Skip to content

Add doc for ibmcloud #422

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
openshift-merge-robot merged 2 commits into from
Dec 2, 2021
Merged

Add doc for ibmcloud #422

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
f48569b
Add doc for ibmcloud
mkumatag Nov 18, 2021
26edc77
add --create option
mkumatag Nov 19, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
54 changes: 54 additions & 0 deletions docs/ccoctl.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -161,3 +161,57 @@ $ ccoctl gcp delete --name=<name> --project=<gcp-project-id>
```

where `name` is the name prefix used to create cloud resources. `project` is the ID of the gcp project.

## IBMCloud

### Global flags

By default, the tool will output to the directory the command(s) were run in. To specify a directory, use the `--output-dir` flag.

### Extract the Credentials Request objects from the above release image

`ccoctl ibmcloud` can process two kind of credentials requests - `IBMCloudProviderSpec`, `IBMCloudPowerVSProviderSpec` and here are the steps to extract them from the release image

#### IBM Cloud

This extracts the credentials of kind `IBMCloudProviderSpec`

```bash
mkdir credreqs ; oc adm release extract --cloud=ibmcloud --credentials-requests $RELEASE_IMAGE --to=./credreqs
```

#### IBM Cloud Power VS

This extracts the credentials of kind `IBMCloudPowerVSProviderSpec`

```bash
mkdir credreqs ; oc adm release extract --cloud=powervs --credentials-requests $RELEASE_IMAGE --to=./credreqs
```

### Creating Service IDs

This command will create the service ID for each credential request, assign the policies defined, creates an API key in the IBM Cloud and generates the secret.

```bash
ccoctl ibmcloud create-service-id --credentials-requests-dir <path-to-directory-with-list-of-credentials-requests> --name <name> --resource-group-name <resource-group-name>
```

> Note: --resource-group-name option is optional, but it is recommended to use to have finer grained access to the resources.

### Refresh the API keys for Service ID

```bash
ccoctl ibmcloud refresh-keys --kubeconfig <openshift-kubeconfig-file> --credentials-requests-dir <path-to-directory-with-list-of-credentials-requests> --name <name>
```

> Note: Any new credential request in the credentials request directory will require the --create parameter.

> **WARNING**: The above command will replace the old API key with newly created api key, hence all the effecting pods need to be recreated after successful of the command.

### Deleting the Service IDs

This command will delete the service id from the IBM Cloud

```bash
ccoctl ibmcloud delete-service-id --credentials-requests-dir <path-to-directory-with-list-of-credentials-requests> --name <name>
```