updates to pipline

Author: cloudnativetoolkit

8.10.x/pipeline-run.yaml

@@ -16,7 +16,7 @@ spec:
       volumeClaimTemplate:
         spec:
           accessModes:
-            - ReadWriteOnce
+            - ReadWriteMany
           resources:
             requests:
               storage: 1Gi

8.10.x/pipeline.yaml

@@ -62,61 +62,6 @@ spec:
       type: string
       default: "ReadWriteMany"
   tasks:
-    - name: add-namespace
-      taskRef:
-        kind: Task
-        name: ibm-pak
-      params:
-        - name: SCRIPT
-          value: |
-            oc apply -f - <<EOF
-            kind: Namespace
-            apiVersion: v1
-            metadata:
-              name: $(params.namespace)
-            EOF
-    - name: get-maximo-licensefile
-      workspaces:
-        - name: ws
-      params:
-        - name: KEY_ID
-          value: 0ae3295c-95dd-c323-82af-1be5587d998f
-        - name: SECRETS_MANAGER_ENDPOINT_URL
-          value: >-
-            https://afa20521-cd75-4864-843f-e59fd0ffd49d.us-south.secrets-manager.appdomain.cloud
-        - name: LICENSE_FILE_SECRET_NAME
-          value: "$(params.license-file-secret-name)"
-      taskSpec:
-        workspaces:
-          - name: ws
-        params:
-          - name: KEY_ID
-          - name: SECRETS_MANAGER_ENDPOINT_URL
-          - name: LICENSE_FILE_SECRET_NAME
-        steps:
-          - name: write-maximo-licensefile
-            image: quay.io/openshift/origin-cli:4.10
-            script: |
-              #!/usr/bin/env bash
-
-              if [[ $(params.LICENSE_FILE_SECRET_NAME) == "false" ]]; then
-                # Retrieve the IBM Cloud API Key configured in a `deployer` cluster
-                export IBMCLOUD_API_KEY=$(oc get secret ibm-secret -n kube-system -o jsonpath='{.data.apiKey}' | base64 -d)
-                export AUTH_RESPONSE_JSON=$(curl -s -X POST \
-                  "https://iam.cloud.ibm.com/identity/token" \
-                  --header 'Content-Type: application/x-www-form-urlencoded' \
-                  --header 'Accept: application/json' \
-                  --data-urlencode 'grant_type=urn:ibm:params:oauth:grant-type:apikey' \
-                  --data-urlencode "apikey=${IBMCLOUD_API_KEY}")
-                export ACCESS_TOKEN=$(echo $AUTH_RESPONSE_JSON | grep -o '"access_token":"[^"]*' | grep -o '[^"]*$')
-                export SECRET_JSON=$(curl -s -X GET --location --header "Authorization: Bearer ${ACCESS_TOKEN}" --header "Accept: application/json" "$(params.SECRETS_MANAGER_ENDPOINT_URL)/api/v2/secrets/$(params.KEY_ID)")
-                echo $SECRET_JSON |  grep -o '"payload":"[^"]*' | grep -o '[^"]*$' | base64 -d > $(workspaces.ws.path)/license.dat
-
-              else
-                oc get secret $(params.LICENSE_FILE_SECRET_NAME) -n kube-system -o jsonpath='{.data.apiKey}' | base64 -d > $(workspaces.ws.path)/license.dat
-              fi
-
-              cat $(workspaces.ws.path)/license.dat
     - name: get-ibm-entitlement-key
       taskRef:
         name: ibmcloud-secrets-manager-get
@@ -135,51 +80,94 @@ spec:
       runAfter:
         - get-ibm-entitlement-key
       params:
-        - name: entitlement-key
+        - name: retrieved-entitlement-key
           value: $(tasks.get-ibm-entitlement-key.results.secret-value)
       workspaces:
         - name: ws
       taskSpec:
         workspaces:
           - name: ws
         params:
-          - name: entitlement-key
+          - name: retrieved-entitlement-key
         steps:
           - name: set-entitlement-key
             image: quay.io/openshift/origin-cli:4.10
             script: |
               #!/usr/bin/env bash
-              echo $(params.entitlement-key) > $(workspaces.ws.path)/ek.dat
+              echo $(params.retrieved-entitlement-key) > $(workspaces.ws.path)/ek.dat
               echo "ek.dat created"
               exit
     - name: set-provided-entitlement-key
       workspaces:
         - name: ws
-      when:
-        - input: "$(params.ibm-entitlement-key)"
-          operator: notin
-          values: ["false"]
+      #when:
+      #  - input: "$(params.ibm-entitlement-key)"
+      #    operator: notin
+      #    values: ["false"]
       params:
-        - name: ibm-entitlement-key
+        - name: provided-entitlement-key
           value: "$(params.ibm-entitlement-key)"
       taskSpec:
         workspaces:
           - name: ws
         params:
-          - name: ibm-entitlement-key
+          - name: provided-entitlement-key
         steps:
           - name: set-entitlement
             image: quay.io/openshift/origin-cli:4.10
             script: |
               #!/usr/bin/env bash
-              echo $(params.ibm-entitlement-key) > $(workspaces.ws.path)/ek.dat
+              echo $(params.provided-entitlement-key) > $(workspaces.ws.path)/ek.dat
               echo "ek.dat created"
               exit
-    - name: install-mas
+    - name: get-maximo-licensefile
+      workspaces:
+        - name: ws
       runAfter:
-        - get-maximo-licensefile
         - set-provided-entitlement-key
         - set-retrieved-entitlement-key
+      params:
+        - name: KEY_ID
+          value: 0ae3295c-95dd-c323-82af-1be5587d998f
+        - name: SECRETS_MANAGER_ENDPOINT_URL
+          value: >-
+            https://afa20521-cd75-4864-843f-e59fd0ffd49d.us-south.secrets-manager.appdomain.cloud
+        - name: LICENSE_FILE_SECRET_NAME
+          value: "$(params.license-file-secret-name)"
+      taskSpec:
+        workspaces:
+          - name: ws
+        params:
+          - name: KEY_ID
+          - name: SECRETS_MANAGER_ENDPOINT_URL
+          - name: LICENSE_FILE_SECRET_NAME
+        steps:
+          - name: write-maximo-licensefile
+            image: quay.io/openshift/origin-cli:4.10
+            script: |
+              #!/usr/bin/env bash
+
+              if [[ $(params.LICENSE_FILE_SECRET_NAME) == "false" ]]; then
+                # Retrieve the IBM Cloud API Key configured in a `deployer` cluster
+                export IBMCLOUD_API_KEY=$(oc get secret ibm-secret -n kube-system -o jsonpath='{.data.apiKey}' | base64 -d)
+                export AUTH_RESPONSE_JSON=$(curl -s -X POST \
+                  "https://iam.cloud.ibm.com/identity/token" \
+                  --header 'Content-Type: application/x-www-form-urlencoded' \
+                  --header 'Accept: application/json' \
+                  --data-urlencode 'grant_type=urn:ibm:params:oauth:grant-type:apikey' \
+                  --data-urlencode "apikey=${IBMCLOUD_API_KEY}")
+                export ACCESS_TOKEN=$(echo $AUTH_RESPONSE_JSON | grep -o '"access_token":"[^"]*' | grep -o '[^"]*$')
+                export SECRET_JSON=$(curl -s -X GET --location --header "Authorization: Bearer ${ACCESS_TOKEN}" --header "Accept: application/json" "$(params.SECRETS_MANAGER_ENDPOINT_URL)/api/v2/secrets/$(params.KEY_ID)")
+                echo $SECRET_JSON |  grep -o '"payload":"[^"]*' | grep -o '[^"]*$' | base64 -d > $(workspaces.ws.path)/license.dat
+
+              else
+                oc get secret $(params.LICENSE_FILE_SECRET_NAME) -n default -o jsonpath='{.data.licensefile}' | base64 -d | base64 -d > $(workspaces.ws.path)/license.dat
+              fi
+
+              cat $(workspaces.ws.path)/license.dat
+    - name: install-mas
+      runAfter:
+        - get-maximo-licensefile
       workspaces:
         - name: ws
       params:
@@ -211,7 +199,6 @@ spec:
         workspaces:
           - name: ws
         params:
-          - name: ibm-entitlement-key
           - name: mas-instance-id
           - name: mas-workspace-id
           - name: mas-workspace-name

README.md

@@ -37,7 +37,7 @@ cat license.dat | base64 > license.dat.b64
 3. copy the output into an OpenShift secret in the default namespace
 
 ```
-oc create secret generic maximolicense --from-file=fil1=license.dat.b64
+oc create secret generic maximolicense --from-file=licensefile=license.dat.b64 -n default
 ```
 
 remember the name of the secret for the pipeline run.  ( in the example above "maximolicense" is the name)