From d0e3f10e5c038180b80ab2e81ee1af2416664fc0 Mon Sep 17 00:00:00 2001 From: Bhautik Vala Date: Wed, 6 May 2026 15:32:31 +0530 Subject: [PATCH 1/8] [patch] Remove rsl related params and secret creation (now handle by operator) --- .../templates/02-aiservice-rsl-secret.yaml | 22 ------------------- .../templates/07-aiservice-workspace.yaml | 6 ++--- .../115-ibm-aiservice-tenant/values.yaml | 6 ----- 3 files changed, 3 insertions(+), 31 deletions(-) delete mode 100644 instance-applications/115-ibm-aiservice-tenant/templates/02-aiservice-rsl-secret.yaml diff --git a/instance-applications/115-ibm-aiservice-tenant/templates/02-aiservice-rsl-secret.yaml b/instance-applications/115-ibm-aiservice-tenant/templates/02-aiservice-rsl-secret.yaml deleted file mode 100644 index 15d00fbbd..000000000 --- a/instance-applications/115-ibm-aiservice-tenant/templates/02-aiservice-rsl-secret.yaml +++ /dev/null @@ -1,22 +0,0 @@ ---- - -apiVersion: v1 -kind: Secret -type: Opaque -metadata: - name: "{{ .Values.tenantNamespace }}----rsl-secret" - namespace: "{{ .Values.tenantNamespace }}" - labels: - aiservice.ibm.com/instanceId: "{{ .Values.aiservice_instance_id }}" -{{- if .Values.custom_labels }} -{{- range $key, $value := .Values.custom_labels }} - {{ $key | quote }}: {{ $value | quote }} -{{- end }} -{{- end }} - annotations: - argocd.argoproj.io/sync-wave: "302" -data: - rsl_org_id: {{ .Values.rsl_org_id | default "" | toString | b64enc | quote }} - rsl_url: {{ .Values.rsl_url | default "" | toString | b64enc | quote }} - rsl_token: {{ .Values.rsl_token | default "" | toString | b64enc | quote }} - ca.crt: {{ .Values.rsl_ca_crt | default "" | toString | b64enc | quote }} diff --git a/instance-applications/115-ibm-aiservice-tenant/templates/07-aiservice-workspace.yaml b/instance-applications/115-ibm-aiservice-tenant/templates/07-aiservice-workspace.yaml index 34ca6fb33..f91b9107b 100644 --- a/instance-applications/115-ibm-aiservice-tenant/templates/07-aiservice-workspace.yaml +++ b/instance-applications/115-ibm-aiservice-tenant/templates/07-aiservice-workspace.yaml @@ -32,10 +32,10 @@ spec: url: "{{ .Values.slscfg_url }}" secretName: "{{ .Values.tenantNamespace }}----sls-secret" ca: "{{ .Values.slscfg_ca_b64enc }}" + {{- if .Values.rsl_ca_crt }} rsl: - url: "{{ .Values.rsl_url }}" - orgId: "{{ .Values.rsl_org_id }}" - secretName: "{{ .Values.tenantNamespace }}----rsl-secret" + ca: "{{ .Values.rsl_ca_crt }}" + {{- end }} watsonxai: url: "{{ .Values.aiservice_watsonxai_url }}" secretName: "{{ .Values.tenantNamespace }}----wx-secret" diff --git a/instance-applications/115-ibm-aiservice-tenant/values.yaml b/instance-applications/115-ibm-aiservice-tenant/values.yaml index b8d1065f7..67181acd9 100644 --- a/instance-applications/115-ibm-aiservice-tenant/values.yaml +++ b/instance-applications/115-ibm-aiservice-tenant/values.yaml @@ -22,12 +22,6 @@ ibm_aiservice_tenant: slscfg_registration_key: "slscfg_registration_key" aiservice_sls_subscription_id: "001" - rsl_url: "rsl_url" - rsl_org_id: "rsl_org_id" - rsl_token: "rsl_token" - rsl_ca_crt: "rsl_ca_crt" - - # watsonx aiservice_watsonxai_url: "aiservice_watsonxai_url" aiservice_watsonxai_project_id: "aiservice_watsonxai_project_id" From 6ca2ab773f9a7c06e7d5e1d34f481dea10308561 Mon Sep 17 00:00:00 2001 From: Bhautik Vala Date: Wed, 6 May 2026 16:55:13 +0530 Subject: [PATCH 2/8] [patch] Remove rls params from the root-applications --- root-applications/ibm-aiservice-instance-root/values.yaml | 7 +++---- .../templates/100-ibm-aiservice-tenant-app.yaml | 5 +---- root-applications/ibm-aiservice-tenant-root/values.yaml | 7 +++---- 3 files changed, 7 insertions(+), 12 deletions(-) diff --git a/root-applications/ibm-aiservice-instance-root/values.yaml b/root-applications/ibm-aiservice-instance-root/values.yaml index d693b55df..96b64e4b6 100644 --- a/root-applications/ibm-aiservice-instance-root/values.yaml +++ b/root-applications/ibm-aiservice-instance-root/values.yaml @@ -272,10 +272,9 @@ ibm_aiservice_tenant: slscfg_registration_key: "slscfg_registration_key" aiservice_sls_subscription_id: "001" - rsl_url: "rsl_url" - rsl_org_id: "rsl_org_id" - rsl_token: "rsl_token" - rsl_ca_crt: "rsl_ca_crt" + # RSL - Per MASAIB-1915: Only CA cert needed for self-signed certificates + # RSL URL, Org ID, and token are provided during FMEA model creation in the UI + rsl_ca_crt: "" # Optional: Base64-encoded CA certificate for self-signed RSL endpoints # watsonx diff --git a/root-applications/ibm-aiservice-tenant-root/templates/100-ibm-aiservice-tenant-app.yaml b/root-applications/ibm-aiservice-tenant-root/templates/100-ibm-aiservice-tenant-app.yaml index 8fbdf2eba..c766fb77b 100644 --- a/root-applications/ibm-aiservice-tenant-root/templates/100-ibm-aiservice-tenant-app.yaml +++ b/root-applications/ibm-aiservice-tenant-root/templates/100-ibm-aiservice-tenant-app.yaml @@ -92,10 +92,7 @@ spec: aiservice_watsonxai_username: "{{ .Values.ibm_aiservice_tenant.aiservice_watsonxai_username }}" aiservice_watsonxai_verify: "{{ .Values.ibm_aiservice_tenant.aiservice_watsonxai_verify }}" - #rsl - rsl_url: "{{ .Values.ibm_aiservice_tenant.rsl_url }}" - rsl_org_id: "{{ .Values.ibm_aiservice_tenant.rsl_org_id }}" - rsl_token: "{{ .Values.ibm_aiservice_tenant.rsl_token }}" + #rsl - Per MASAIB-1915: Only CA cert for self-signed certificates rsl_ca_crt: "{{ .Values.ibm_aiservice_tenant.rsl_ca_crt }}" tenant_entitlement_type: "{{ .Values.ibm_aiservice_tenant.tenant_entitlement_type }}" diff --git a/root-applications/ibm-aiservice-tenant-root/values.yaml b/root-applications/ibm-aiservice-tenant-root/values.yaml index 52154a321..2c438097d 100644 --- a/root-applications/ibm-aiservice-tenant-root/values.yaml +++ b/root-applications/ibm-aiservice-tenant-root/values.yaml @@ -287,10 +287,9 @@ ibm_aiservice_tenant: # slscfg_ca: "slscfg_ca" # slscfg_tls: "slscfg_tls" # slscfg_key: "slscfg_key" - #RSL ##review - rsl_url: "rsl_url" - rsl_org_id: "rsl_org_id" - mas_aiservice_rsl_secret: "mas_aiservice_rsl_secret" + #RSL - Per MASAIB-1915: Only CA cert needed for self-signed certificates + # RSL URL, Org ID, and token are provided during FMEA model creation in the UI + rsl_ca_crt: "" # Optional: Base64-encoded CA certificate for self-signed RSL endpoints # WatsonX From 8eb34bdc517f2830ce480fd6f4724d03973d53f4 Mon Sep 17 00:00:00 2001 From: Bhautik Vala Date: Mon, 11 May 2026 09:42:28 +0530 Subject: [PATCH 3/8] Fix AIService postsync job to use real AWS Secrets Manager credentials --- .../templates/08-aiservice-postsyncjob.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/instance-applications/115-ibm-aiservice-tenant/templates/08-aiservice-postsyncjob.yaml b/instance-applications/115-ibm-aiservice-tenant/templates/08-aiservice-postsyncjob.yaml index 7fffffcef..1b37342cf 100644 --- a/instance-applications/115-ibm-aiservice-tenant/templates/08-aiservice-postsyncjob.yaml +++ b/instance-applications/115-ibm-aiservice-tenant/templates/08-aiservice-postsyncjob.yaml @@ -142,11 +142,11 @@ spec: - name: AISERVICE_TENANT value: "{{ .Values.tenantNamespace }}" - name: SM_AWS_REGION - value: "{{ .Values.aiservice_s3_region }}" + value: "us-east-2" - name: SM_AWS_ACCESS_KEY_ID - value: "{{ .Values.aiservice_s3_accesskey }}" + value: "{{ .Values.aiservice_sm_aws_accesskey }}" - name: SM_AWS_SECRET_ACCESS_KEY - value: "{{ .Values.aiservice_s3_secretkey }}" + value: "{{ .Values.aiservice_sm_aws_secretkey }}" - name: AVP_TYPE value: "aws" - name: TARGET_NAMESPACE From 05c2412224e731973ea754a1676ac621a709ab00 Mon Sep 17 00:00:00 2001 From: Bhautik Vala Date: Mon, 11 May 2026 09:54:28 +0530 Subject: [PATCH 4/8] Add AWS Secrets Manager credentials for AIService postsync job --- .../templates/100-ibm-aiservice-tenant-app.yaml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/root-applications/ibm-aiservice-tenant-root/templates/100-ibm-aiservice-tenant-app.yaml b/root-applications/ibm-aiservice-tenant-root/templates/100-ibm-aiservice-tenant-app.yaml index d6ccaed23..03701b6aa 100644 --- a/root-applications/ibm-aiservice-tenant-root/templates/100-ibm-aiservice-tenant-app.yaml +++ b/root-applications/ibm-aiservice-tenant-root/templates/100-ibm-aiservice-tenant-app.yaml @@ -83,7 +83,10 @@ spec: aiservice_s3_accesskey: "{{ .Values.ibm_aiservice_tenant.aiservice_s3_accesskey }}" aiservice_s3_secretkey: "{{ .Values.ibm_aiservice_tenant.aiservice_s3_secretkey }}" aiservice_s3_region: "{{ .Values.ibm_aiservice_tenant.aiservice_s3_region }}" - + + # AWS Secrets Manager credentials for postsync job + aiservice_sm_aws_accesskey: "{{ .Values.ibm_aiservice_tenant.aiservice_sm_aws_accesskey }}" + aiservice_sm_aws_secretkey: "{{ .Values.ibm_aiservice_tenant.aiservice_sm_aws_secretkey }}" # WatsonX aiservice_watsonxai_apikey: "{{ .Values.ibm_aiservice_tenant.aiservice_watsonxai_apikey }}" From 4d4b143d6fd76d46b77979995090dfaf6683c66a Mon Sep 17 00:00:00 2001 From: Bhautik Vala Date: Mon, 11 May 2026 12:26:29 +0530 Subject: [PATCH 5/8] [patch] Add default value at tenant instance level --- instance-applications/115-ibm-aiservice-tenant/values.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/instance-applications/115-ibm-aiservice-tenant/values.yaml b/instance-applications/115-ibm-aiservice-tenant/values.yaml index 3dec14916..1e4cbd246 100644 --- a/instance-applications/115-ibm-aiservice-tenant/values.yaml +++ b/instance-applications/115-ibm-aiservice-tenant/values.yaml @@ -31,6 +31,10 @@ ibm_aiservice_tenant: aiservice_watsonxai_version: "" aiservice_watsonxai_username: "" + # Only CA cert needed for self-signed certificates + # RSL URL, Org ID, and token are provided during FMEA model creation in the UI + rsl_ca_crt: "" + tenant_entitlement_type: "standard" tenant_entitlement_start_date: "2025-06-11" tenant_entitlement_end_date: "2049-11-11" From 1a1541cacea54e3a839d6f22ecfac847a4d9640b Mon Sep 17 00:00:00 2001 From: Bhautik Vala Date: Tue, 12 May 2026 15:48:54 +0530 Subject: [PATCH 6/8] [patch] Revert some workaround --- .../templates/08-aiservice-postsyncjob.yaml | 6 +++--- .../templates/100-ibm-aiservice-tenant-app.yaml | 4 ---- 2 files changed, 3 insertions(+), 7 deletions(-) diff --git a/instance-applications/115-ibm-aiservice-tenant/templates/08-aiservice-postsyncjob.yaml b/instance-applications/115-ibm-aiservice-tenant/templates/08-aiservice-postsyncjob.yaml index 1b37342cf..7fffffcef 100644 --- a/instance-applications/115-ibm-aiservice-tenant/templates/08-aiservice-postsyncjob.yaml +++ b/instance-applications/115-ibm-aiservice-tenant/templates/08-aiservice-postsyncjob.yaml @@ -142,11 +142,11 @@ spec: - name: AISERVICE_TENANT value: "{{ .Values.tenantNamespace }}" - name: SM_AWS_REGION - value: "us-east-2" + value: "{{ .Values.aiservice_s3_region }}" - name: SM_AWS_ACCESS_KEY_ID - value: "{{ .Values.aiservice_sm_aws_accesskey }}" + value: "{{ .Values.aiservice_s3_accesskey }}" - name: SM_AWS_SECRET_ACCESS_KEY - value: "{{ .Values.aiservice_sm_aws_secretkey }}" + value: "{{ .Values.aiservice_s3_secretkey }}" - name: AVP_TYPE value: "aws" - name: TARGET_NAMESPACE diff --git a/root-applications/ibm-aiservice-tenant-root/templates/100-ibm-aiservice-tenant-app.yaml b/root-applications/ibm-aiservice-tenant-root/templates/100-ibm-aiservice-tenant-app.yaml index 03701b6aa..1e85bfc5a 100644 --- a/root-applications/ibm-aiservice-tenant-root/templates/100-ibm-aiservice-tenant-app.yaml +++ b/root-applications/ibm-aiservice-tenant-root/templates/100-ibm-aiservice-tenant-app.yaml @@ -83,10 +83,6 @@ spec: aiservice_s3_accesskey: "{{ .Values.ibm_aiservice_tenant.aiservice_s3_accesskey }}" aiservice_s3_secretkey: "{{ .Values.ibm_aiservice_tenant.aiservice_s3_secretkey }}" aiservice_s3_region: "{{ .Values.ibm_aiservice_tenant.aiservice_s3_region }}" - - # AWS Secrets Manager credentials for postsync job - aiservice_sm_aws_accesskey: "{{ .Values.ibm_aiservice_tenant.aiservice_sm_aws_accesskey }}" - aiservice_sm_aws_secretkey: "{{ .Values.ibm_aiservice_tenant.aiservice_sm_aws_secretkey }}" # WatsonX aiservice_watsonxai_apikey: "{{ .Values.ibm_aiservice_tenant.aiservice_watsonxai_apikey }}" From 53cffb65c854cc520d6bb053aa010f8ebd8fca11 Mon Sep 17 00:00:00 2001 From: Bhautik Vala Date: Thu, 14 May 2026 17:15:12 +0530 Subject: [PATCH 7/8] [patch] Add empty string validation on rsl_ca_crt --- .../templates/07-aiservice-workspace.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/instance-applications/115-ibm-aiservice-tenant/templates/07-aiservice-workspace.yaml b/instance-applications/115-ibm-aiservice-tenant/templates/07-aiservice-workspace.yaml index 9f2a532b2..3e5c32ba0 100644 --- a/instance-applications/115-ibm-aiservice-tenant/templates/07-aiservice-workspace.yaml +++ b/instance-applications/115-ibm-aiservice-tenant/templates/07-aiservice-workspace.yaml @@ -33,7 +33,7 @@ spec: url: "{{ .Values.slscfg_url }}" secretName: "{{ .Values.tenantNamespace }}----sls-secret" ca: "{{ .Values.slscfg_ca_b64enc }}" - {{- if .Values.rsl_ca_crt }} + {{- if not (empty .Values.rsl_ca_crt) }} rsl: ca: "{{ .Values.rsl_ca_crt }}" {{- end }} From d33692b15ee1a68d475bf8dfeed8f88fdffa5f77 Mon Sep 17 00:00:00 2001 From: Bhautik Vala Date: Mon, 18 May 2026 11:01:52 +0530 Subject: [PATCH 8/8] [patch] Remove extra line --- instance-applications/115-ibm-aiservice-tenant/values.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/instance-applications/115-ibm-aiservice-tenant/values.yaml b/instance-applications/115-ibm-aiservice-tenant/values.yaml index d63d3aca1..69ae7c41b 100644 --- a/instance-applications/115-ibm-aiservice-tenant/values.yaml +++ b/instance-applications/115-ibm-aiservice-tenant/values.yaml @@ -23,7 +23,6 @@ aiservice_sls_subscription_id: "001" rsl_ca_crt: "" - # watsonx aiservice_watsonxai_url: "aiservice_watsonxai_url" aiservice_watsonxai_project_id: "aiservice_watsonxai_project_id"