From 2b5c548307eaa0347eb395ea2501277cb691939c Mon Sep 17 00:00:00 2001 From: Tyler Lynch Date: Wed, 18 Jun 2025 14:41:41 -0400 Subject: [PATCH 1/6] Add IBM architecture support (ppc64le and s390x) This commit adds support for IBM Power (ppc64le) and IBM Z/LinuxONE (s390x) architectures for both binary builds and Docker containers. Changes: - Add ppc64le and s390x to the build matrix in CI/CD pipeline - Add ppc64le and s390x Docker container builds - Update release artifacts configuration to include new architectures - Support for both regular and UBI-based container images This enables the vault-secrets-operator to run natively on: - IBM Power Systems (ppc64le) - IBM Z mainframes and LinuxONE (s390x) - Existing AMD64 and ARM64 architectures All builds are statically linked and include the necessary CRD scripts. --- .github/workflows/build.yaml | 6 +++--- .release/vault-secrets-operator-artifacts.hcl | 6 ++++++ 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 897e20927..45f3153ff 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -122,7 +122,7 @@ jobs: runs-on: ubuntu-latest strategy: matrix: - arch: ["arm64", "amd64"] + arch: ["arm64", "amd64", "ppc64le", "s390x"] fail-fast: true steps: - name: Checkout @@ -164,7 +164,7 @@ jobs: runs-on: ubuntu-latest strategy: matrix: - arch: ["arm64", "amd64"] + arch: ["arm64", "amd64", "ppc64le", "s390x"] env: repo: ${{github.event.repository.name}} version: ${{needs.get-product-version.outputs.product-version}} @@ -207,7 +207,7 @@ jobs: runs-on: ubuntu-latest strategy: matrix: - arch: ["arm64", "amd64"] + arch: ["arm64", "amd64", "ppc64le", "s390x"] env: repo: ${{github.event.repository.name}} version: ${{needs.get-product-version.outputs.product-version}} diff --git a/.release/vault-secrets-operator-artifacts.hcl b/.release/vault-secrets-operator-artifacts.hcl index c2af76305..b3648b78a 100644 --- a/.release/vault-secrets-operator-artifacts.hcl +++ b/.release/vault-secrets-operator-artifacts.hcl @@ -6,12 +6,18 @@ artifacts { zip = [ "vault-secrets-operator_${version}_linux_amd64.zip", "vault-secrets-operator_${version}_linux_arm64.zip", + "vault-secrets-operator_${version}_linux_ppc64le.zip", + "vault-secrets-operator_${version}_linux_s390x.zip", ] container = [ "vault-secrets-operator_release-default_linux_amd64_${version}_${commit_sha}.docker.tar", "vault-secrets-operator_release-default_linux_arm64_${version}_${commit_sha}.docker.tar", + "vault-secrets-operator_release-default_linux_ppc64le_${version}_${commit_sha}.docker.tar", + "vault-secrets-operator_release-default_linux_s390x_${version}_${commit_sha}.docker.tar", "vault-secrets-operator_release-ubi-redhat_linux_amd64_${version}_${commit_sha}.docker.redhat.tar", "vault-secrets-operator_release-ubi_linux_amd64_${version}_${commit_sha}.docker.tar", "vault-secrets-operator_release-ubi_linux_arm64_${version}_${commit_sha}.docker.tar", + "vault-secrets-operator_release-ubi_linux_ppc64le_${version}_${commit_sha}.docker.tar", + "vault-secrets-operator_release-ubi_linux_s390x_${version}_${commit_sha}.docker.tar", ] } From 7ddd9f0ba7d6fb3b3f6081f5c82d6bec5017c233 Mon Sep 17 00:00:00 2001 From: Tyler Lynch Date: Wed, 18 Jun 2025 15:06:36 -0400 Subject: [PATCH 2/6] Updated README.md and added the architecture support to the heml chart --- README.md | 11 +++++++++++ chart/values.yaml | 2 +- 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 3d2cd6862..da56da955 100644 --- a/README.md +++ b/README.md @@ -12,6 +12,17 @@ to have access to the *destination* secret in order to make use of the secret da See the developer docs for more info [here](https://developer.hashicorp.com/vault/docs/platform/k8s/vso) +## Supported Architectures + +The Vault Secrets Operator supports the following CPU architectures: + +- **amd64** (x86_64) - Intel/AMD 64-bit processors +- **arm64** (aarch64) - ARM 64-bit processors (Apple Silicon, Graviton, etc.) +- **ppc64le** - IBM Power Systems (POWER9/POWER10) +- **s390x** - IBM Z mainframes and LinuxONE systems + +Both container images and standalone binaries are available for all supported architectures. Multi-architecture container images are automatically selected based on your Kubernetes cluster's node architecture. + ### Features The following features are supported by the Vault Secrets Operator: diff --git a/chart/values.yaml b/chart/values.yaml index 81f60ee4d..8ca39597d 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -40,7 +40,7 @@ controller: # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector # Example: # nodeSelector: - # beta.kubernetes.io/arch: amd64 + # beta.kubernetes.io/arch: amd64 # Supported: amd64, arm64, ppc64le, s390x nodeSelector: {} # Toleration Settings for vault-secrets-operator pod. # The value is an array of PodSpec Toleration maps. From 82b214084e96348b371abfa07843f44a0ac4f7cf Mon Sep 17 00:00:00 2001 From: Tyler Lynch Date: Fri, 19 Sep 2025 12:28:43 -0400 Subject: [PATCH 3/6] added redhat ppc64le support --- .github/workflows/build.yaml | 4 +- .release/vault-secrets-operator-artifacts.hcl | 1 + IBM_ARCHITECTURE_SUPPORT_PR.md | 98 +++++++++++++++++++ 3 files changed, 101 insertions(+), 2 deletions(-) create mode 100644 IBM_ARCHITECTURE_SUPPORT_PR.md diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 45f3153ff..8afc38a81 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -252,8 +252,8 @@ jobs: runs-on: ubuntu-latest strategy: matrix: - # Building only amd64 for the RedHat registry for now - arch: ["amd64"] + # Building only amd64 and ppc64le for the RedHat registry for now + arch: ["amd64", "ppc64le"] env: repo: ${{github.event.repository.name}} version: ${{needs.get-product-version.outputs.product-version}} diff --git a/.release/vault-secrets-operator-artifacts.hcl b/.release/vault-secrets-operator-artifacts.hcl index b3648b78a..89b7f2231 100644 --- a/.release/vault-secrets-operator-artifacts.hcl +++ b/.release/vault-secrets-operator-artifacts.hcl @@ -15,6 +15,7 @@ artifacts { "vault-secrets-operator_release-default_linux_ppc64le_${version}_${commit_sha}.docker.tar", "vault-secrets-operator_release-default_linux_s390x_${version}_${commit_sha}.docker.tar", "vault-secrets-operator_release-ubi-redhat_linux_amd64_${version}_${commit_sha}.docker.redhat.tar", + "vault-secrets-operator_release-ubi-redhat_linux_ppc64le_${version}_${commit_sha}.docker.redhat.tar", "vault-secrets-operator_release-ubi_linux_amd64_${version}_${commit_sha}.docker.tar", "vault-secrets-operator_release-ubi_linux_arm64_${version}_${commit_sha}.docker.tar", "vault-secrets-operator_release-ubi_linux_ppc64le_${version}_${commit_sha}.docker.tar", diff --git a/IBM_ARCHITECTURE_SUPPORT_PR.md b/IBM_ARCHITECTURE_SUPPORT_PR.md new file mode 100644 index 000000000..c746d0ea9 --- /dev/null +++ b/IBM_ARCHITECTURE_SUPPORT_PR.md @@ -0,0 +1,98 @@ +# Pull Request: Add IBM Architecture Support (ppc64le and s390x) + +## Summary + +This pull request adds support for IBM architectures to the Vault Secrets Operator: +- **IBM Power Systems** (ppc64le) +- **IBM Z mainframes and LinuxONE** (s390x) + +## Changes Made + +### 1. CI/CD Pipeline Updates (`.github/workflows/build.yaml`) +- Added `ppc64le` and `s390x` to build matrices for: + - Binary builds + - Docker container builds + - UBI (Universal Base Image) container builds + +### 2. Release Artifacts Configuration (`.release/vault-secrets-operator-artifacts.hcl`) +- Added binary ZIP archives for ppc64le and s390x +- Added Docker container artifacts for both architectures +- Includes both regular and UBI-based containers + +## Benefits + +### For IBM Power Systems (ppc64le) +- Native support for IBM POWER9/POWER10 processors +- Enables OpenShift/Kubernetes workloads on IBM Power infrastructure to consume Vault secrets + +### For IBM Z/LinuxONE (s390x) +- Native support for Linux on IBM Z mainframes +- Enables OpenShift/Kubernetes workloads on IBM Power infrastructure to consume Vault secrets + +## Technical Details + +- **Build Process**: Uses Go's native cross-compilation support +- **Container Support**: Multi-architecture Docker builds using `TARGETOS`/`TARGETARCH` +- **Static Linking**: All binaries are statically linked (no external dependencies) +- **Compatibility**: Maintains full compatibility with existing x86_64 and ARM64 builds + +## Testing + +### Verified Locally +```bash +# Binary builds tested successfully +make ci-build GOOS=linux GOARCH=ppc64le +make ci-build GOOS=linux GOARCH=s390x + +# Outputs: +# dist/linux/ppc64le/vault-secrets-operator (86MB) +# dist/linux/s390x/vault-secrets-operator (90MB) +``` + +### File Verification +```bash +$ file dist/linux/ppc64le/vault-secrets-operator +ELF 64-bit LSB executable, 64-bit PowerPC, OpenPOWER ELF V2 ABI + +$ file dist/linux/s390x/vault-secrets-operator +ELF 64-bit MSB executable, IBM S/390 +``` + +## PR Title +``` +Add IBM architecture support (ppc64le and s390x) +``` + +## PR Description Template +```markdown +## Description +This PR adds support for IBM Power (ppc64le) and IBM Z/LinuxONE (s390x) architectures to the Vault Secrets Operator. + +## Changes +- ✅ Added ppc64le and s390x to CI/CD build matrices +- ✅ Updated release artifacts to include IBM architectures +- ✅ Added Docker container support for both architectures +- ✅ Includes both regular and UBI-based images + +## Testing +- [x] Local builds verified for both architectures +- [x] Binary compatibility confirmed +- [x] All existing functionality preserved + +## Impact +- Enables native deployment on IBM Power Systems +- Supports Linux on IBM Z and LinuxONE environments +- Maintains backward compatibility with existing architectures + +``` + +## Files Changed +- `.github/workflows/build.yaml` - Added IBM architectures to build matrices +- `.release/vault-secrets-operator-artifacts.hcl` - Added release artifacts + +## Impact Assessment +- **Risk**: Low - purely additive changes +- **Breaking Changes**: None +- **Backward Compatibility**: Fully maintained +- **Dependencies**: None (uses existing Go toolchain) + From 754b5cc77eed0b121f646763d2f91db1d2bf4553 Mon Sep 17 00:00:00 2001 From: Tyler Lynch Date: Fri, 19 Sep 2025 13:34:48 -0400 Subject: [PATCH 4/6] Delete IBM_ARCHITECTURE_SUPPORT_PR.md --- IBM_ARCHITECTURE_SUPPORT_PR.md | 98 ---------------------------------- 1 file changed, 98 deletions(-) delete mode 100644 IBM_ARCHITECTURE_SUPPORT_PR.md diff --git a/IBM_ARCHITECTURE_SUPPORT_PR.md b/IBM_ARCHITECTURE_SUPPORT_PR.md deleted file mode 100644 index c746d0ea9..000000000 --- a/IBM_ARCHITECTURE_SUPPORT_PR.md +++ /dev/null @@ -1,98 +0,0 @@ -# Pull Request: Add IBM Architecture Support (ppc64le and s390x) - -## Summary - -This pull request adds support for IBM architectures to the Vault Secrets Operator: -- **IBM Power Systems** (ppc64le) -- **IBM Z mainframes and LinuxONE** (s390x) - -## Changes Made - -### 1. CI/CD Pipeline Updates (`.github/workflows/build.yaml`) -- Added `ppc64le` and `s390x` to build matrices for: - - Binary builds - - Docker container builds - - UBI (Universal Base Image) container builds - -### 2. Release Artifacts Configuration (`.release/vault-secrets-operator-artifacts.hcl`) -- Added binary ZIP archives for ppc64le and s390x -- Added Docker container artifacts for both architectures -- Includes both regular and UBI-based containers - -## Benefits - -### For IBM Power Systems (ppc64le) -- Native support for IBM POWER9/POWER10 processors -- Enables OpenShift/Kubernetes workloads on IBM Power infrastructure to consume Vault secrets - -### For IBM Z/LinuxONE (s390x) -- Native support for Linux on IBM Z mainframes -- Enables OpenShift/Kubernetes workloads on IBM Power infrastructure to consume Vault secrets - -## Technical Details - -- **Build Process**: Uses Go's native cross-compilation support -- **Container Support**: Multi-architecture Docker builds using `TARGETOS`/`TARGETARCH` -- **Static Linking**: All binaries are statically linked (no external dependencies) -- **Compatibility**: Maintains full compatibility with existing x86_64 and ARM64 builds - -## Testing - -### Verified Locally -```bash -# Binary builds tested successfully -make ci-build GOOS=linux GOARCH=ppc64le -make ci-build GOOS=linux GOARCH=s390x - -# Outputs: -# dist/linux/ppc64le/vault-secrets-operator (86MB) -# dist/linux/s390x/vault-secrets-operator (90MB) -``` - -### File Verification -```bash -$ file dist/linux/ppc64le/vault-secrets-operator -ELF 64-bit LSB executable, 64-bit PowerPC, OpenPOWER ELF V2 ABI - -$ file dist/linux/s390x/vault-secrets-operator -ELF 64-bit MSB executable, IBM S/390 -``` - -## PR Title -``` -Add IBM architecture support (ppc64le and s390x) -``` - -## PR Description Template -```markdown -## Description -This PR adds support for IBM Power (ppc64le) and IBM Z/LinuxONE (s390x) architectures to the Vault Secrets Operator. - -## Changes -- ✅ Added ppc64le and s390x to CI/CD build matrices -- ✅ Updated release artifacts to include IBM architectures -- ✅ Added Docker container support for both architectures -- ✅ Includes both regular and UBI-based images - -## Testing -- [x] Local builds verified for both architectures -- [x] Binary compatibility confirmed -- [x] All existing functionality preserved - -## Impact -- Enables native deployment on IBM Power Systems -- Supports Linux on IBM Z and LinuxONE environments -- Maintains backward compatibility with existing architectures - -``` - -## Files Changed -- `.github/workflows/build.yaml` - Added IBM architectures to build matrices -- `.release/vault-secrets-operator-artifacts.hcl` - Added release artifacts - -## Impact Assessment -- **Risk**: Low - purely additive changes -- **Breaking Changes**: None -- **Backward Compatibility**: Fully maintained -- **Dependencies**: None (uses existing Go toolchain) - From 0bfd861b3b89b170d478d3dc1c36445fa63f0ba0 Mon Sep 17 00:00:00 2001 From: Tyler Lynch Date: Fri, 19 Sep 2025 14:34:59 -0400 Subject: [PATCH 5/6] Update README.md Co-authored-by: Paul Bastide --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index da56da955..13a7b3a27 100644 --- a/README.md +++ b/README.md @@ -18,7 +18,7 @@ The Vault Secrets Operator supports the following CPU architectures: - **amd64** (x86_64) - Intel/AMD 64-bit processors - **arm64** (aarch64) - ARM 64-bit processors (Apple Silicon, Graviton, etc.) -- **ppc64le** - IBM Power Systems (POWER9/POWER10) +- **ppc64le** - IBM Power Systems (Power9, Power10, Power11) - **s390x** - IBM Z mainframes and LinuxONE systems Both container images and standalone binaries are available for all supported architectures. Multi-architecture container images are automatically selected based on your Kubernetes cluster's node architecture. From f6c98820e5e5b304c3c14c12a085a6700502a361 Mon Sep 17 00:00:00 2001 From: Tyler Lynch Date: Fri, 19 Sep 2025 14:35:25 -0400 Subject: [PATCH 6/6] Update chart/values.yaml Co-authored-by: Paul Bastide --- chart/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/chart/values.yaml b/chart/values.yaml index da57b7235..b60f61180 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -40,7 +40,7 @@ controller: # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector # Example: # nodeSelector: - # beta.kubernetes.io/arch: amd64 # Supported: amd64, arm64, ppc64le, s390x + # kubernetes.io/arch: amd64 # Supported: amd64, arm64, ppc64le, s390x nodeSelector: {} # Toleration Settings for vault-secrets-operator pod. # The value is an array of PodSpec Toleration maps.