This blog will help to explain how to configure and use the GitOps objects within an IBM DataPower Gateway.
DataPower integration with Git is provided at domain level with a suite of GitOps objects. GitOps converts persisted configuration within a domain to JSON, and operates on the converted document by using JSONata queries and transforms. GitOps performs Git pulls, adds, commits, and templating on DataPower.
Configuring the GitOps object
Pre-requisites:
SetUp a Personal branch
1- Clone the repository git clone {URL}
2- Checkout a personal branch git checkout -b $USER
3- Push your personal branch to the remote: git push -u origin $USER:$USER
Configure GitOps using HTTPS
1- Go to https://github.ibm.com/settings/tokens
2- Click Generate new token.
3- Minimum Scopes required:
repo
read:org
4-Fill out the remainder of the form.
5- Click Generate token
6- Copy the token to a safe place.
Configure GitOps using SSH
-Setup personal SSH key
To connect to GHE (github.ibm.com) via SSH, you must upload your public key to your profile:
https://github.ibm.com/settings/keys
Acquire SSH hostkey(s) for github.ibm.com for validation
To connect GitOps to github.ibm.com via SSH, you first need to retrieve the SSH hostkey(s) for
github.ibm.com.
SSH validation
The ssh-authorized-keyfile field in the gitops object can be configured to validate the Git remote's SSH
hostkey during SSH handshake. The value of this field should be a file system path to a
AuthorizedKeysFile containing the trusted public keys for the Git remote.
Steps:
1- Login to Datapower with “Default” domain and create a specific domain for GitOps
Connection.
2- Create a Datapower Object( eg:- XMLFirewall service) for adding configuration under Git.
3- Navigate to GitOps Template Object under Configuration Management.
4- Add a Template for above create datapower object.( Eg: XMLFirewall).
5- Create Datapower GitOps Template Object.
6- Create a SSH Client Profile Object as required for GitOps connection under SSH.
7- Navigate to GitOps under the same domain to Modify GitOps Object.
8- Enter the Connection details:
8.1 Remote Location is actual github URL for based on connection type SSH/HTTPS
8.2 Connection Type can be SSH or HTTPS
8.3 SSH Client Profile should be same as created above at step#6.
8.4 Authorized_keys for SSH connection to be added as a file.
Note: Add a Username, Password Alias & HTTP validation Credential while creating HTTPS connection.
9- Add Sync Details:
9.1 Operation Mode as “read/write” or “read-only”
9.2 Commit identifier should be the GitOps branch where JSON configuration is to be saved..
9.3 Git User field should have user id for which connection has to be established.
9.4 Git email field should be the email-id of the above user.
9.5 JSON Parse settings define parser limits for messages with JSON Payloads.
10- Template Policy: Add the GitOps Template created at step#5 under policy.
11- Perform GitOps write Action to add configuration in JSON format to Github.
11.1 Commit message to be added while performing GitOps Write for references.
11.2 Force : Specify whether to force the write operation regardless of being detached from HEAD.
11.3 Dry Run : Specify whether to read from the GitOps location or the specified system file.
12- Perform GitOps Template Write Action
12.1- Template: Same Template Name should be captured while performing write action.
12.2- Commit message is message for references.
12.3- Force: Specify whether to force the write operation regardless of being detached from
HEAD.
13- Perform GitOps Read Action
13.1 Force: Specify whether to force the read operation regardless of being detached from
HEAD.
13.2 Dry Run: Specify whether to read from the GitOps location or the specified system file.
14- Validate GitOps Status under Configuration of Datapower
15- LookUp for JSONata expression and Output Write-mode / Read-mode
16- Check for GitOps Template Status under Configuration of Datapower.
17- GitOps Variable: Create a GitOps Variable in Configuration Management under Default
domain and the same can be used while creating template under Property value.
17.1 Add Variable Name and Value under Variable section
KeyPoints:
1- Users can check JSON Expression after logging into Gitops repository under a dedicated branch.
2- Template changes to be found under the same branch.
3- A new GitOps domain singleton object is created within each domain.
4- Custom templates allow the ability to produce configuration changes that are not idempotent through a GitOps write and read cycle.
Reference:
1- https://www.ibm.com/docs/en/datapower-gateway/10.5.x?topic=gateway-gitops-integration
2- https://www.ibm.com/docs/en/datapower-gateway/10.5.x?topic=integration-defining-gitops