hashicorp
Add ibm architecture support
PCI review checklist
-
[X] I have documented a clear reason for, and description of, the change I am making.
-
[X] If applicable, I've documented a plan to revert these changes if they require more than reverting the pull request.
-
[X] If applicable, I've documented the impact of any changes to security controls.
Examples of changes to security controls include using new access control methods, adding or removing logging pipelines, etc.
This PR adds support for IBM Power (ppc64le) and IBM Z/LinuxONE (s390x) architectures to the Vault Secrets Operator, enabling native deployment on IBM infrastructure.
Changes
- Added ppc64le and s390x to CI/CD build matrices in .github/workflows/build.yaml
- Updated release artifacts configuration to include IBM architectures in .release/vault-secrets-operator-artifacts.hcl
- Added Docker container support for both architectures (regular and UBI-based images)
- Updated README.md to document supported architectures
- Updated Helm chart values.yaml with architecture support comment
Reason for Change
Organizations running Kubernetes/OpenShift on IBM Power Systems and IBM Z mainframes require native architecture support to deploy the Vault Secrets Operator without emulation overhead. This enables secure secret management on IBM infrastructure.
Testing
- Local builds verified for both architectures
- Binary compatibility confirmed with proper ELF headers
- All existing functionality preserved (no changes to operator logic)
Security Impact
No impact on security controls. These changes only add build support for additional CPU architectures. The operator's security model, authentication methods, and secret handling remain unchanged.
Risk Assessment
- Risk Level: Low
- Breaking Changes: None
- Backward Compatibility: Fully maintained
- All changes are additive to the build process only
Thanks for the PR @AdamTylerLynch -- we are going to take it over as it aligns with our ongoing platform validation work. Stay tuned!
