How I by accident constructed a serverless utility – IBM Developer


As a developer advocate, one of many largest challenges I face is methods to educate individuals to make use of our firm’s merchandise. To do that nicely, it is advisable create workshops and disposable environments so your college students can get their fingers on the precise expertise. As an IBM worker, I exploit the IBM Cloud, however it’s designed for long-term manufacturing utilization, not the ephemeral infrastructures {that a} workshop requires.

We frequently create methods to work across the limitations. Not too long ago in updating the deployment technique of such a system, I noticed I had created a full serverless stack — utterly accidentally. This weblog put up particulars how I by accident constructed an automatic serverless automation and introduces you to the expertise I used.

Enabling automation with Schematics

Earlier than describing the serverless utility, I’m going to pivot and discuss a function of IBM Cloud that most individuals don’t learn about. It’s referred to as IBM Cloud Schematics, and it’s a gem of our cloud. Right here’s an outline of the instrument:

Automate your IBM Cloud infrastructure, service, and utility stack throughout cloud environments. Oversee all of the ensuing jobs in a single house.

And it’s true! Mainly, it’s a wrapper round Terraform and Ansible, so you may retailer your infrastructure state in IBM Cloud and put actual RBAC in-front of it. You possibly can leverage the cloud’s Identification and Entry Administration (IAM) system and built-in permissions. This removes the tedium of coping with Terraform state information and provides infrastructure groups the flexibility to solely deal with the declaration code.

Why I constructed this serverless utility

This brings me to utilizing this utility on our cloud. For workshops and demos, I used to be advised that I needed to transfer away from “basic” clusters and transfer to digital non-public clouds (VPCs). There’s a bunch of Terraform code floating round so I discovered some and edited it right into a VPC, related it to shared object storage, and added all of the clusters wanted for a workshop into that very same VPC. The outcomes is that now each workshop is a VPC, giving members their very own IP house and walled backyard of sources. This can be a big win for us.

Right here’s a have a look at the circulation of how the applying interacted with Schematics to create these VPCs:

The request course of

  1. Somebody enters a GitHub Enterprise problem on a selected repository.
  2. The GitHub Problem validator receives a webhook from GitHub Enterprise and parses the difficulty for the totally different choices. It additionally checks for any doable choices that could possibly be extra then allowed, or the right formatting of the particular problem. If every thing is accepted, the validator tags the difficulty with scheduled to comprehend it’s able to be created.
  3. The cron-issue-tracker polls in opposition to the problems each 15 minutes with “scheduled” tag.
  4. If it’s inside 24 hours of the beginning time, the API calls the grant-cluster-api and requests creation of grant-cluster utility.
  5. It calls both the basic or VPC Code Engine APIs to spin up the required clusters through the /create API endpoint.
  6. If it’s a basic request, it’ll name the AWX backend. or VPC request, If the request is a VPC request, it’ll name the Schematics backend to request the clusters.
  7. When the cron-issue-tracker reads 24 hours after the “finish time” it removes the grant-cluster utility and destroys the clusters through the /delete API endpoint.

Software description


I used the vpc-gen2-openshift-request-api: A flask API to run a code-engine job as the place to begin of the serverless utility. I found that, after giving a bunch of Terraform code to Schematics, the subsequent pure step was to determine a approach to set off the request through an API. That is the place the IBM Code Engine platform comes into play.

If you happen to view the GitHub repo above, you’ll see that our Schematics request is wrapped as a Code Engine job (line 21 in Due to that, all I needed to do was curl a JSON knowledge string to our /create endpoint and it kicked it off. Now I had the flexibility to run one thing like:

curl -X POST https://code_engine_url/create -H 'Content material-Sort: utility/json' -d '{"APIKEY": "BLAH", "WORKSPACE": "BLAH2", "GHEKEY": "FakeKEY", "COUNTNUMBER": 10}'

This enabled us to determine methods to get requests shipped to the API.


The second core a part of this challenge was to validate the GitHub Enterprise problem. With the assistance of Steve Martinelli, I took an IBM Cloud Capabilities utility he created to parse an ordinary GitHub problem and pulled out choices from it.

For example, the request provides you these choices to fill out:

• e-mail:
• occasion quick identify: openshift-workshop
• begin time: 2021-10-02 15:00
• finish time: 2021-10-02 18:00
• clusters: 25
• cluster kind: OpenShift
• staff: 3
• employee kind: b3c.4x16
• area: us-south

This Cloud Perform receives on a webhook from GitHub Enterprise on any creation or edit of the difficulty and checks it in opposition to some parameters I set. For example, I set a parameter that there needed to be fewer than 75 clusters and the beginning and finish instances need to be formatted in a selected means and be inside 72 hours of one another. If a operate doesn’t match my parameters, the applying feedback on the difficulty and asks the submitter to replace the difficulty.

If every thing is parsed accurately, the validator provides the tag of scheduled to the difficulty so our subsequent utility can take possession of it.


As I created this microservice, I noticed I had a full serverless utility brewing. After some deeper analysis into Code Engine, I found that there was a cron system constructed into the expertise. So, now that I can parse the problems with webhooks, I can take that very same framework and create a cron that checks the beginning and finish time and do one thing for us. This freed me as much as transfer away from having to schedule the time for considered one of us to spin up the required methods. Utilizing the cURL to our vpc-gen2-request-api gave me my clusters at an affordable time.

I additionally wanted a system to take a look at the clusters, and that’s the place the ultimate microservices got here into play.


The grant-cluster-api microservice accomplished my utility puzzle. This microservices is a Code Engine job that spun up a serverless utility with all of the required settings parsed from the GitHub problem mechanically 24 hours earlier than the beginning time, and 24 hours after the top time. It additionally modified the tags and labels on the difficulty so now the cron-issue-tracker knew what to do when it walked by way of the repository.


As you may see from the diagram, this utility consists of a bunch of small APIs and capabilities that do the work of a full utility. Customers have one and just one interface into the stack and the GitHub Problem. When every thing is about up accurately, the bots do the work for us. I’ve parts that I can prolong off sooner or later, however every thing is predicated off that first flask utility once I realized all you needed to do was ship a JSON blob of information and now you may request precisely what you want.