diff --git a/instance-applications/113-ibm-aiservice/templates/02-aiservice-sls-secret.yaml b/instance-applications/113-ibm-aiservice/templates/02-aiservice-sls-secret.yaml index fbbdb37ad..116115960 100644 --- a/instance-applications/113-ibm-aiservice/templates/02-aiservice-sls-secret.yaml +++ b/instance-applications/113-ibm-aiservice/templates/02-aiservice-sls-secret.yaml @@ -1,3 +1,4 @@ +{{- if hasPrefix "9.1." .Values.aiservice_channel }} --- apiVersion: v1 kind: Secret @@ -8,4 +9,5 @@ metadata: argocd.argoproj.io/sync-wave: "141" type: Opaque data: - SLS_REGISTRATION_KEY: {{ .Values.slscfg_registration_key | default "" | toString | b64enc | quote }} \ No newline at end of file + SLS_REGISTRATION_KEY: {{ .Values.slscfg_registration_key | default "" | toString | b64enc | quote }} +{{- end}} diff --git a/instance-applications/115-ibm-aiservice-tenant/templates/01-aiservice-sls-secret.yaml b/instance-applications/115-ibm-aiservice-tenant/templates/01-aiservice-sls-secret.yaml index 82482091e..d768e5759 100644 --- a/instance-applications/115-ibm-aiservice-tenant/templates/01-aiservice-sls-secret.yaml +++ b/instance-applications/115-ibm-aiservice-tenant/templates/01-aiservice-sls-secret.yaml @@ -3,7 +3,11 @@ apiVersion: v1 kind: Secret metadata: name: "{{ .Values.tenantNamespace }}----sls-secret" + {{- if hasPrefix "9.1." .Values.aiservice_channel }} namespace: "{{ .Values.aiservice_namespace }}" + {{- else }} + namespace: "{{ .Values.tenantNamespace }}" + {{- end }} annotations: argocd.argoproj.io/sync-wave: "301" labels: diff --git a/instance-applications/115-ibm-aiservice-tenant/templates/06-aiservice-tenant-operator-subscription.yaml b/instance-applications/115-ibm-aiservice-tenant/templates/06-aiservice-tenant-operator-subscription.yaml new file mode 100644 index 000000000..1b9bbd921 --- /dev/null +++ b/instance-applications/115-ibm-aiservice-tenant/templates/06-aiservice-tenant-operator-subscription.yaml @@ -0,0 +1,30 @@ +{{- if (not (hasPrefix "9.1." .Values.aiservice_channel)) }} +--- +apiVersion: operators.coreos.com/v1 +kind: OperatorGroup +metadata: + name: "{{ .Values.tenantNamespace }}" + namespace: "{{ .Values.tenantNamespace }}" + annotations: + argocd.argoproj.io/sync-wave: "306" + argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true +spec: + targetNamespaces: + - "{{ .Values.tenantNamespace }}" + +--- +apiVersion: operators.coreos.com/v1alpha1 +kind: Subscription +metadata: + name: ibm-aiservice-tenant + namespace: "{{ .Values.tenantNamespace }}" + annotations: + argocd.argoproj.io/sync-wave: "306" + argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true +spec: + channel: "{{ .Values.aiservice_channel }}" + installPlanApproval: Automatic + name: ibm-aiservice-tenant + source: "{{ .Values.mas_catalog_source }}" + sourceNamespace: openshift-marketplace +{{- end }} diff --git a/instance-applications/115-ibm-aiservice-tenant/templates/06-aiservice-workspace.yaml b/instance-applications/115-ibm-aiservice-tenant/templates/06-aiservice-workspace.yaml index e8b78c57d..db4822009 100644 --- a/instance-applications/115-ibm-aiservice-tenant/templates/06-aiservice-workspace.yaml +++ b/instance-applications/115-ibm-aiservice-tenant/templates/06-aiservice-workspace.yaml @@ -3,7 +3,11 @@ apiVersion: aiservice.ibm.com/v1 kind: AIServiceTenant metadata: name: "{{ .Values.tenantNamespace }}" + {{- if hasPrefix "9.1." .Values.aiservice_channel }} namespace: "{{ .Values.aiservice_namespace }}" + {{- else }} + namespace: "{{ .Values.tenantNamespace }}" + {{- end }} annotations: argocd.argoproj.io/sync-wave: "307" ansible.sdk.operatorframework.io/verbosity: "{{ .Values.aiservice_operator_log_level }}" @@ -43,4 +47,4 @@ spec: entitlement: type: "{{ .Values.tenant_entitlement_type }}" startDate: "{{ .Values.tenant_entitlement_start_date }}" - endDate: "{{ .Values.tenant_entitlement_end_date }}" \ No newline at end of file + endDate: "{{ .Values.tenant_entitlement_end_date }}" diff --git a/instance-applications/115-ibm-aiservice-tenant/templates/08-aiservice-postsyncjob.yaml b/instance-applications/115-ibm-aiservice-tenant/templates/08-aiservice-postsyncjob.yaml index 21b3d3740..4d2dcf887 100644 --- a/instance-applications/115-ibm-aiservice-tenant/templates/08-aiservice-postsyncjob.yaml +++ b/instance-applications/115-ibm-aiservice-tenant/templates/08-aiservice-postsyncjob.yaml @@ -37,12 +37,23 @@ where multiple Jobs are created in our templates using a Helm loop. In those cas must be added to $_job_cleanup_group.By convention, we sha1sum this value to guarantee we never exceed the 63 char limit regardless of which discriminators are required here.*/}} {{- $_job_cleanup_group := cat $_job_name_prefix | sha1sum }} + +{{- $_namespace := .Values.tenantNamespace }} +{{- if hasPrefix "9.1." .Values.aiservice_channel }} + {{- $_namespace = .Values.aiservice_namespace }} +{{- end }} + +{{- $_name_suffix := "" }} +{{- if hasPrefix "9.1." .Values.aiservice_channel }} + {{- $_name_suffix = printf "-%s" .Values.tenantNamespace }} +{{- end }} + --- apiVersion: v1 kind: ServiceAccount metadata: - name: postsync-manage-aiservice-job-{{ .Values.tenantNamespace }} - namespace: "{{ .Values.aiservice_namespace }}" + name: "postsync-manage-aiservice-job{{ $_name_suffix }}" + namespace: "{{ $_namespace }}" annotations: argocd.argoproj.io/sync-wave: "309" @@ -50,8 +61,8 @@ metadata: apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - name: postsync-manage-aiservice-job-role-{{ .Values.tenantNamespace }} - namespace: "{{ .Values.aiservice_namespace }}" + name: "postsync-manage-aiservice-job-role{{ $_name_suffix }}" + namespace: "{{ $_namespace }}" annotations: argocd.argoproj.io/sync-wave: "310" rules: @@ -62,24 +73,24 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - name: postsync-manage-aiservice-job-rolebinding-{{ .Values.tenantNamespace }} - namespace: "{{ .Values.aiservice_namespace }}" + name: "postsync-manage-aiservice-job-rolebinding{{ $_name_suffix }}" + namespace: "{{ $_namespace }}" annotations: argocd.argoproj.io/sync-wave: "311" subjects: - kind: ServiceAccount - name: postsync-manage-aiservice-job-{{ .Values.tenantNamespace }} - namespace: "{{ .Values.aiservice_namespace }}" + name: "postsync-manage-aiservice-job{{ $_name_suffix }}" + namespace: "{{ $_namespace }}" roleRef: kind: Role - name: postsync-manage-aiservice-job-role-{{ .Values.tenantNamespace }} + name: "postsync-manage-aiservice-job-role{{ $_name_suffix }}" apiGroup: rbac.authorization.k8s.io --- apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: - name: allow-postsync-manage-ai-tenant-job-{{ .Values.tenantNamespace }} - namespace: "{{ .Values.aiservice_namespace }}" + name: "allow-postsync-manage-ai-tenant-job{{ $_name_suffix }}" + namespace: "{{ $_namespace }}" annotations: argocd.argoproj.io/sync-wave: "312" spec: @@ -95,7 +106,7 @@ apiVersion: batch/v1 kind: Job metadata: name: {{ $_job_name }} - namespace: "{{ .Values.aiservice_namespace }}" + namespace: "{{ $_namespace }}" annotations: argocd.argoproj.io/sync-wave: "313" argocd.argoproj.io/hook: PostSync @@ -106,6 +117,7 @@ metadata: {{ .Values.custom_labels | toYaml | indent 4 }} {{- end }} spec: + backoffLimit: 0 template: metadata: labels: @@ -114,7 +126,7 @@ spec: {{ .Values.custom_labels | toYaml | indent 8 }} {{- end }} spec: - serviceAccountName: postsync-manage-aiservice-job-{{ .Values.tenantNamespace }} + serviceAccountName: "postsync-manage-aiservice-job{{ $_name_suffix }}" restartPolicy: Never containers: - name: postsync-manage-aiservice-run @@ -139,6 +151,8 @@ spec: value: "{{ .Values.aiservice_s3_secretkey }}" - name: AVP_TYPE value: "aws" + - name: TARGET_NAMESPACE + value: "{{ $_namespace }}" command: - /bin/sh - -c @@ -157,7 +171,7 @@ spec: echo "Retrieve AIBroker API Key for tenant: ${AISERVICE_TENANT}" echo "================================================================================" - AISERVICE_APIKEY_SECRET=$(oc get secret ${AISERVICE_TENANT}----apikey-secret -n aiservice-${AISERVICE_INSTANCE_ID} -o jsonpath="{.data.AIBROKER_APIKEY}" | base64 --decode) + AISERVICE_APIKEY_SECRET=$(oc get secret ${AISERVICE_TENANT}----apikey-secret -n ${TARGET_NAMESPACE} -o jsonpath="{.data.AIBROKER_APIKEY}" | base64 --decode) if [ -z "$AISERVICE_APIKEY_SECRET" ]; then echo "AISERVICE_APIKEY_SECRET is empty" exit 1 @@ -182,11 +196,4 @@ spec: sm_update_secret "${SECRET_NAME_AISERVICE}" \ "{\"aiservice_apikey\": \"${AISERVICE_APIKEY_SECRET}\"}" \ "${TAGS}" || exit $? - exit 0 - volumes: - - name: postsync-manage-aiservice-{{ .Values.tenantNamespace }} - secret: - secretName: postsync-manage-aiservice-{{ .Values.tenantNamespace }} - defaultMode: 420 - optional: false - backoffLimit: 0 \ No newline at end of file + exit 0 \ No newline at end of file diff --git a/root-applications/ibm-aiservice-instance-root/values.yaml b/root-applications/ibm-aiservice-instance-root/values.yaml index baab575e8..243b4cb3e 100644 --- a/root-applications/ibm-aiservice-instance-root/values.yaml +++ b/root-applications/ibm-aiservice-instance-root/values.yaml @@ -193,7 +193,7 @@ ibm_aiservice: mas_aiservice_storage_host: "true" mas_aiservice_storage_port: "true" - # SLS + # SLS mas_aiservice_sls_registration_key_secret: "sls-registration-key" mas_aiservice_db_host: "mas_aiservice_db_host" diff --git a/root-applications/ibm-aiservice-tenant-root/templates/100-ibm-aiservice-tenant-app.yaml b/root-applications/ibm-aiservice-tenant-root/templates/100-ibm-aiservice-tenant-app.yaml index 32e061f39..d212a82d9 100644 --- a/root-applications/ibm-aiservice-tenant-root/templates/100-ibm-aiservice-tenant-app.yaml +++ b/root-applications/ibm-aiservice-tenant-root/templates/100-ibm-aiservice-tenant-app.yaml @@ -25,7 +25,11 @@ spec: project: "{{ .Values.argo.projects.apps }}" destination: server: {{ .Values.cluster.url }} - namespace: "{{ .Values.ibm_aiservice_tenant.aiservice_namespace }}" + {{- if hasPrefix "9.1." .Values.ibm_aiservice_tenant.aiservice_channel }} + namespace: "{{ .Values.aiservice_namespace }}" + {{- else }} + namespace: "{{ .Values.tenantNamespace }}" + {{- end }} source: repoURL: "{{ .Values.source.repo_url }}" path: instance-applications/115-ibm-aiservice-tenant @@ -35,12 +39,17 @@ spec: env: - name: {{ .Values.avp.values_varname }} value: | + mas_catalog_source: "{{ .Values.ibm_aiservice_tenant.mas_catalog_source }}" + tenant_id: "{{ .Values.ibm_aiservice_tenant.tenant_id }}" aiservice_instance_id: "{{ .Values.ibm_aiservice_tenant.aiservice_instance_id }}" aiservice_namespace: "{{ .Values.ibm_aiservice_tenant.aiservice_namespace }}" + aiservice_channel: "{{ .Values.ibm_aiservice_tenant.aiservice_channel }}" + account_id: "{{ .Values.account.id }}" region_id: "{{ .Values.region.id }}" cluster_id: "{{ .Values.cluster.id }}" + # SAAS aiservice_saas_apikey: "{{ .Values.ibm_aiservice_tenant.aiservice_saas_apikey }}" mas_aiservice_saas: "{{ .Values.ibm_aiservice_tenant.mas_aiservice_saas }}" diff --git a/root-applications/ibm-aiservice-tenant-root/values.yaml b/root-applications/ibm-aiservice-tenant-root/values.yaml index cd2db235e..1a7c0818a 100644 --- a/root-applications/ibm-aiservice-tenant-root/values.yaml +++ b/root-applications/ibm-aiservice-tenant-root/values.yaml @@ -190,9 +190,6 @@ ibm_aiservice: mas_aiservice_storage_host: "true" mas_aiservice_storage_port: "true" - # SLS - mas_aiservice_sls_registration_key_secret: "sls-registration-key" - mas_aiservice_db_host: "mas_aiservice_db_host" mas_aiservice_db_port: "mas_aiservice_db_port" mas_aiservice_db_secret_name: "mas_aiservice_db_secret_name" @@ -300,7 +297,6 @@ ibm_aiservice_tenant: mas_aiservice_watsonxai_project_id: MAS_AISERVICE_WATSONXAI_PROJECT_ID # SLS - #mas_aiservice_sls_registration_key_secret: "sls-registration-key" mas_aiservice_sls_subscription_id: "001" # S3