml @@ -23,10 +23,12 @@ spec: tls: termination: reencrypt insecureEdgeTerminationPolicy: Redirect + {{- if (lookup "v1" "Secret" .Release.Namespace "dro-client-tls").data }} certificate: | - {{- (lookup "v1" "Secret" .Release.Namespace "dro-client-tls").data.["tls.crt"] | b64dec | nindent 6 }} + {{- index (lookup "v1" "Secret" .Release.Namespace "dro-client-tls").data "tls.crt" | b64dec | nindent 6 }} key: | - {{- (lookup "v1" "Secret" .Release.Namespace "dro-client-tls").data.["tls.key"] | b64dec | nindent 6 }} + {{- index (lookup "v1" "Secret" .Release.Namespace "dro-client-tls").data "tls.key" | b64dec | nindent 6 }} + {{- end }} # name: dro-secret # externalCertificate: # name: dro-tls-secret From 2bb711dc7d8d9dc75e8c9c8b4a38a856fe0f8863 Mon Sep 17 00:00:00 2001 From: Nivedithaa Mahendran Date: Wed, 24 Dec 2025 00:47:49 +0530 Subject: [PATCH 31/39] update --- .../030-ibm-dro/templates/14-dro-public-route.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/cluster-applications/030-ibm-dro/templates/14-dro-public-route.yaml b/cluster-applications/030-ibm-dro/templates/14-dro-public-route.yaml index 760be2ac4..16781d79c 100644 --- a/cluster-applications/030-ibm-dro/templates/14-dro-public-route.yaml +++ b/cluster-applications/030-ibm-dro/templates/14-dro-public-route.yaml @@ -1,6 +1,6 @@ {{- if and (eq .Values.dns_provider "cis") (not .Values.mas_manual_cert_mgmt) }} {{- if .Values.dro_public_domain }} - +{{- $existingSecret := lookup "v1" "Secret" "ibm-software-central" "dro-client-tls" }} --- kind: Route apiVersion: route.openshift.io/v1 @@ -23,11 +23,11 @@ spec: tls: termination: reencrypt insecureEdgeTerminationPolicy: Redirect - {{- if (lookup "v1" "Secret" .Release.Namespace "dro-client-tls").data }} + {{- if $existingSecret }} certificate: | - {{- index (lookup "v1" "Secret" .Release.Namespace "dro-client-tls").data "tls.crt" | b64dec | nindent 6 }} + {{- index $existingSecret.data "tls.crt" | b64dec | nindent 6 }} key: | - {{- index (lookup "v1" "Secret" .Release.Namespace "dro-client-tls").data "tls.key" | b64dec | nindent 6 }} + {{- index $existingSecret.data "tls.key" | b64dec | nindent 6 }} {{- end }} # name: dro-secret # externalCertificate: From feb7de073219f469a3e1af54691f62b20d039b28 Mon Sep 17 00:00:00 2001 From: Nivedithaa Mahendran Date: Tue, 6 Jan 2026 16:07:18 +0530 Subject: [PATCH 32/39] update with separate app for public route --- .../templates/08-postsync-update-sm_Job.yaml | 32 ++++++++- .../031-ibm-dro-public/Chart.yaml | 11 +++ .../templates/01-dro-public-route.yaml} | 16 +++-- .../031-ibm-dro-public/values.yaml | 0 .../Chart.yaml | 0 .../README.md | 0 .../templates/00-placeholder_ConfigMap.yaml | 0 .../postdelete-MarketplaceConfigs.yaml | 0 .../values.yaml | 0 .../templates/031-ibm-dro-public.yaml | 70 +++++++++++++++++++ ...-cleanup.yaml => 032-ibm-dro-cleanup.yaml} | 4 +- 11 files changed, 122 insertions(+), 11 deletions(-) create mode 100644 cluster-applications/031-ibm-dro-public/Chart.yaml rename cluster-applications/{030-ibm-dro/templates/14-dro-public-route.yaml => 031-ibm-dro-public/templates/01-dro-public-route.yaml} (74%) create mode 100644 cluster-applications/031-ibm-dro-public/values.yaml rename cluster-applications/{031-ibm-dro-cleanup => 032-ibm-dro-cleanup}/Chart.yaml (100%) rename cluster-applications/{031-ibm-dro-cleanup => 032-ibm-dro-cleanup}/README.md (100%) rename cluster-applications/{031-ibm-dro-cleanup => 032-ibm-dro-cleanup}/templates/00-placeholder_ConfigMap.yaml (100%) rename cluster-applications/{031-ibm-dro-cleanup => 032-ibm-dro-cleanup}/templates/postdelete-MarketplaceConfigs.yaml (100%) rename cluster-applications/{031-ibm-dro-cleanup => 032-ibm-dro-cleanup}/values.yaml (100%) create mode 100644 root-applications/ibm-mas-cluster-root/templates/031-ibm-dro-public.yaml rename root-applications/ibm-mas-cluster-root/templates/{031-ibm-dro-cleanup.yaml => 032-ibm-dro-cleanup.yaml} (96%) diff --git a/cluster-applications/030-ibm-dro/templates/08-postsync-update-sm_Job.yaml b/cluster-applications/030-ibm-dro/templates/08-postsync-update-sm_Job.yaml index 72bfe945b..3b745c4b7 100644 --- a/cluster-applications/030-ibm-dro/templates/08-postsync-update-sm_Job.yaml +++ b/cluster-applications/030-ibm-dro/templates/08-postsync-update-sm_Job.yaml @@ -26,7 +26,7 @@ Increment this value whenever you make a change to an immutable field of the Job E.g. passing in a new environment variable. Included in $_job_hash (see below). */}} -{{- $_job_version := "v3" }} +{{- $_job_version := "v4" }} {{- /* 10 char hash appended to the job name taking into account $_job_config_values, $_job_version and $_cli_image_digest @@ -181,11 +181,15 @@ spec: # Hard-coded for now: - name: AVP_TYPE value: "aws" + - name: DRO_PUBLIC_DOMAIN + value: {{ .Values.dro_public_domain }} volumeMounts: - name: aws mountPath: /etc/mas/creds/aws - name: ibm-data-reporter-operator-api-token mountPath: /etc/mas/creds/ibm-data-reporter-operator-api-token + - name: dro-client-tls + mountPath: /etc/mas/creds/dro-client-tls command: - /bin/sh - -c @@ -252,6 +256,25 @@ spec: exit 1 fi + if [[ -n "${DRO_PUBLIC_DOMAIN}" ]]; then + wait_for_resource "certificate" "dro-client-certificate" "${DRO_NAMESPACE}" + export DRO_CLIENT_TLS_CA_CRT=$(cat /etc/mas/creds/dro-client-tls/ca.crt) + if [[ -z "${DRO_CLIENT_TLS_CA_CRT}" ]]; then + echo "Failed to fetch ca.crt" + exit 1 + fi + export DRO_CLIENT_TLS_TLS_CRT=$(cat /etc/mas/creds/dro-client-tls/tls.crt) + if [[ -z "${DRO_CLIENT_TLS_TLS_CRT}" ]]; then + echo "Failed to fetch tls.crt" + exit 1 + fi + export DRO_CLIENT_TLS_TLS_KEY=$(cat /etc/mas/creds/dro-client-tls/tls.key) + if [[ -z "${DRO_CLIENT_TLS_TLS_KEY}" ]]; then + echo "Failed to fetch tls.key" + exit 1 + fi + fi + # aws configure set aws_access_key_id $SM_AWS_ACCESS_KEY_ID # aws configure set aws_secret_access_key $SM_AWS_SECRET_ACCESS_KEY @@ -263,7 +286,7 @@ spec: # aws secretsmanager create-secret --name ${SECRET_NAME} --secret-string "${SECRET_VALUE}" SECRET_NAME_DRO=${ACCOUNT_ID}/${CLUSTER_ID}/dro TAGS="[{\"Key\": \"source\", \"Value\": \"postsync-ibm-dro-update-sm-job\"}, {\"Key\": \"account\", \"Value\": \"${ACCOUNT_ID}\"}, {\"Key\": \"cluster\", \"Value\": \"${CLUSTER_ID}\"}]" - sm_update_secret $SECRET_NAME_DRO "{\"dro_api_token\": \"$DRO_API_TOKEN\", \"dro_url\": \"$DRO_URL\" }" "${TAGS}" + sm_update_secret $SECRET_NAME_DRO "{\"dro_api_token\": \"$DRO_API_TOKEN\", \"dro_url\": \"$DRO_URL\", \"dro_client_tls_ca_crt\": \"$DRO_CLIENT_TLS_CA_CRT\", \"dro_client_tls_tls_crt\": \"$DRO_CLIENT_TLS_TLS_CRT\", \"dro_client_tls_tls_key\": \"$DRO_CLIENT_TLS_TLS_KEY\" }" "${TAGS}" restartPolicy: Never @@ -282,6 +305,11 @@ spec: secretName: ibm-data-reporter-operator-api-token defaultMode: 420 optional: false + - name: dro-client-tls + secret: + secretName: dro-client-tls + defaultMode: 420 + optional: false backoffLimit: 4 {{- end }} diff --git a/cluster-applications/031-ibm-dro-public/Chart.yaml b/cluster-applications/031-ibm-dro-public/Chart.yaml new file mode 100644 index 000000000..85258c32b --- /dev/null +++ b/cluster-applications/031-ibm-dro-public/Chart.yaml @@ -0,0 +1,11 @@ +apiVersion: v2 +name: ibm-dro-public +description: IBM DRO (Public) +type: application +version: 1.0.0 + +dependencies: +- name: junitreporter + version: 1.0.0 + repository: "file://../../sub-charts/junitreporter/" + condition: junitreporter.devops_mongo_uri != "" \ No newline at end of file diff --git a/cluster-applications/030-ibm-dro/templates/14-dro-public-route.yaml b/cluster-applications/031-ibm-dro-public/templates/01-dro-public-route.yaml similarity index 74% rename from cluster-applications/030-ibm-dro/templates/14-dro-public-route.yaml rename to cluster-applications/031-ibm-dro-public/templates/01-dro-public-route.yaml index 16781d79c..53c174110 100644 --- a/cluster-applications/030-ibm-dro/templates/14-dro-public-route.yaml +++ b/cluster-applications/031-ibm-dro-public/templates/01-dro-public-route.yaml @@ -1,6 +1,6 @@ {{- if and (eq .Values.dns_provider "cis") (not .Values.mas_manual_cert_mgmt) }} {{- if .Values.dro_public_domain }} -{{- $existingSecret := lookup "v1" "Secret" "ibm-software-central" "dro-client-tls" }} +# {{- $existingSecret := lookup "v1" "Secret" "ibm-software-central" "dro-client-tls" }} --- kind: Route apiVersion: route.openshift.io/v1 @@ -23,12 +23,14 @@ spec: tls: termination: reencrypt insecureEdgeTerminationPolicy: Redirect - {{- if $existingSecret }} - certificate: | - {{- index $existingSecret.data "tls.crt" | b64dec | nindent 6 }} - key: | - {{- index $existingSecret.data "tls.key" | b64dec | nindent 6 }} - {{- end }} + certificate: + secretKeyRef: + name: "tls.crt" + key: data.tls.crt + key: + secretKeyRef: + name: "tls.key" + key: data.tls.key # name: dro-secret # externalCertificate: # name: dro-tls-secret diff --git a/cluster-applications/031-ibm-dro-public/values.yaml b/cluster-applications/031-ibm-dro-public/values.yaml new file mode 100644 index 000000000..e69de29bb diff --git a/cluster-applications/031-ibm-dro-cleanup/Chart.yaml b/cluster-applications/032-ibm-dro-cleanup/Chart.yaml similarity index 100% rename from cluster-applications/031-ibm-dro-cleanup/Chart.yaml rename to cluster-applications/032-ibm-dro-cleanup/Chart.yaml diff --git a/cluster-applications/031-ibm-dro-cleanup/README.md b/cluster-applications/032-ibm-dro-cleanup/README.md similarity index 100% rename from cluster-applications/031-ibm-dro-cleanup/README.md rename to cluster-applications/032-ibm-dro-cleanup/README.md diff --git a/cluster-applications/031-ibm-dro-cleanup/templates/00-placeholder_ConfigMap.yaml b/cluster-applications/032-ibm-dro-cleanup/templates/00-placeholder_ConfigMap.yaml similarity index 100% rename from cluster-applications/031-ibm-dro-cleanup/templates/00-placeholder_ConfigMap.yaml rename to cluster-applications/032-ibm-dro-cleanup/templates/00-placeholder_ConfigMap.yaml diff --git a/cluster-applications/031-ibm-dro-cleanup/templates/postdelete-MarketplaceConfigs.yaml b/cluster-applications/032-ibm-dro-cleanup/templates/postdelete-MarketplaceConfigs.yaml similarity index 100% rename from cluster-applications/031-ibm-dro-cleanup/templates/postdelete-MarketplaceConfigs.yaml rename to cluster-applications/032-ibm-dro-cleanup/templates/postdelete-MarketplaceConfigs.yaml diff --git a/cluster-applications/031-ibm-dro-cleanup/values.yaml b/cluster-applications/032-ibm-dro-cleanup/values.yaml similarity index 100% rename from cluster-applications/031-ibm-dro-cleanup/values.yaml rename to cluster-applications/032-ibm-dro-cleanup/values.yaml diff --git a/root-applications/ibm-mas-cluster-root/templates/031-ibm-dro-public.yaml b/root-applications/ibm-mas-cluster-root/templates/031-ibm-dro-public.yaml new file mode 100644 index 000000000..3580f8e8a --- /dev/null +++ b/root-applications/ibm-mas-cluster-root/templates/031-ibm-dro-public.yaml @@ -0,0 +1,70 @@ +{{- if not (empty .Values.ibm_dro) }} +--- +# IBM Maximo Operator Catalog +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: ibm-dro-public.{{ .Values.cluster.id }} + namespace: {{ .Values.argo.namespace }} + labels: + environment: '{{ .Values.account.id }}' + region: '{{ .Values.region.id }}' + cluster: '{{ .Values.cluster.id }}' + annotations: + argocd.argoproj.io/sync-wave: "032" + healthCheckTimeout: "1800" + {{- if and .Values.notifications .Values.notifications.slack_channel_id }} + notifications.argoproj.io/subscribe.on-sync-failed.workspace1: {{ .Values.notifications.slack_channel_id }} + notifications.argoproj.io/subscribe.on-sync-succeeded.workspace1: {{ .Values.notifications.slack_channel_id }} + {{- end }} + finalizers: + - resources-finalizer.argocd.argoproj.io + - post-delete-finalizer.argocd.argoproj.io + - post-delete-finalizer.argocd.argoproj.io/cleanup +spec: + project: "{{ .Values.argo.projects.apps }}" + destination: + server: {{ .Values.cluster.url }} + namespace: default + source: + repoURL: "{{ .Values.source.repo_url }}" + path: cluster-applications/031-ibm-dro-public + targetRevision: "{{ .Values.source.revision }}" + plugin: + name: {{ .Values.avp.name }} + env: + - name: {{ .Values.avp.values_varname }} + value: | + dro_namespace: "{{ .Values.ibm_dro.dro_namespace }}" + cli_image_repo: {{ .Values.cli_image_repo }} + dro_public_domain: "{{ .Values.ibm_dro.dro_public_domain }}" + dns_provider: "{{ .Values.ibm_cis_cert_manager.dns_provider }}" + junitreporter: + reporter_name: "ibm-dro-cleanup" + cluster_id: "{{ .Values.cluster.id }}" + devops_mongo_uri: "{{ .Values.devops.mongo_uri }}" + devops_build_number: "{{ .Values.devops.build_number }}" + gitops_version: "{{ .Values.source.revision }}" + cli_image_repo: {{ .Values.cli_image_repo }} + {{- if .Values.custom_labels }} + custom_labels: {{ .Values.custom_labels | toYaml | nindent 14 }} + {{- end }} + - name: ARGOCD_APP_NAME + value: ibmdrocleanup + {{- if not (empty .Values.avp.secret) }} + - name: AVP_SECRET + value: {{ .Values.avp.secret }} + {{- end }} + syncPolicy: + automated: + {{- if .Values.auto_delete }} + prune: true + {{- end }} + selfHeal: true + retry: + limit: 20 + syncOptions: + - CreateNamespace=false + - RespectIgnoreDifferences=true + - Validate=false +{{- end }} \ No newline at end of file diff --git a/root-applications/ibm-mas-cluster-root/templates/031-ibm-dro-cleanup.yaml b/root-applications/ibm-mas-cluster-root/templates/032-ibm-dro-cleanup.yaml similarity index 96% rename from root-applications/ibm-mas-cluster-root/templates/031-ibm-dro-cleanup.yaml rename to root-applications/ibm-mas-cluster-root/templates/032-ibm-dro-cleanup.yaml index 851de71cd..4712324f8 100644 --- a/root-applications/ibm-mas-cluster-root/templates/031-ibm-dro-cleanup.yaml +++ b/root-applications/ibm-mas-cluster-root/templates/032-ibm-dro-cleanup.yaml @@ -11,7 +11,7 @@ metadata: region: '{{ .Values.region.id }}' cluster: '{{ .Values.cluster.id }}' annotations: - argocd.argoproj.io/sync-wave: "031" + argocd.argoproj.io/sync-wave: "032" healthCheckTimeout: "1800" {{- if and .Values.notifications .Values.notifications.slack_channel_id }} notifications.argoproj.io/subscribe.on-sync-failed.workspace1: {{ .Values.notifications.slack_channel_id }} @@ -28,7 +28,7 @@ spec: namespace: default source: repoURL: "{{ .Values.source.repo_url }}" - path: cluster-applications/031-ibm-dro-cleanup + path: cluster-applications/032-ibm-dro-cleanup targetRevision: "{{ .Values.source.revision }}" plugin: name: {{ .Values.avp.name }} From ed109222617dd1cf7c75158e32debf29e647a933 Mon Sep 17 00:00:00 2001 From: Nivedithaa Mahendran Date: Tue, 6 Jan 2026 16:08:49 +0530 Subject: [PATCH 33/39] update sync wave --- .../ibm-mas-cluster-root/templates/031-ibm-dro-public.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/root-applications/ibm-mas-cluster-root/templates/031-ibm-dro-public.yaml b/root-applications/ibm-mas-cluster-root/templates/031-ibm-dro-public.yaml index 3580f8e8a..ef316e96b 100644 --- a/root-applications/ibm-mas-cluster-root/templates/031-ibm-dro-public.yaml +++ b/root-applications/ibm-mas-cluster-root/templates/031-ibm-dro-public.yaml @@ -11,7 +11,7 @@ metadata: region: '{{ .Values.region.id }}' cluster: '{{ .Values.cluster.id }}' annotations: - argocd.argoproj.io/sync-wave: "032" + argocd.argoproj.io/sync-wave: "031" healthCheckTimeout: "1800" {{- if and .Values.notifications .Values.notifications.slack_channel_id }} notifications.argoproj.io/subscribe.on-sync-failed.workspace1: {{ .Values.notifications.slack_channel_id }} From 6bd751ed1dd2560970237ac9c101c5d7c654abc8 Mon Sep 17 00:00:00 2001 From: Nivedithaa Mahendran Date: Tue, 6 Jan 2026 16:25:27 +0530 Subject: [PATCH 34/39] update role --- .../030-ibm-dro/templates/08-postsync-update-sm_Job.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/cluster-applications/030-ibm-dro/templates/08-postsync-update-sm_Job.yaml b/cluster-applications/030-ibm-dro/templates/08-postsync-update-sm_Job.yaml index 3b745c4b7..83410eba8 100644 --- a/cluster-applications/030-ibm-dro/templates/08-postsync-update-sm_Job.yaml +++ b/cluster-applications/030-ibm-dro/templates/08-postsync-update-sm_Job.yaml @@ -112,8 +112,10 @@ rules: - get apiGroups: - route.openshift.io + - cert-manager.io resources: - routes + - certificates --- From a5e51814e4ab6a845629b09387a0fa07d9908213 Mon Sep 17 00:00:00 2001 From: Nivedithaa Mahendran Date: Wed, 7 Jan 2026 12:55:27 +0530 Subject: [PATCH 35/39] update with secrets --- .../templates/08-postsync-update-sm_Job.yaml | 8 ++++---- .../templates/01-dro-public-route.yaml | 12 ++++-------- .../templates/031-ibm-dro-public.yaml | 2 ++ 3 files changed, 10 insertions(+), 12 deletions(-) diff --git a/cluster-applications/030-ibm-dro/templates/08-postsync-update-sm_Job.yaml b/cluster-applications/030-ibm-dro/templates/08-postsync-update-sm_Job.yaml index 83410eba8..5aadbbe55 100644 --- a/cluster-applications/030-ibm-dro/templates/08-postsync-update-sm_Job.yaml +++ b/cluster-applications/030-ibm-dro/templates/08-postsync-update-sm_Job.yaml @@ -260,17 +260,17 @@ spec: if [[ -n "${DRO_PUBLIC_DOMAIN}" ]]; then wait_for_resource "certificate" "dro-client-certificate" "${DRO_NAMESPACE}" - export DRO_CLIENT_TLS_CA_CRT=$(cat /etc/mas/creds/dro-client-tls/ca.crt) + export DRO_CLIENT_TLS_CA_CRT=$(cat /etc/mas/creds/dro-client-tls/ca.crt | base64 -w0) if [[ -z "${DRO_CLIENT_TLS_CA_CRT}" ]]; then echo "Failed to fetch ca.crt" exit 1 fi - export DRO_CLIENT_TLS_TLS_CRT=$(cat /etc/mas/creds/dro-client-tls/tls.crt) + export DRO_CLIENT_TLS_TLS_CRT=$(cat /etc/mas/creds/dro-client-tls/tls.crt | base64 -w0) if [[ -z "${DRO_CLIENT_TLS_TLS_CRT}" ]]; then echo "Failed to fetch tls.crt" exit 1 fi - export DRO_CLIENT_TLS_TLS_KEY=$(cat /etc/mas/creds/dro-client-tls/tls.key) + export DRO_CLIENT_TLS_TLS_KEY=$(cat /etc/mas/creds/dro-client-tls/tls.key | base64 -w0) if [[ -z "${DRO_CLIENT_TLS_TLS_KEY}" ]]; then echo "Failed to fetch tls.key" exit 1 @@ -288,7 +288,7 @@ spec: # aws secretsmanager create-secret --name ${SECRET_NAME} --secret-string "${SECRET_VALUE}" SECRET_NAME_DRO=${ACCOUNT_ID}/${CLUSTER_ID}/dro TAGS="[{\"Key\": \"source\", \"Value\": \"postsync-ibm-dro-update-sm-job\"}, {\"Key\": \"account\", \"Value\": \"${ACCOUNT_ID}\"}, {\"Key\": \"cluster\", \"Value\": \"${CLUSTER_ID}\"}]" - sm_update_secret $SECRET_NAME_DRO "{\"dro_api_token\": \"$DRO_API_TOKEN\", \"dro_url\": \"$DRO_URL\", \"dro_client_tls_ca_crt\": \"$DRO_CLIENT_TLS_CA_CRT\", \"dro_client_tls_tls_crt\": \"$DRO_CLIENT_TLS_TLS_CRT\", \"dro_client_tls_tls_key\": \"$DRO_CLIENT_TLS_TLS_KEY\" }" "${TAGS}" + sm_update_secret $SECRET_NAME_DRO "{\"dro_api_token\": \"$DRO_API_TOKEN\", \"dro_url\": \"$DRO_URL\", \"dro_client_tls_ca_crt_b64\": \"$DRO_CLIENT_TLS_CA_CRT\", \"dro_client_tls_tls_crt_b64\": \"$DRO_CLIENT_TLS_TLS_CRT\", \"dro_client_tls_tls_key_b64\": \"$DRO_CLIENT_TLS_TLS_KEY\" }" "${TAGS}" restartPolicy: Never diff --git a/cluster-applications/031-ibm-dro-public/templates/01-dro-public-route.yaml b/cluster-applications/031-ibm-dro-public/templates/01-dro-public-route.yaml index 53c174110..db8e19e19 100644 --- a/cluster-applications/031-ibm-dro-public/templates/01-dro-public-route.yaml +++ b/cluster-applications/031-ibm-dro-public/templates/01-dro-public-route.yaml @@ -23,14 +23,10 @@ spec: tls: termination: reencrypt insecureEdgeTerminationPolicy: Redirect - certificate: - secretKeyRef: - name: "tls.crt" - key: data.tls.crt - key: - secretKeyRef: - name: "tls.key" - key: data.tls.key + certificate: |- + {{ .Values.dro_tls_certificate | b64dec | indent 6 }} + key: |- + {{ .Values.dro_tls_key | b64dec | indent 6 }} # name: dro-secret # externalCertificate: # name: dro-tls-secret diff --git a/root-applications/ibm-mas-cluster-root/templates/031-ibm-dro-public.yaml b/root-applications/ibm-mas-cluster-root/templates/031-ibm-dro-public.yaml index ef316e96b..51da967e8 100644 --- a/root-applications/ibm-mas-cluster-root/templates/031-ibm-dro-public.yaml +++ b/root-applications/ibm-mas-cluster-root/templates/031-ibm-dro-public.yaml @@ -39,6 +39,8 @@ spec: cli_image_repo: {{ .Values.cli_image_repo }} dro_public_domain: "{{ .Values.ibm_dro.dro_public_domain }}" dns_provider: "{{ .Values.ibm_cis_cert_manager.dns_provider }}" + dro_tls_certificate: "{{ .Values.ibm_dro.tls_certificate }}" + dro_tls_key: "{{ .Values.ibm_dro.tls_key }}" junitreporter: reporter_name: "ibm-dro-cleanup" cluster_id: "{{ .Values.cluster.id }}" From 0021d3c06f95b191dda793289144b9a720c138c2 Mon Sep 17 00:00:00 2001 From: Nivedithaa Mahendran Date: Wed, 7 Jan 2026 13:07:48 +0530 Subject: [PATCH 36/39] update --- .../031-ibm-dro-public/templates/01-dro-public-route.yaml | 4 ++-- .../ibm-mas-cluster-root/templates/031-ibm-dro-public.yaml | 1 + 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/cluster-applications/031-ibm-dro-public/templates/01-dro-public-route.yaml b/cluster-applications/031-ibm-dro-public/templates/01-dro-public-route.yaml index db8e19e19..af90a95d2 100644 --- a/cluster-applications/031-ibm-dro-public/templates/01-dro-public-route.yaml +++ b/cluster-applications/031-ibm-dro-public/templates/01-dro-public-route.yaml @@ -24,9 +24,9 @@ spec: termination: reencrypt insecureEdgeTerminationPolicy: Redirect certificate: |- - {{ .Values.dro_tls_certificate | b64dec | indent 6 }} + {{ .Values.dro_tls_certificate }} key: |- - {{ .Values.dro_tls_key | b64dec | indent 6 }} + {{ .Values.dro_tls_key }} # name: dro-secret # externalCertificate: # name: dro-tls-secret diff --git a/root-applications/ibm-mas-cluster-root/templates/031-ibm-dro-public.yaml b/root-applications/ibm-mas-cluster-root/templates/031-ibm-dro-public.yaml index 51da967e8..502d3f44a 100644 --- a/root-applications/ibm-mas-cluster-root/templates/031-ibm-dro-public.yaml +++ b/root-applications/ibm-mas-cluster-root/templates/031-ibm-dro-public.yaml @@ -35,6 +35,7 @@ spec: env: - name: {{ .Values.avp.values_varname }} value: | + cluster_id: "{{ .Values.cluster.id }}" dro_namespace: "{{ .Values.ibm_dro.dro_namespace }}" cli_image_repo: {{ .Values.cli_image_repo }} dro_public_domain: "{{ .Values.ibm_dro.dro_public_domain }}" From e3c6023c7cc73404e2d3b3cc6d283d0e24c75dda Mon Sep 17 00:00:00 2001 From: Nivedithaa Mahendran Date: Wed, 7 Jan 2026 16:48:19 +0530 Subject: [PATCH 37/39] update --- .../031-ibm-dro-public/templates/01-dro-public-route.yaml | 2 ++ .../ibm-mas-cluster-root/templates/031-ibm-dro-public.yaml | 1 + 2 files changed, 3 insertions(+) diff --git a/cluster-applications/031-ibm-dro-public/templates/01-dro-public-route.yaml b/cluster-applications/031-ibm-dro-public/templates/01-dro-public-route.yaml index af90a95d2..89cbd3f01 100644 --- a/cluster-applications/031-ibm-dro-public/templates/01-dro-public-route.yaml +++ b/cluster-applications/031-ibm-dro-public/templates/01-dro-public-route.yaml @@ -27,6 +27,8 @@ spec: {{ .Values.dro_tls_certificate }} key: |- {{ .Values.dro_tls_key }} + caCertificate: |- + {{ .Values.dro_tls_ca_certificate }} # name: dro-secret # externalCertificate: # name: dro-tls-secret diff --git a/root-applications/ibm-mas-cluster-root/templates/031-ibm-dro-public.yaml b/root-applications/ibm-mas-cluster-root/templates/031-ibm-dro-public.yaml index 502d3f44a..efe042116 100644 --- a/root-applications/ibm-mas-cluster-root/templates/031-ibm-dro-public.yaml +++ b/root-applications/ibm-mas-cluster-root/templates/031-ibm-dro-public.yaml @@ -42,6 +42,7 @@ spec: dns_provider: "{{ .Values.ibm_cis_cert_manager.dns_provider }}" dro_tls_certificate: "{{ .Values.ibm_dro.tls_certificate }}" dro_tls_key: "{{ .Values.ibm_dro.tls_key }}" + dro_tls_ca_certificate: "{{ .Values.ibm_dro.tls_ca_certificate }}" junitreporter: reporter_name: "ibm-dro-cleanup" cluster_id: "{{ .Values.cluster.id }}" From 82307534fa55da896a3aaee14885c2a7ceea8ae2 Mon Sep 17 00:00:00 2001 From: Nivedithaa Mahendran Date: Wed, 7 Jan 2026 17:23:54 +0530 Subject: [PATCH 38/39] without ca cert --- .../031-ibm-dro-public/templates/01-dro-public-route.yaml | 8 -------- .../templates/031-ibm-dro-public.yaml | 1 - 2 files changed, 9 deletions(-) diff --git a/cluster-applications/031-ibm-dro-public/templates/01-dro-public-route.yaml b/cluster-applications/031-ibm-dro-public/templates/01-dro-public-route.yaml index 89cbd3f01..ded0e8806 100644 --- a/cluster-applications/031-ibm-dro-public/templates/01-dro-public-route.yaml +++ b/cluster-applications/031-ibm-dro-public/templates/01-dro-public-route.yaml @@ -27,14 +27,6 @@ spec: {{ .Values.dro_tls_certificate }} key: |- {{ .Values.dro_tls_key }} - caCertificate: |- - {{ .Values.dro_tls_ca_certificate }} - # name: dro-secret - # externalCertificate: - # name: dro-tls-secret - # name: "dro-client-tls" - # destinationCACertificate: - # name: "dro-server-tls" wildcardPolicy: None {{- end }} {{- end }} \ No newline at end of file diff --git a/root-applications/ibm-mas-cluster-root/templates/031-ibm-dro-public.yaml b/root-applications/ibm-mas-cluster-root/templates/031-ibm-dro-public.yaml index efe042116..502d3f44a 100644 --- a/root-applications/ibm-mas-cluster-root/templates/031-ibm-dro-public.yaml +++ b/root-applications/ibm-mas-cluster-root/templates/031-ibm-dro-public.yaml @@ -42,7 +42,6 @@ spec: dns_provider: "{{ .Values.ibm_cis_cert_manager.dns_provider }}" dro_tls_certificate: "{{ .Values.ibm_dro.tls_certificate }}" dro_tls_key: "{{ .Values.ibm_dro.tls_key }}" - dro_tls_ca_certificate: "{{ .Values.ibm_dro.tls_ca_certificate }}" junitreporter: reporter_name: "ibm-dro-cleanup" cluster_id: "{{ .Values.cluster.id }}" From 908ecefe7c20214c37783d53eb58826a39353112 Mon Sep 17 00:00:00 2001 From: Nivedithaa Mahendran Date: Fri, 9 Jan 2026 15:21:09 +0530 Subject: [PATCH 39/39] [minor] Ensure DRO is exposed through a route --- .../templates/08-postsync-update-sm_Job.yaml | 14 +-- .../12-0-dro-cluster-issuer-staging.yaml | 3 +- .../12-1-dro-cluster-issuer-prod.yaml | 57 ++++----- .../13-0-dro-selfsigncertificate.yaml | 118 ------------------ .../templates/13-dro-certificate.yaml | 30 ++--- .../templates/01-dro-public-route.yaml | 7 +- 6 files changed, 56 insertions(+), 173 deletions(-) delete mode 100644 cluster-applications/030-ibm-dro/templates/13-0-dro-selfsigncertificate.yaml diff --git a/cluster-applications/030-ibm-dro/templates/08-postsync-update-sm_Job.yaml b/cluster-applications/030-ibm-dro/templates/08-postsync-update-sm_Job.yaml index 5aadbbe55..9e85e0f1a 100644 --- a/cluster-applications/030-ibm-dro/templates/08-postsync-update-sm_Job.yaml +++ b/cluster-applications/030-ibm-dro/templates/08-postsync-update-sm_Job.yaml @@ -190,8 +190,8 @@ spec: mountPath: /etc/mas/creds/aws - name: ibm-data-reporter-operator-api-token mountPath: /etc/mas/creds/ibm-data-reporter-operator-api-token - - name: dro-client-tls - mountPath: /etc/mas/creds/dro-client-tls + - name: dro-tls-secret + mountPath: /etc/mas/creds/dro-tls-secret command: - /bin/sh - -c @@ -260,17 +260,17 @@ spec: if [[ -n "${DRO_PUBLIC_DOMAIN}" ]]; then wait_for_resource "certificate" "dro-client-certificate" "${DRO_NAMESPACE}" - export DRO_CLIENT_TLS_CA_CRT=$(cat /etc/mas/creds/dro-client-tls/ca.crt | base64 -w0) + export DRO_CLIENT_TLS_CA_CRT=$(cat /etc/mas/creds/dro-tls-secret/ca.crt | base64 -w0) if [[ -z "${DRO_CLIENT_TLS_CA_CRT}" ]]; then echo "Failed to fetch ca.crt" exit 1 fi - export DRO_CLIENT_TLS_TLS_CRT=$(cat /etc/mas/creds/dro-client-tls/tls.crt | base64 -w0) + export DRO_CLIENT_TLS_TLS_CRT=$(cat /etc/mas/creds/dro-tls-secret/tls.crt | base64 -w0) if [[ -z "${DRO_CLIENT_TLS_TLS_CRT}" ]]; then echo "Failed to fetch tls.crt" exit 1 fi - export DRO_CLIENT_TLS_TLS_KEY=$(cat /etc/mas/creds/dro-client-tls/tls.key | base64 -w0) + export DRO_CLIENT_TLS_TLS_KEY=$(cat /etc/mas/creds/dro-tls-secret/tls.key | base64 -w0) if [[ -z "${DRO_CLIENT_TLS_TLS_KEY}" ]]; then echo "Failed to fetch tls.key" exit 1 @@ -307,9 +307,9 @@ spec: secretName: ibm-data-reporter-operator-api-token defaultMode: 420 optional: false - - name: dro-client-tls + - name: dro-tls-secret secret: - secretName: dro-client-tls + secretName: dro-tls-secret defaultMode: 420 optional: false backoffLimit: 4 diff --git a/cluster-applications/030-ibm-dro/templates/12-0-dro-cluster-issuer-staging.yaml b/cluster-applications/030-ibm-dro/templates/12-0-dro-cluster-issuer-staging.yaml index 9bd8b22c6..b3482b837 100644 --- a/cluster-applications/030-ibm-dro/templates/12-0-dro-cluster-issuer-staging.yaml +++ b/cluster-applications/030-ibm-dro/templates/12-0-dro-cluster-issuer-staging.yaml @@ -1,4 +1,4 @@ -{{- if and (eq .Values.dns_provider "cis") (not .Values.mas_manual_cert_mgmt) }} +{{- if (eq .Values.dns_provider "cis") }} {{ $cis_apiservice_group_name := "acme.cis.ibm.com" }} {{ $cis_stg_issuer_name := printf "%s-cis-le-stg" .Values.cluster_id }} @@ -10,6 +10,7 @@ metadata: annotations: argocd.argoproj.io/sync-wave: "138" name: "{{ $cis_stg_issuer_name }}" + namespace: "{{ .Values.dro_namespace }}" {{- if .Values.custom_labels }} labels: {{ .Values.custom_labels | toYaml | indent 4 }} diff --git a/cluster-applications/030-ibm-dro/templates/12-1-dro-cluster-issuer-prod.yaml b/cluster-applications/030-ibm-dro/templates/12-1-dro-cluster-issuer-prod.yaml index 540f27f38..901cd4196 100644 --- a/cluster-applications/030-ibm-dro/templates/12-1-dro-cluster-issuer-prod.yaml +++ b/cluster-applications/030-ibm-dro/templates/12-1-dro-cluster-issuer-prod.yaml @@ -1,34 +1,35 @@ -{{- if and (eq .Values.dns_provider "cis") (not .Values.mas_manual_cert_mgmt) }} +{{- if (eq .Values.dns_provider "cis") }} {{ $cis_apiservice_group_name := "acme.cis.ibm.com" }} {{ $cis_prod_issuer_name := printf "%s-cis-le-prod" .Values.cluster_id }} --- -# apiVersion: cert-manager.io/v1 -# kind: ClusterIssuer -# metadata: -# annotations: -# argocd.argoproj.io/sync-wave: "138" -# name: "{{ $cis_prod_issuer_name }}" -# {{- if .Values.custom_labels }} -# labels: -# {{ .Values.custom_labels | toYaml | indent 4 }} -# {{- end }} -# spec: -# acme: -# preferredChain: '' -# privateKeySecretRef: -# name: cis-letsencrypt-production-account-key -# server: 'https://acme-v02.api.letsencrypt.org/directory' -# solvers: -# - dns01: -# webhook: -# config: -# apiKeySecretRef: -# key: key -# name: cis-api-key -# crn: >- -# {{ .Values.cis_crn }} -# groupName: {{ $cis_apiservice_group_name }} -# solverName: cis +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + annotations: + argocd.argoproj.io/sync-wave: "138" + name: "{{ $cis_prod_issuer_name }}" + namespace: "{{ .Values.dro_namespace }}" +{{- if .Values.custom_labels }} + labels: +{{ .Values.custom_labels | toYaml | indent 4 }} +{{- end }} +spec: + acme: + preferredChain: '' + privateKeySecretRef: + name: cis-letsencrypt-production-account-key + server: 'https://acme-v02.api.letsencrypt.org/directory' + solvers: + - dns01: + webhook: + config: + apiKeySecretRef: + key: key + name: cis-api-key + crn: >- + {{ .Values.cis_crn }} + groupName: {{ $cis_apiservice_group_name }} + solverName: cis {{- end }} \ No newline at end of file diff --git a/cluster-applications/030-ibm-dro/templates/13-0-dro-selfsigncertificate.yaml b/cluster-applications/030-ibm-dro/templates/13-0-dro-selfsigncertificate.yaml deleted file mode 100644 index bb988fbad..000000000 --- a/cluster-applications/030-ibm-dro/templates/13-0-dro-selfsigncertificate.yaml +++ /dev/null @@ -1,118 +0,0 @@ -{{- if and (eq .Values.dns_provider "cis") (not .Values.mas_manual_cert_mgmt) }} -{{- if .Values.dro_public_domain }} ---- -apiVersion: cert-manager.io/v1 -kind: Issuer -metadata: - name: "dro-selfsigned-issuer" - namespace: "{{ .Values.provisioner_namespace }}" - annotations: - argocd.argoproj.io/sync-wave: "00" -{{- if .Values.custom_labels }} - labels: -{{ .Values.custom_labels | toYaml | indent 4 }} -{{- end }} -spec: - selfSigned: {} - ---- -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: "dro-rootca-certificate" - namespace: "{{ .Values.provisioner_namespace }}" - annotations: - argocd.argoproj.io/sync-wave: "01" -{{- if .Values.custom_labels }} - labels: -{{ .Values.custom_labels | toYaml | indent 4 }} -{{- end }} -spec: - secretName: "dro-rootca" - duration: "175200h0m0s" - renewBefore: "2160h0m0s" - issuerRef: - name: "dro-selfsigned-issuer" - kind: Issuer - isCA: true - commonName: "dro-app" - usages: - - cert sign - - digital signature - - key encipherment - ---- -apiVersion: cert-manager.io/v1 -kind: Issuer -metadata: - name: "dro-rootca-issuer" - namespace: "{{ .Values.dro_namespace }}" - annotations: - argocd.argoproj.io/sync-wave: "02" -{{- if .Values.custom_labels }} - labels: -{{ .Values.custom_labels | toYaml | indent 4 }} -{{- end }} -spec: - ca: - secretName: "dro-rootca" - ---- -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: "dro-server-certificate" - namespace: "{{ .Values.dro_namespace }}" - annotations: - argocd.argoproj.io/sync-wave: "03" -{{- if .Values.custom_labels }} - labels: -{{ .Values.custom_labels | toYaml | indent 4 }} -{{- end }} -spec: - secretName: "dro-server-tls" - duration: "2160h" # 90 days - renewBefore: "360h" # 15 days - commonName: "dro-service" - issuerRef: - name: "dro-rootca-issuer" - kind: Issuer - usages: - - server auth - dnsNames: - - "dro-{{ .Values.cluster_id }}.{{ .Values.dro_public_domain }}" - subject: - countries: - - US - streetAddresses: - - New York - localities: - - New York - organizationalUnits: - - IBM Maximo Application Suite - ---- -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: "dro-client-certificate" - namespace: "{{ .Values.provisioner_namespace }}" - annotations: - argocd.argoproj.io/sync-wave: "03" -{{- if .Values.custom_labels }} - labels: -{{ .Values.custom_labels | toYaml | indent 4 }} -{{- end }} -spec: - secretName: "dro-client-tls" - duration: "2160h" # 90 days - renewBefore: "360h" # 15 days - commonName: "dro-client" - issuerRef: - name: "dro-rootca-issuer" - kind: Issuer - usages: - - client auth - -{{- end }} -{{- end }} \ No newline at end of file diff --git a/cluster-applications/030-ibm-dro/templates/13-dro-certificate.yaml b/cluster-applications/030-ibm-dro/templates/13-dro-certificate.yaml index 6df0a4d33..74b84ad1b 100644 --- a/cluster-applications/030-ibm-dro/templates/13-dro-certificate.yaml +++ b/cluster-applications/030-ibm-dro/templates/13-dro-certificate.yaml @@ -1,18 +1,20 @@ -{{- if and (eq .Values.dns_provider "cis") (not .Values.mas_manual_cert_mgmt) }} +{{- if (eq .Values.dns_provider "cis") }} {{- if .Values.dro_public_domain }} --- -# apiVersion: cert-manager.io/v1 -# kind: Certificate -# metadata: -# name: dro-tls-cert -# namespace: ibm-software-central -# spec: -# secretName: dro-tls-secret # The Secret that will be created -# issuerRef: -# name: letsencrypt-staging # Name of the ClusterIssuer created in Step 1 -# kind: ClusterIssuer -# commonName: dro-{{ .Values.cluster_id }} -# privateKey: -# rotationPolicy: Always +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + annotations: + argocd.argoproj.io/sync-wave: "139" + name: dro-tls-cert + namespace: "{{ .Values.dro_namespace }}" +spec: + secretName: dro-tls-secret + issuerRef: + name: letsencrypt-staging + kind: ClusterIssuer + commonName: dro-{{ .Values.cluster_id }} + privateKey: + rotationPolicy: Always {{- end }} {{- end }} \ No newline at end of file diff --git a/cluster-applications/031-ibm-dro-public/templates/01-dro-public-route.yaml b/cluster-applications/031-ibm-dro-public/templates/01-dro-public-route.yaml index ded0e8806..ab980fdb8 100644 --- a/cluster-applications/031-ibm-dro-public/templates/01-dro-public-route.yaml +++ b/cluster-applications/031-ibm-dro-public/templates/01-dro-public-route.yaml @@ -1,19 +1,16 @@ -{{- if and (eq .Values.dns_provider "cis") (not .Values.mas_manual_cert_mgmt) }} +{{- if (eq .Values.dns_provider "cis") }} {{- if .Values.dro_public_domain }} -# {{- $existingSecret := lookup "v1" "Secret" "ibm-software-central" "dro-client-tls" }} --- kind: Route apiVersion: route.openshift.io/v1 metadata: name: ibm-data-reporter-public-route - namespace: ibm-software-central + namespace: "{{ .Values.dro_namespace }}" labels: type: external - route.openshift.io/destination-ca-certificate-secret: dro-server-tls spec: host: "dro.{{ .Values.cluster_id }}.{{ .Values.dro_public_domain }}" - # host: "dro.apps.noble6.cp.fyre.ibm.com" to: kind: Service name: ibm-data-reporter-operator-controller-manager-metrics-service