diff --git a/.secrets.baseline b/.secrets.baseline index a06ded1923..ef847d5d2a 100644 --- a/.secrets.baseline +++ b/.secrets.baseline @@ -3,7 +3,7 @@ "files": "build/bin/config/oscap/ssg-rhel9-ds.xml|^.secrets.baseline$", "lines": null }, - "generated_at": "2026-01-12T15:19:33Z", + "generated_at": "2026-01-22T06:10:17Z", "plugins_used": [ { "name": "AWSKeyDetector" @@ -352,7 +352,7 @@ "hashed_secret": "b2817467154949a61f8e9ad31d1eeaf03221cbfa", "is_secret": false, "is_verified": false, - "line_number": 235, + "line_number": 249, "type": "Secret Keyword", "verified_result": null } @@ -552,7 +552,7 @@ "hashed_secret": "fee2d55ad9a49a95fc89abe8f414dad66704ebfd", "is_secret": false, "is_verified": false, - "line_number": 12, + "line_number": 18, "type": "Secret Keyword", "verified_result": null } diff --git a/image/cli/mascli/functions/gitops_dro b/image/cli/mascli/functions/gitops_dro index 4e08325366..c3c87546d7 100644 --- a/image/cli/mascli/functions/gitops_dro +++ b/image/cli/mascli/functions/gitops_dro @@ -30,8 +30,10 @@ AWS Secrets Manager Configuration (Required): --secrets-path ${COLOR_YELLOW}SECRETS_PATH${TEXT_RESET} Secrets Manager path IBM DRO & IMO Config (Optional): - --dro-install-plan ${COLOR_YELLOW}DRO_INSTALL_PLAN${TEXT_RESET} DRO subscription install plan approval('Automatic' or 'Manual'. Default is 'Automatic') - --imo-install-plan ${COLOR_YELLOW}IMO_INSTALL_PLAN${TEXT_RESET} IMO subscription install plan approval('Automatic' or 'Manual'. Default is 'Automatic') + --dro-install-plan ${COLOR_YELLOW}DRO_INSTALL_PLAN${TEXT_RESET} DRO subscription install plan approval('Automatic' or 'Manual'. Default is 'Automatic') + --imo-install-plan ${COLOR_YELLOW}IMO_INSTALL_PLAN${TEXT_RESET} IMO subscription install plan approval('Automatic' or 'Manual'. Default is 'Automatic') + --dro-public-domain ${COLOR_YELLOW}DRO_PUBLIC_DOMAIN${TEXT_RESET} Domain of DRO if it needs to be exposed publicly + --dro-cis-crn ${COLOR_YELLOW}DRO_CIS_CRN${TEXT_RESET} CIS CRN Automatic GitHub Push (Optional): -P, --github-push ${COLOR_YELLOW}GITHUB_PUSH${TEXT_RESET} Enable automatic push to GitHub @@ -116,6 +118,12 @@ function gitops_dro_noninteractive() { --imo-install-plan) export IMO_INSTALL_PLAN=$1 && shift ;; + --dro-public-domain) + export DRO_PUBLIC_DOMAIN=$1 && shift + ;; + --dro-cis-crn) + export DRO_CIS_CRN=$1 && shift + ;; # Automatic GitHub Push -P|--github-push) @@ -227,6 +235,12 @@ function gitops_dro() { echo "${TEXT_DIM}" echo_h2 "DRO Operator" " " echo_reset_dim "DRO_NAMESPACE .......................... ${COLOR_MAGENTA}${DRO_NAMESPACE}" + if [[ -n "$DRO_PUBLIC_DOMAIN" ]]; then + echo_reset_dim "DRO_PUBLIC_DOMAIN ....................... ${COLOR_MAGENTA}${DRO_PUBLIC_DOMAIN}" + fi + if [[ -n "$DRO_CIS_CRN" ]]; then + echo_reset_dim "DRO_CIS_CRN .......................... ${COLOR_MAGENTA}${DRO_CIS_CRN}" + fi reset_colors echo "${TEXT_DIM}" @@ -249,6 +263,8 @@ function gitops_dro() { # --------------------------------------------------------------------------- # Note that SECRET_KEY_IBM_ENTITLEMENT cluster-level secret is set up by gitops-cluster export SECRET_KEY_IBM_ENTITLEMENT=${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}ibm_entitlement#entitlement_key + export SECRET_KET_DRO_TLS_CERT=${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}dro#dro_client_tls_tls_crt_b64 + export SECRET_KET_DRO_TLS_KEY=${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}dro#dro_client_tls_tls_key_b64 if [ "$DRO_CMM_SETUP" == "true" ]; then export SECRET_KEY_DRO_CMM_AUTH_APIKEY=${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}dro_cmm_auth#api_key diff --git a/image/cli/mascli/templates/gitops/appset-configs/cluster/ibm-dro.yaml.j2 b/image/cli/mascli/templates/gitops/appset-configs/cluster/ibm-dro.yaml.j2 index fe598dda4a..a48aa8e10a 100644 --- a/image/cli/mascli/templates/gitops/appset-configs/cluster/ibm-dro.yaml.j2 +++ b/image/cli/mascli/templates/gitops/appset-configs/cluster/ibm-dro.yaml.j2 @@ -7,6 +7,12 @@ ibm_dro: dro_cmm_setup: {{ DRO_CMM_SETUP }} dro_install_plan: {{ DRO_INSTALL_PLAN }} imo_install_plan: {{ IMO_INSTALL_PLAN }} +{% if DRO_PUBLIC_DOMAIN is defined and DRO_PUBLIC_DOMAIN and CIS_CRN is defined and CIS_CRN %} + dro_public_domain: {{ DRO_PUBLIC_DOMAIN }} + tls_certificate: "" + tls_key: "" + cis_crn: {{ CIS_CRN }} +{% endif %} {% if DRO_CMM_SETUP is defined and DRO_CMM_SETUP %} dro_cmm: auth_apikey: "" diff --git a/tekton/src/pipelines/gitops/gitops-mas-cluster.yml.j2 b/tekton/src/pipelines/gitops/gitops-mas-cluster.yml.j2 index 65f7f395a5..0042dab318 100644 --- a/tekton/src/pipelines/gitops/gitops-mas-cluster.yml.j2 +++ b/tekton/src/pipelines/gitops/gitops-mas-cluster.yml.j2 @@ -63,6 +63,12 @@ spec: - name: imo_install_plan type: string default: "Automatic" + - name: dro_public_domain + type: string + default: "" + - name: dro_cis_crn + type: string + default: "" - name: nvidia_gpu_action type: string @@ -426,6 +432,10 @@ spec: value: $(params.dro_install_plan) - name: imo_install_plan value: $(params.imo_install_plan) + - name: dro_public_domain + value: $(params.dro_public_domain) + - name: dro_cis_crn + value: $(params.dro_cis_crn) taskRef: kind: Task name: gitops-dro diff --git a/tekton/src/tasks/gitops/gitops-dro.yml.j2 b/tekton/src/tasks/gitops/gitops-dro.yml.j2 index 2b72043360..d2df833a4b 100644 --- a/tekton/src/tasks/gitops/gitops-dro.yml.j2 +++ b/tekton/src/tasks/gitops/gitops-dro.yml.j2 @@ -41,6 +41,12 @@ spec: - name: imo_install_plan type: string default: "Automatic" + - name: dro_public_domain + type: string + default: "" + - name: dro_cis_crn + type: string + default: "" stepTemplate: name: gitops-dro env: @@ -74,6 +80,10 @@ spec: value: $(params.dro_install_plan) - name: IMO_INSTALL_PLAN value: $(params.imo_install_plan) + - name: DRO_PUBLIC_DOMAIN + value: $(params.dro_public_domain) + - name: DRO_CIS_CRN + value: $(params.dro_cis_crn) envFrom: - configMapRef: name: environment-properties