stackrox · davdhacs · Feb 1, 2024 · Jan 24, 2024 · Jan 24, 2024 · Jan 24, 2024
@@ -1024,6 +1024,107 @@
     - name: cluster-console-password
       description: The password to login at the openshift console
 
+#########################
+#  Openshift IBM ROKS   #
+#########################
+- id: ibmroks
+  name: IBM ROKS
+  description: IBM ROKS cluster on VPC infrastructure.
+  availability: stable
+  workflow: configuration/workflow-openshift-ibmroks.yaml
+  parameters:
+    - name: name
+      description: cluster name
+      value: example1
+      help: |
+        The name must start with a letter, can contain letters,
+        numbers, periods (.), and hyphen (-), and must be 35
+        characters or fewer. Use a name that is unique across
+        regions. The cluster name and the region in which the
+        cluster is deployed form the fully qualified domain name
+        for the Ingress subdomain. To ensure that the Ingress
+        subdomain is unique within a region, the cluster name
+        might be truncated and appended with a random value within
+        the Ingress domain name.
+        <https://cloud.ibm.com/docs/openshift?topic=openshift-cluster-create-vpc-gen2&interface=cli>
+
+    - name: nodes
+      description: number of nodes
+      help: ACS may not start if memory < 48gb total
+      value: "3"
+      kind: optional
+
+    - name: instance-type
+      description: node machine type
+      value: cx2.8x16
+      kind: optional
+      help: |
+        <https://cloud.ibm.com/docs/openshift?topic=openshift-vpc-flavors>
+        ACS fails to start on ROKS instances with fewer
+        than 8 cores individually or memory less than 48GB combined.
+        ACS 4.2.2 successfully started on instance types below (minimum node count)
+        + cx2.8x16 (3)
+        + bx2.8x32 (2)
+        + mx2.8x64 (2)
+        + cx2.16x32 (2)
+        + bx2.16x64 (2)
+
+    - name: zone
+      description: IBM Cloud zone to deploy into
+      value: us-south-1
+      kind: optional
+      help: |
+        <https://cloud.ibm.com/docs/openshift?topic=openshift-regions-and-zones#zones-vpc>
+        Example VPC-gen2 regions
+        + Berlin eu-de-1
+        + Dallas us-south-1
+        + Tokyo jp-tok-1
+
+    - name: vpc
+      description: VPC to deploy into.
+      value: infra
+      kind: optional
+      help: Empty for a new temporary vpc to be created.
+
+    - name: public-gateway
+      description: Public gateway for vpc external access.
+      value: infra-gateway
+      kind: optional
+      help: Empty for a new temporary gateway to be created.
+
+    - name: subnet
+      description: Subnet within the vpc.
+      value: ""
+      kind: optional
+      help: Empty for a new temporary subnet to be created.
+
+    - name: openshift-version
+      description: ROKS Openshift major.minor version
+      value: ""
+      kind: optional
+      help: <https://cloud.ibm.com/docs/openshift?topic=openshift-openshift_versions> Keep empty for default stable version.
+
+  artifacts:
+    - name: kubeconfig
+      description: Kube config for connecting to this cluster
+
+    - name: admin-key
+      description: client key for kubeconfig connections
+
+    - name: admin
+      description: client certificate for kubeconfig connections
+
+    - name: dotenv
+      description: Environment variables used to access the cluster and consoles
+
+    - name: data
+      description: An archive that includes kubeconfig and keys to connect to the cluster
+
+    - name: cluster-console-url
+      description: The URL for the openshift console
+      tags: [url]
+
+
 {{ if ne .Values.environment "production" -}}
 #################
 #  URL artifact #

@@ -0,0 +1,140 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Workflow
+metadata:
+  generateName: roks-
+spec:
+  entrypoint: start
+  arguments:
+    parameters:
+      - name: name
+      - name: nodes
+        value: ""
+      - name: instance-type
+        value: ""
+      - name: zone
+        value: ""
+      - name: vpc
+        value: ""
+      - name: public-gateway
+        value: ""
+      - name: subnet
+        value: ""
+      - name: openshift-version
+        value: ""
+  volumeClaimTemplates:
+    - metadata:
+        name: data
+      spec:
+        accessModes: [ "ReadWriteOnce" ]
+        resources:
+          requests:
+            storage: 10Mi
+
+  templates:
+    - name: start
+      steps:
+        - - name: create
+            template: create
+
+        - - name: wait
+            template: wait
+
+        - - name: destroy
+            template: destroy
+
+    - name: create
+      activeDeadlineSeconds: 7200
+      container:
+        image: quay.io/stackrox-io/ci:automation-flavors-ibmroks-0.9.14
+        imagePullPolicy: Always
+        command:
+          - ./entrypoint.sh
+        args:
+          - create
+          - "{{workflow.parameters.name}}"
+        env:
+          - name: IBM_ROKS_API_KEY
+            valueFrom:
+              secretKeyRef:
+                name: ibm-cloud-secrets
+                key: IBM_ROKS_API_KEY
+          - name: NODE_COUNT
+            value: "{{workflow.parameters.nodes}}"
+          - name: INSTANCE_TYPE
+            value: "{{workflow.parameters.instance-type}}"
+          - name: IBM_ZONE
+            value: "{{workflow.parameters.zone}}"
+          - name: OPENSHIFT_VERSION
+            value: "{{workflow.parameters.openshift-version}}"
+          - name: VPC_ID
+            value: "{{workflow.parameters.vpc}}"
+          - name: GATEWAY_ID
+            value: "{{workflow.parameters.public-gateway}}"
+          - name: SUBNET_ID
+            value: "{{workflow.parameters.subnet}}"
+          - name: CREATION_SOURCE
+            value: "infra"
+          - name: SCRATCH
+            value: "/data"
+        volumeMounts:
+          - name: data
+            mountPath: /data
+      outputs:
+        artifacts:
+          - name: kubeconfig
+            path: /data/kubeconfig
+            archive:
+              none: {}
+          - name: dotenv
+            path: /data/dotenv
+            archive:
+              none: {}
+          - name: admin-key
+            path: /data/admin-key.pem
+            archive:
+              none: {}
+          - name: admin
+            path: /data/admin.pem
+            archive:
+              none: {}
+          - name: data
+            path: /data/data.zip
+            archive:
+              none: {}
+          - name: cluster-console-url
+            path: /data/url
+            archive:
+              none: {}
+
+    - name: wait
+      suspend: {}
+
+    - name: destroy
+      activeDeadlineSeconds: 3600
+      container:
+        image: quay.io/stackrox-io/ci:automation-flavors-ibmroks-0.9.14
+        imagePullPolicy: Always
+        command:
+          - ./entrypoint.sh
+        args:
+          - destroy
+          - "{{workflow.parameters.name}}"
+        env:
+          - name: IBM_ROKS_API_KEY
+            valueFrom:
+              secretKeyRef:
+                name: ibm-cloud-secrets
+                key: IBM_ROKS_API_KEY
+          - name: IBM_ZONE
+            value: "{{workflow.parameters.zone}}"
+          - name: VPC_ID
+            value: "{{workflow.parameters.vpc}}"
+          - name: GATEWAY_ID
+            value: "{{workflow.parameters.public-gateway}}"
+          - name: SUBNET_ID
+            value: "{{workflow.parameters.subnet}}"
+          - name: SCRATCH
+            value: "/data"
+        volumeMounts:
+          - name: data
+            mountPath: /data
@@ -0,0 +1,10 @@
+---
+apiVersion: v1
+kind: Secret
+type: Opaque
+metadata:
+  name: ibm-cloud-secrets
+  namespace: default
+data:
+  IBM_ROKS_API_KEY: |-
+    {{ .Values.ibmCloudSecrets.ibmRoksApiKey | b64enc }}
@@ -67,6 +67,9 @@ data:
   workflow-openshift-rosa-hcp.yaml: |-
     {{- .Files.Get "static/workflow-openshift-rosa-hcp.yaml" | b64enc | nindent 4 }}
 
+  workflow-openshift-ibmroks.yaml: |-
+    {{- .Files.Get "static/workflow-openshift-ibmroks.yaml" | b64enc | nindent 4 }}
+
   workflow-osd-aws.yaml: |-
     {{- .Files.Get "static/workflow-osd-aws.yaml" | b64enc | nindent 4 }}