From c8dc7bfa4bb42ec5c5f5bfd3cce9a949e3b74581 Mon Sep 17 00:00:00 2001 From: Josef Harte Date: Thu, 14 May 2026 13:35:00 +0100 Subject: [PATCH 1/5] param for AI Service deprovisioning --- .secrets.baseline | 4 ++-- .../cluster/instance/ibm-aiservice-tenant.yaml.j2 | 1 + .../pipelines/gitops/gitops-aiservice-tenant-pipeline.yml.j2 | 5 +++++ tekton/src/tasks/gitops/gitops-aiservice-tenant.yml.j2 | 5 +++++ 4 files changed, 13 insertions(+), 2 deletions(-) diff --git a/.secrets.baseline b/.secrets.baseline index d2a2970abb..2a3f37ae45 100644 --- a/.secrets.baseline +++ b/.secrets.baseline @@ -3,7 +3,7 @@ "files": "build/bin/config/oscap/ssg-rhel9-ds.xml|^.secrets.baseline$|^docs/catalogs/", "lines": null }, - "generated_at": "2026-05-12T12:20:28Z", + "generated_at": "2026-05-14T12:34:45Z", "plugins_used": [ { "name": "AWSKeyDetector" @@ -654,7 +654,7 @@ "hashed_secret": "fee2d55ad9a49a95fc89abe8f414dad66704ebfd", "is_secret": false, "is_verified": false, - "line_number": 43, + "line_number": 44, "type": "Secret Keyword", "verified_result": null } diff --git a/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aiservice-tenant.yaml.j2 b/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aiservice-tenant.yaml.j2 index 165d8c2654..827070095c 100644 --- a/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aiservice-tenant.yaml.j2 +++ b/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aiservice-tenant.yaml.j2 @@ -8,6 +8,7 @@ ibm_aiservice_tenant: catalog_channel: "{{ CATALOG_CHANNEL }}" catalog_source: "{{ CATALOG_SOURCE }}" tenantNamespace: "{{ TENANT_NAMESPACE }}" + enable_deprovisioning: "{{ AISERVICE_ENABLE_DEPROVISIONING }}" mas_icr_cp: "{{ MAS_ICR_CP }}" mas_icr_cpopen: "{{ MAS_ICR_CPOPEN }}" diff --git a/tekton/src/pipelines/gitops/gitops-aiservice-tenant-pipeline.yml.j2 b/tekton/src/pipelines/gitops/gitops-aiservice-tenant-pipeline.yml.j2 index 05aacf86ca..30433d5986 100644 --- a/tekton/src/pipelines/gitops/gitops-aiservice-tenant-pipeline.yml.j2 +++ b/tekton/src/pipelines/gitops/gitops-aiservice-tenant-pipeline.yml.j2 @@ -24,6 +24,9 @@ spec: type: string - name: github_host type: string + - name: aiservice_enable_deprovisioning + type: string + default: "false" - name: aiservice_namespace type: string - name: aiservice_provision_tenant @@ -132,6 +135,8 @@ spec: value: $(params.github_repo) - name: github_host value: $(params.github_host) + - name: aiservice_enable_deprovisioning + value: $(params.aiservice_enable_deprovisioning) - name: aiservice_namespace value: $(params.aiservice_namespace) - name: aiservice_provision_tenant diff --git a/tekton/src/tasks/gitops/gitops-aiservice-tenant.yml.j2 b/tekton/src/tasks/gitops/gitops-aiservice-tenant.yml.j2 index 8afe759e3d..ddf02cca00 100644 --- a/tekton/src/tasks/gitops/gitops-aiservice-tenant.yml.j2 +++ b/tekton/src/tasks/gitops/gitops-aiservice-tenant.yml.j2 @@ -23,6 +23,9 @@ spec: type: string - name: github_host type: string + - name: aiservice_enable_deprovisioning + type: string + default: "false - name: aiservice_namespace type: string - name: aiservice_provision_tenant @@ -113,6 +116,8 @@ spec: value: $(params.github_host) - name: GITHUB_REPO value: $(params.github_repo) + - name: AISERVICE_ENABLE_DEPROVISIONING + value: $(params.aiservice_enable_deprovisioning) - name: AISERVICE_NAMESPACE value: $(params.aiservice_namespace) - name: AISERVICE_PROVISION_TENANT From 626e89202f5f7de6f489cfcbc4c5da70fbab0f6c Mon Sep 17 00:00:00 2001 From: Josef Harte Date: Tue, 19 May 2026 10:13:43 +0100 Subject: [PATCH 2/5] fix boolean value --- .../cluster/instance/ibm-aiservice-tenant.yaml.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aiservice-tenant.yaml.j2 b/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aiservice-tenant.yaml.j2 index 827070095c..0002c791f8 100644 --- a/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aiservice-tenant.yaml.j2 +++ b/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aiservice-tenant.yaml.j2 @@ -8,7 +8,7 @@ ibm_aiservice_tenant: catalog_channel: "{{ CATALOG_CHANNEL }}" catalog_source: "{{ CATALOG_SOURCE }}" tenantNamespace: "{{ TENANT_NAMESPACE }}" - enable_deprovisioning: "{{ AISERVICE_ENABLE_DEPROVISIONING }}" + enable_deprovisioning: {{ AISERVICE_ENABLE_DEPROVISIONING }} mas_icr_cp: "{{ MAS_ICR_CP }}" mas_icr_cpopen: "{{ MAS_ICR_CPOPEN }}" From 855828e9c275a14146c1d2ad624a6108000f6b7b Mon Sep 17 00:00:00 2001 From: Josef Harte Date: Thu, 28 May 2026 10:58:30 +0100 Subject: [PATCH 3/5] handle empty var --- .secrets.baseline | 4 ++-- .../cluster/instance/ibm-aiservice-tenant.yaml.j2 | 2 ++ 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/.secrets.baseline b/.secrets.baseline index 2a3f37ae45..3ff94f5274 100644 --- a/.secrets.baseline +++ b/.secrets.baseline @@ -3,7 +3,7 @@ "files": "build/bin/config/oscap/ssg-rhel9-ds.xml|^.secrets.baseline$|^docs/catalogs/", "lines": null }, - "generated_at": "2026-05-14T12:34:45Z", + "generated_at": "2026-05-28T09:58:25Z", "plugins_used": [ { "name": "AWSKeyDetector" @@ -654,7 +654,7 @@ "hashed_secret": "fee2d55ad9a49a95fc89abe8f414dad66704ebfd", "is_secret": false, "is_verified": false, - "line_number": 44, + "line_number": 46, "type": "Secret Keyword", "verified_result": null } diff --git a/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aiservice-tenant.yaml.j2 b/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aiservice-tenant.yaml.j2 index 0002c791f8..70661dc832 100644 --- a/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aiservice-tenant.yaml.j2 +++ b/image/cli/mascli/templates/gitops/appset-configs/cluster/instance/ibm-aiservice-tenant.yaml.j2 @@ -8,7 +8,9 @@ ibm_aiservice_tenant: catalog_channel: "{{ CATALOG_CHANNEL }}" catalog_source: "{{ CATALOG_SOURCE }}" tenantNamespace: "{{ TENANT_NAMESPACE }}" +{% if AISERVICE_ENABLE_DEPROVISIONING is defined and AISERVICE_ENABLE_DEPROVISIONING != '' %} enable_deprovisioning: {{ AISERVICE_ENABLE_DEPROVISIONING }} +{% endif %} mas_icr_cp: "{{ MAS_ICR_CP }}" mas_icr_cpopen: "{{ MAS_ICR_CPOPEN }}" From 0b88936b540724162505412a4eafeb6d3f3940a6 Mon Sep 17 00:00:00 2001 From: Josef Harte Date: Thu, 28 May 2026 13:02:41 +0100 Subject: [PATCH 4/5] add CLI flag --- .secrets.baseline | 4 ++-- image/cli/mascli/functions/gitops_aiservice_tenant | 6 ++++++ 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/.secrets.baseline b/.secrets.baseline index 3ff94f5274..bf1d86fd3f 100644 --- a/.secrets.baseline +++ b/.secrets.baseline @@ -3,7 +3,7 @@ "files": "build/bin/config/oscap/ssg-rhel9-ds.xml|^.secrets.baseline$|^docs/catalogs/", "lines": null }, - "generated_at": "2026-05-28T09:58:25Z", + "generated_at": "2026-05-28T12:02:34Z", "plugins_used": [ { "name": "AWSKeyDetector" @@ -234,7 +234,7 @@ "hashed_secret": "b2817467154949a61f8e9ad31d1eeaf03221cbfa", "is_secret": false, "is_verified": false, - "line_number": 372, + "line_number": 377, "type": "Secret Keyword", "verified_result": null } diff --git a/image/cli/mascli/functions/gitops_aiservice_tenant b/image/cli/mascli/functions/gitops_aiservice_tenant index 6294f5f492..0bc20d7d08 100644 --- a/image/cli/mascli/functions/gitops_aiservice_tenant +++ b/image/cli/mascli/functions/gitops_aiservice_tenant @@ -27,6 +27,7 @@ ibm_aiservice_tenant(required): --aiservice-watsonxai-url ${COLOR_YELLOW}AISERVICE_WATSONXAI_URL${TEXT_RESET} Endpoint URL for Watsonx.ai --aiservice-watsonx-full ${COLOR_YELLOW}AISERVICE_WATSONX_FULL${TEXT_RESET} Full URL for Watsonx.ai including API key --tenant-scheduling-config-file ${COLOR_YELLOW}TENANT_SCHEDULING_CONFIG_FILE${TEXT_RESET} Path to tenant scheduling configuration file (tolerations and nodeSelector) + --enable-deprovisioning ${COLOR_YELLOW}AISERVICE_ENABLE_DEPROVISIONING${TEXT_RESET} When true, the tenant is deprovisioned when its AIServiceTenant CR is deleted AiService : --aiservice-namespace ${COLOR_YELLOW}AISERVICE_NAMESPACE${TEXT_RESET} The namespace where AI Service is deployed @@ -262,6 +263,10 @@ function gitops_aiservice_tenant_noninteractive() { export TENANT_SCHEDULING_CONFIG_YAML=$1 && shift ;; + --enable-deprovisioning) + export AISERVICE_ENABLE_DEPROVISIONING=$1 && shift + ;; + # Automatic GitHub Push -P|--github-push) export GITHUB_PUSH=true @@ -401,6 +406,7 @@ function gitops_aiservice_tenant() { echo_reset_dim "tenant ID ...................................................... ${COLOR_MAGENTA}${TENANT_ID}" echo_reset_dim "cluster domain ................................................. ${COLOR_MAGENTA}${CLUSTER_DOMAIN}" echo_reset_dim "in SaaS environment ............................................ ${COLOR_MAGENTA}${IN_SAAS_ENV}" + echo_reset_dim "deprovisioning enabled ......................................... ${COLOR_MAGENTA}${AISERVICE_ENABLE_DEPROVISIONING}" if [[ -n "$TENANT_SCHEDULING_CONFIG_YAML" ]]; then echo_reset_dim "Scheduling constraints (tolerations/nodeSelector) .............. ${COLOR_MAGENTA}${TENANT_SCHEDULING_CONFIG_YAML}" else From 7d21d297e851e8c89e68e27b2319bd4ebabb572f Mon Sep 17 00:00:00 2001 From: Josef Harte Date: Fri, 29 May 2026 09:29:14 +0100 Subject: [PATCH 5/5] fix quotes --- tekton/src/tasks/gitops/gitops-aiservice-tenant.yml.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tekton/src/tasks/gitops/gitops-aiservice-tenant.yml.j2 b/tekton/src/tasks/gitops/gitops-aiservice-tenant.yml.j2 index 524f528c63..fef11dd379 100644 --- a/tekton/src/tasks/gitops/gitops-aiservice-tenant.yml.j2 +++ b/tekton/src/tasks/gitops/gitops-aiservice-tenant.yml.j2 @@ -25,7 +25,7 @@ spec: type: string - name: aiservice_enable_deprovisioning type: string - default: "false + default: "false" - name: aiservice_namespace type: string - name: aiservice_provision_tenant