From ed022317304291ae6a6edd6004810e180109162c Mon Sep 17 00:00:00 2001 From: Nivedithaa Mahendran Date: Thu, 8 Jan 2026 15:13:36 +0530 Subject: [PATCH 1/3] [minor] Ensure DRO is exposed through a route Issue: #MASCORE-11128 --- .secrets.baseline | 6 +++--- image/cli/mascli/functions/gitops_dro | 9 +++++++++ .../gitops/appset-configs/cluster/ibm-dro.yaml.j2 | 4 ++++ tekton/src/pipelines/gitops/gitops-mas-cluster.yml.j2 | 5 +++++ tekton/src/tasks/gitops/gitops-dro.yml.j2 | 5 +++++ 5 files changed, 26 insertions(+), 3 deletions(-) diff --git a/.secrets.baseline b/.secrets.baseline index 4140ca9ce69..ace7cee0d1c 100644 --- a/.secrets.baseline +++ b/.secrets.baseline @@ -3,7 +3,7 @@ "files": "build/bin/config/oscap/ssg-rhel9-ds.xml|^.secrets.baseline$", "lines": null }, - "generated_at": "2025-12-22T19:12:08Z", + "generated_at": "2026-01-08T09:43:23Z", "plugins_used": [ { "name": "AWSKeyDetector" @@ -352,7 +352,7 @@ "hashed_secret": "b2817467154949a61f8e9ad31d1eeaf03221cbfa", "is_secret": false, "is_verified": false, - "line_number": 235, + "line_number": 242, "type": "Secret Keyword", "verified_result": null } @@ -552,7 +552,7 @@ "hashed_secret": "fee2d55ad9a49a95fc89abe8f414dad66704ebfd", "is_secret": false, "is_verified": false, - "line_number": 12, + "line_number": 16, "type": "Secret Keyword", "verified_result": null } diff --git a/image/cli/mascli/functions/gitops_dro b/image/cli/mascli/functions/gitops_dro index 4e083253667..b096e53b3d5 100644 --- a/image/cli/mascli/functions/gitops_dro +++ b/image/cli/mascli/functions/gitops_dro @@ -32,6 +32,7 @@ AWS Secrets Manager Configuration (Required): IBM DRO & IMO Config (Optional): --dro-install-plan ${COLOR_YELLOW}DRO_INSTALL_PLAN${TEXT_RESET} DRO subscription install plan approval('Automatic' or 'Manual'. Default is 'Automatic') --imo-install-plan ${COLOR_YELLOW}IMO_INSTALL_PLAN${TEXT_RESET} IMO subscription install plan approval('Automatic' or 'Manual'. Default is 'Automatic') + --dro-public-domain ${COLOR_YELLOW}DRO_PUBLIC_DOMAIN${TEXT_RESET} Domain of DRO if it needs to be exposed publicly Automatic GitHub Push (Optional): -P, --github-push ${COLOR_YELLOW}GITHUB_PUSH${TEXT_RESET} Enable automatic push to GitHub @@ -116,6 +117,9 @@ function gitops_dro_noninteractive() { --imo-install-plan) export IMO_INSTALL_PLAN=$1 && shift ;; + --dro-public-domain) + export DRO_PUBLIC_DOMAIN=$1 && shift + ;; # Automatic GitHub Push -P|--github-push) @@ -227,6 +231,9 @@ function gitops_dro() { echo "${TEXT_DIM}" echo_h2 "DRO Operator" " " echo_reset_dim "DRO_NAMESPACE .......................... ${COLOR_MAGENTA}${DRO_NAMESPACE}" + if [[ -n "$DRO_PUBLIC_DOMAIN" ]]; then + echo_reset_dim "DRO_PUBLIC_DOMAIN ....................... ${COLOR_MAGENTA}${DRO_PUBLIC_DOMAIN}" + fi reset_colors echo "${TEXT_DIM}" @@ -249,6 +256,8 @@ function gitops_dro() { # --------------------------------------------------------------------------- # Note that SECRET_KEY_IBM_ENTITLEMENT cluster-level secret is set up by gitops-cluster export SECRET_KEY_IBM_ENTITLEMENT=${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}ibm_entitlement#entitlement_key + export SECRET_KET_DRO_TLS_CERT=${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}dro#dro_client_tls_tls_crt_b64 + export SECRET_KET_DRO_TLS_KEY=${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}dro#dro_client_tls_tls_key_b64 if [ "$DRO_CMM_SETUP" == "true" ]; then export SECRET_KEY_DRO_CMM_AUTH_APIKEY=${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}dro_cmm_auth#api_key diff --git a/image/cli/mascli/templates/gitops/appset-configs/cluster/ibm-dro.yaml.j2 b/image/cli/mascli/templates/gitops/appset-configs/cluster/ibm-dro.yaml.j2 index fe598dda4a6..6f2e84f7a08 100644 --- a/image/cli/mascli/templates/gitops/appset-configs/cluster/ibm-dro.yaml.j2 +++ b/image/cli/mascli/templates/gitops/appset-configs/cluster/ibm-dro.yaml.j2 @@ -7,6 +7,10 @@ ibm_dro: dro_cmm_setup: {{ DRO_CMM_SETUP }} dro_install_plan: {{ DRO_INSTALL_PLAN }} imo_install_plan: {{ IMO_INSTALL_PLAN }} +{% if DRO_PUBLIC_DOMAIN is defined and DRO_PUBLIC_DOMAIN %} + tls_certificate: "" + tls_key: "" +{% endif %} {% if DRO_CMM_SETUP is defined and DRO_CMM_SETUP %} dro_cmm: auth_apikey: "" diff --git a/tekton/src/pipelines/gitops/gitops-mas-cluster.yml.j2 b/tekton/src/pipelines/gitops/gitops-mas-cluster.yml.j2 index 65f7f395a55..6358fc10940 100644 --- a/tekton/src/pipelines/gitops/gitops-mas-cluster.yml.j2 +++ b/tekton/src/pipelines/gitops/gitops-mas-cluster.yml.j2 @@ -63,6 +63,9 @@ spec: - name: imo_install_plan type: string default: "Automatic" + - name: dro_public_domain + type: string + default: "" - name: nvidia_gpu_action type: string @@ -426,6 +429,8 @@ spec: value: $(params.dro_install_plan) - name: imo_install_plan value: $(params.imo_install_plan) + - name: dro_public_domain + value: $(params.dro_public_domain) taskRef: kind: Task name: gitops-dro diff --git a/tekton/src/tasks/gitops/gitops-dro.yml.j2 b/tekton/src/tasks/gitops/gitops-dro.yml.j2 index 2b72043360b..1450dcf3931 100644 --- a/tekton/src/tasks/gitops/gitops-dro.yml.j2 +++ b/tekton/src/tasks/gitops/gitops-dro.yml.j2 @@ -41,6 +41,9 @@ spec: - name: imo_install_plan type: string default: "Automatic" + - name: dro_public_domain + type: string + default: "" stepTemplate: name: gitops-dro env: @@ -74,6 +77,8 @@ spec: value: $(params.dro_install_plan) - name: IMO_INSTALL_PLAN value: $(params.imo_install_plan) + - name: DRO_PUBLIC_DOMAIN + value: $(params.dro_public_domain) envFrom: - configMapRef: name: environment-properties From eec1a5adbff30767d37aeb3d86a9fbc55cde298b Mon Sep 17 00:00:00 2001 From: Nivedithaa Mahendran Date: Thu, 8 Jan 2026 15:59:08 +0530 Subject: [PATCH 2/3] update public domain --- .secrets.baseline | 4 ++-- .../templates/gitops/appset-configs/cluster/ibm-dro.yaml.j2 | 1 + 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/.secrets.baseline b/.secrets.baseline index ace7cee0d1c..6e127a605d1 100644 --- a/.secrets.baseline +++ b/.secrets.baseline @@ -3,7 +3,7 @@ "files": "build/bin/config/oscap/ssg-rhel9-ds.xml|^.secrets.baseline$", "lines": null }, - "generated_at": "2026-01-08T09:43:23Z", + "generated_at": "2026-01-08T10:29:01Z", "plugins_used": [ { "name": "AWSKeyDetector" @@ -552,7 +552,7 @@ "hashed_secret": "fee2d55ad9a49a95fc89abe8f414dad66704ebfd", "is_secret": false, "is_verified": false, - "line_number": 16, + "line_number": 17, "type": "Secret Keyword", "verified_result": null } diff --git a/image/cli/mascli/templates/gitops/appset-configs/cluster/ibm-dro.yaml.j2 b/image/cli/mascli/templates/gitops/appset-configs/cluster/ibm-dro.yaml.j2 index 6f2e84f7a08..465183e0dd3 100644 --- a/image/cli/mascli/templates/gitops/appset-configs/cluster/ibm-dro.yaml.j2 +++ b/image/cli/mascli/templates/gitops/appset-configs/cluster/ibm-dro.yaml.j2 @@ -8,6 +8,7 @@ ibm_dro: dro_install_plan: {{ DRO_INSTALL_PLAN }} imo_install_plan: {{ IMO_INSTALL_PLAN }} {% if DRO_PUBLIC_DOMAIN is defined and DRO_PUBLIC_DOMAIN %} + dro_public_domain: {{ DRO_PUBLIC_DOMAIN }} tls_certificate: "" tls_key: "" {% endif %} From ad96bd27bc7274e68646d6d4bca90dec4589c0ef Mon Sep 17 00:00:00 2001 From: Nivedithaa Mahendran Date: Thu, 22 Jan 2026 11:40:23 +0530 Subject: [PATCH 3/3] update cis crn for dro --- .secrets.baseline | 6 +++--- image/cli/mascli/functions/gitops_dro | 11 +++++++++-- .../gitops/appset-configs/cluster/ibm-dro.yaml.j2 | 3 ++- tekton/src/pipelines/gitops/gitops-mas-cluster.yml.j2 | 5 +++++ tekton/src/tasks/gitops/gitops-dro.yml.j2 | 5 +++++ 5 files changed, 24 insertions(+), 6 deletions(-) diff --git a/.secrets.baseline b/.secrets.baseline index c7d15198bca..ef847d5d2a3 100644 --- a/.secrets.baseline +++ b/.secrets.baseline @@ -3,7 +3,7 @@ "files": "build/bin/config/oscap/ssg-rhel9-ds.xml|^.secrets.baseline$", "lines": null }, - "generated_at": "2026-01-12T15:19:33Z", + "generated_at": "2026-01-22T06:10:17Z", "plugins_used": [ { "name": "AWSKeyDetector" @@ -352,7 +352,7 @@ "hashed_secret": "b2817467154949a61f8e9ad31d1eeaf03221cbfa", "is_secret": false, "is_verified": false, - "line_number": 242, + "line_number": 249, "type": "Secret Keyword", "verified_result": null } @@ -552,7 +552,7 @@ "hashed_secret": "fee2d55ad9a49a95fc89abe8f414dad66704ebfd", "is_secret": false, "is_verified": false, - "line_number": 17, + "line_number": 18, "type": "Secret Keyword", "verified_result": null } diff --git a/image/cli/mascli/functions/gitops_dro b/image/cli/mascli/functions/gitops_dro index b096e53b3d5..c3c87546d79 100644 --- a/image/cli/mascli/functions/gitops_dro +++ b/image/cli/mascli/functions/gitops_dro @@ -30,9 +30,10 @@ AWS Secrets Manager Configuration (Required): --secrets-path ${COLOR_YELLOW}SECRETS_PATH${TEXT_RESET} Secrets Manager path IBM DRO & IMO Config (Optional): - --dro-install-plan ${COLOR_YELLOW}DRO_INSTALL_PLAN${TEXT_RESET} DRO subscription install plan approval('Automatic' or 'Manual'. Default is 'Automatic') - --imo-install-plan ${COLOR_YELLOW}IMO_INSTALL_PLAN${TEXT_RESET} IMO subscription install plan approval('Automatic' or 'Manual'. Default is 'Automatic') + --dro-install-plan ${COLOR_YELLOW}DRO_INSTALL_PLAN${TEXT_RESET} DRO subscription install plan approval('Automatic' or 'Manual'. Default is 'Automatic') + --imo-install-plan ${COLOR_YELLOW}IMO_INSTALL_PLAN${TEXT_RESET} IMO subscription install plan approval('Automatic' or 'Manual'. Default is 'Automatic') --dro-public-domain ${COLOR_YELLOW}DRO_PUBLIC_DOMAIN${TEXT_RESET} Domain of DRO if it needs to be exposed publicly + --dro-cis-crn ${COLOR_YELLOW}DRO_CIS_CRN${TEXT_RESET} CIS CRN Automatic GitHub Push (Optional): -P, --github-push ${COLOR_YELLOW}GITHUB_PUSH${TEXT_RESET} Enable automatic push to GitHub @@ -120,6 +121,9 @@ function gitops_dro_noninteractive() { --dro-public-domain) export DRO_PUBLIC_DOMAIN=$1 && shift ;; + --dro-cis-crn) + export DRO_CIS_CRN=$1 && shift + ;; # Automatic GitHub Push -P|--github-push) @@ -234,6 +238,9 @@ function gitops_dro() { if [[ -n "$DRO_PUBLIC_DOMAIN" ]]; then echo_reset_dim "DRO_PUBLIC_DOMAIN ....................... ${COLOR_MAGENTA}${DRO_PUBLIC_DOMAIN}" fi + if [[ -n "$DRO_CIS_CRN" ]]; then + echo_reset_dim "DRO_CIS_CRN .......................... ${COLOR_MAGENTA}${DRO_CIS_CRN}" + fi reset_colors echo "${TEXT_DIM}" diff --git a/image/cli/mascli/templates/gitops/appset-configs/cluster/ibm-dro.yaml.j2 b/image/cli/mascli/templates/gitops/appset-configs/cluster/ibm-dro.yaml.j2 index 465183e0dd3..a48aa8e10a3 100644 --- a/image/cli/mascli/templates/gitops/appset-configs/cluster/ibm-dro.yaml.j2 +++ b/image/cli/mascli/templates/gitops/appset-configs/cluster/ibm-dro.yaml.j2 @@ -7,10 +7,11 @@ ibm_dro: dro_cmm_setup: {{ DRO_CMM_SETUP }} dro_install_plan: {{ DRO_INSTALL_PLAN }} imo_install_plan: {{ IMO_INSTALL_PLAN }} -{% if DRO_PUBLIC_DOMAIN is defined and DRO_PUBLIC_DOMAIN %} +{% if DRO_PUBLIC_DOMAIN is defined and DRO_PUBLIC_DOMAIN and CIS_CRN is defined and CIS_CRN %} dro_public_domain: {{ DRO_PUBLIC_DOMAIN }} tls_certificate: "" tls_key: "" + cis_crn: {{ CIS_CRN }} {% endif %} {% if DRO_CMM_SETUP is defined and DRO_CMM_SETUP %} dro_cmm: diff --git a/tekton/src/pipelines/gitops/gitops-mas-cluster.yml.j2 b/tekton/src/pipelines/gitops/gitops-mas-cluster.yml.j2 index 6358fc10940..0042dab3184 100644 --- a/tekton/src/pipelines/gitops/gitops-mas-cluster.yml.j2 +++ b/tekton/src/pipelines/gitops/gitops-mas-cluster.yml.j2 @@ -66,6 +66,9 @@ spec: - name: dro_public_domain type: string default: "" + - name: dro_cis_crn + type: string + default: "" - name: nvidia_gpu_action type: string @@ -431,6 +434,8 @@ spec: value: $(params.imo_install_plan) - name: dro_public_domain value: $(params.dro_public_domain) + - name: dro_cis_crn + value: $(params.dro_cis_crn) taskRef: kind: Task name: gitops-dro diff --git a/tekton/src/tasks/gitops/gitops-dro.yml.j2 b/tekton/src/tasks/gitops/gitops-dro.yml.j2 index 1450dcf3931..d2df833a4b4 100644 --- a/tekton/src/tasks/gitops/gitops-dro.yml.j2 +++ b/tekton/src/tasks/gitops/gitops-dro.yml.j2 @@ -44,6 +44,9 @@ spec: - name: dro_public_domain type: string default: "" + - name: dro_cis_crn + type: string + default: "" stepTemplate: name: gitops-dro env: @@ -79,6 +82,8 @@ spec: value: $(params.imo_install_plan) - name: DRO_PUBLIC_DOMAIN value: $(params.dro_public_domain) + - name: DRO_CIS_CRN + value: $(params.dro_cis_crn) envFrom: - configMapRef: name: environment-properties