feat: worker pool taints are now optional and have no value by default (#42)

Author: imprateeksh

README.md

@@ -115,6 +115,7 @@ You need the following permissions to run this module.
 <!-- BEGIN EXAMPLES HOOK -->
 ## Examples
 
+- [ Apply Taints Example](examples/apply_taints)
 - [ Existing COS](examples/existing_cos)
 - [ 2 MZR clusters in same VPC](examples/multiple_mzr_clusters)
 - [ Single Zone Cluster](examples/single_zone_cluster)
@@ -169,8 +170,8 @@ No modules.
 | <a name="input_use_existing_cos"></a> [use\_existing\_cos](#input\_use\_existing\_cos) | Flag indicating whether or not to use an existing COS instance | `bool` | `false` | no |
 | <a name="input_vpc_id"></a> [vpc\_id](#input\_vpc\_id) | Id of the VPC instance where this cluster will be provisioned | `string` | n/a | yes |
 | <a name="input_vpc_subnets"></a> [vpc\_subnets](#input\_vpc\_subnets) | Metadata that describes the VPC's subnets. Obtain this information from the VPC where this cluster will be created | <pre>map(list(object({<br>    id         = string<br>    zone       = string<br>    cidr_block = string<br>  })))</pre> | n/a | yes |
-| <a name="input_worker_pools"></a> [worker\_pools](#input\_worker\_pools) | List of worker pools | <pre>list(object({<br>    subnet_prefix     = string<br>    pool_name         = string<br>    machine_type      = string<br>    workers_per_zone  = number<br>    resource_group_id = optional(string)<br>    labels            = optional(map(string))<br>  }))</pre> | <pre>[<br>  {<br>    "labels": {},<br>    "machine_type": "bx2.4x16",<br>    "pool_name": "default",<br>    "subnet_prefix": "zone-1",<br>    "workers_per_zone": 2<br>  },<br>  {<br>    "labels": {<br>      "dedicated": "zone-2"<br>    },<br>    "machine_type": "bx2.4x16",<br>    "pool_name": "zone-2",<br>    "subnet_prefix": "zone-2",<br>    "workers_per_zone": 2<br>  },<br>  {<br>    "labels": {<br>      "dedicated": "zone-3"<br>    },<br>    "machine_type": "bx2.4x16",<br>    "pool_name": "zone-3",<br>    "subnet_prefix": "zone-3",<br>    "workers_per_zone": 2<br>  }<br>]</pre> | no |
-| <a name="input_worker_pools_taints"></a> [worker\_pools\_taints](#input\_worker\_pools\_taints) | Map of lists containing node taints by node-pool name | `map(list(object({ key = string, value = string, effect = string })))` | <pre>{<br>  "all": [],<br>  "default": [],<br>  "zone-2": [<br>    {<br>      "effect": "NoExecute",<br>      "key": "dedicated",<br>      "value": "zone-2"<br>    }<br>  ],<br>  "zone-3": [<br>    {<br>      "effect": "NoExecute",<br>      "key": "dedicated",<br>      "value": "zone-3"<br>    }<br>  ]<br>}</pre> | no |
+| <a name="input_worker_pools"></a> [worker\_pools](#input\_worker\_pools) | List of worker pools | <pre>list(object({<br>    subnet_prefix     = string<br>    pool_name         = string<br>    machine_type      = string<br>    workers_per_zone  = number<br>    resource_group_id = optional(string)<br>    labels            = optional(map(string))<br>  }))</pre> | <pre>[<br>  {<br>    "machine_type": "bx2.4x16",<br>    "pool_name": "default",<br>    "subnet_prefix": "zone-1",<br>    "workers_per_zone": 2<br>  },<br>  {<br>    "machine_type": "bx2.4x16",<br>    "pool_name": "zone-2",<br>    "subnet_prefix": "zone-2",<br>    "workers_per_zone": 2<br>  },<br>  {<br>    "machine_type": "bx2.4x16",<br>    "pool_name": "zone-3",<br>    "subnet_prefix": "zone-3",<br>    "workers_per_zone": 2<br>  }<br>]</pre> | no |
+| <a name="input_worker_pools_taints"></a> [worker\_pools\_taints](#input\_worker\_pools\_taints) | Optional, Map of lists containing node taints by node-pool name | `map(list(object({ key = string, value = string, effect = string })))` | `null` | no |
 
 ## Outputs
 

examples/apply_taints/README.md

@@ -0,0 +1,4 @@
+# Apply Taints Example
+
+ - This example provisions OCP cluster and set taints for worker pools.
+ - The example also enables a key protect provider for the cluster, as well as the required COS instance.

examples/apply_taints/main.tf

@@ -0,0 +1,83 @@
+##############################################################################
+# Provision an OCP cluster with one extra worker pool inside a VPC
+##############################################################################
+
+module "resource_group" {
+  source = "git::https://github.com/terraform-ibm-modules/terraform-ibm-resource-group.git?ref=v1.0.5"
+  # if an existing resource group is not set (null) create a new one using prefix
+  resource_group_name          = var.resource_group == null ? "${var.prefix}-resource-group" : null
+  existing_resource_group_name = var.resource_group
+}
+
+###############################################################################
+# VPC
+###############################################################################
+
+module "vpc" {
+  source              = "git::https://github.com/terraform-ibm-modules/terraform-ibm-landing-zone-vpc.git?ref=v4.0.0"
+  resource_group_id   = module.resource_group.resource_group_id
+  region              = var.region
+  prefix              = var.prefix
+  tags                = var.resource_tags
+  name                = var.vpc_name
+  address_prefixes    = var.addresses
+  subnets             = var.subnets
+  use_public_gateways = var.public_gateway
+}
+
+##############################################################################
+# Key Protect
+##############################################################################
+
+module "kp_all_inclusive" {
+  source                    = "git::https://github.com/terraform-ibm-modules/terraform-ibm-key-protect-all-inclusive.git?ref=v4.0.0"
+  key_protect_instance_name = "${var.prefix}-kp-instance"
+  resource_group_id         = module.resource_group.resource_group_id
+  region                    = var.region
+  resource_tags             = var.resource_tags
+  key_map                   = { "ocp" = ["${var.prefix}-cluster-key"] }
+}
+
+##############################################################################
+# Base OCP Cluster
+##############################################################################
+locals {
+  cluster_vpc_subnets = {
+    zone-1 = [{
+      id         = module.vpc.subnet_zone_list[0].id
+      zone       = module.vpc.subnet_zone_list[0].zone
+      cidr_block = module.vpc.subnet_zone_list[0].cidr
+    }],
+    zone-2 = [{
+      id         = module.vpc.subnet_zone_list[1].id
+      zone       = module.vpc.subnet_zone_list[1].zone
+      cidr_block = module.vpc.subnet_zone_list[1].cidr
+    }],
+    zone-3 = [{
+      id         = module.vpc.subnet_zone_list[2].id
+      zone       = module.vpc.subnet_zone_list[2].zone
+      cidr_block = module.vpc.subnet_zone_list[2].cidr
+    }]
+  }
+}
+
+module "ocp_base" {
+  source               = "../.."
+  cluster_name         = var.prefix
+  ibmcloud_api_key     = var.ibmcloud_api_key
+  resource_group_id    = module.resource_group.resource_group_id
+  region               = var.region
+  force_delete_storage = true
+  vpc_id               = module.vpc.vpc_id
+  vpc_subnets          = local.cluster_vpc_subnets
+  worker_pools         = var.worker_pools
+  worker_pools_taints  = var.worker_pools_taints
+  ocp_version          = var.ocp_version
+  tags                 = var.resource_tags
+  kms_config = {
+    instance_id = module.kp_all_inclusive.key_protect_guid
+    crk_id      = module.kp_all_inclusive.keys["ocp.${var.prefix}-cluster-key"].key_id
+  }
+}
+
+##############################################################################

examples/apply_taints/outputs.tf

@@ -0,0 +1,10 @@
+##############################################################################
+# Outputs
+##############################################################################
+
+output "cluster_name" {
+  value       = module.ocp_base.cluster_name
+  description = "The name of the provisioned cluster."
+}
+
+##############################################################################

examples/apply_taints/provider.tf

@@ -0,0 +1,10 @@
+##############################################################################
+# Terraform providers
+##############################################################################
+
+provider "ibm" {
+  ibmcloud_api_key = var.ibmcloud_api_key
+  region           = var.region
+}
+
+##############################################################################

examples/apply_taints/variables.tf

@@ -0,0 +1,183 @@
+##############################################################################
+# Input Variables
+##############################################################################
+
+variable "ibmcloud_api_key" {
+  type        = string
+  description = "The IBM Cloud api token"
+  sensitive   = true
+}
+
+variable "prefix" {
+  type        = string
+  description = "Prefix for name of all resource created by this example"
+  default     = "base-ocp-std"
+  validation {
+    error_message = "Prefix must begin and end with a letter and contain only letters, numbers, and - characters."
+    condition     = can(regex("^([A-z]|[a-z][-a-z0-9]*[a-z0-9])$", var.prefix))
+  }
+}
+
+variable "region" {
+  type        = string
+  description = "Region where resources are created"
+  default     = "eu-gb"
+}
+
+variable "resource_group" {
+  type        = string
+  description = "An existing resource group name to use for this example, if unset a new resource group will be created"
+  default     = null
+}
+
+variable "resource_tags" {
+  type        = list(string)
+  description = "Optional list of tags to be added to created resources"
+  default     = []
+}
+
+variable "ocp_version" {
+  type        = string
+  description = "Version of the OCP cluster to provision"
+  default     = null
+}
+
+##############################################################################
+# VPC variables
+##############################################################################
+
+variable "vpc_name" {
+  type        = string
+  description = "Name of the VPC"
+  default     = "management"
+}
+
+variable "public_gateway" {
+  description = "Create a public gateway in any of the three zones with `true`."
+  type = object({
+    zone-1 = optional(bool)
+    zone-2 = optional(bool)
+    zone-3 = optional(bool)
+  })
+  default = {
+    zone-1 = true
+    zone-2 = false
+    zone-3 = false
+  }
+}
+
+variable "addresses" {
+  description = "OPTIONAL - IP range that will be defined for the VPC for a certain location. Use only with manual address prefixes"
+  type = object({
+    zone-1 = optional(list(string))
+    zone-2 = optional(list(string))
+    zone-3 = optional(list(string))
+  })
+  default = {
+    zone-1 = ["10.10.10.0/24"]
+    zone-2 = ["10.20.10.0/24"]
+    zone-3 = ["10.30.10.0/24"]
+  }
+}
+
+variable "subnets" {
+  description = "List of subnets for the vpc. For each item in each array, a subnet will be created. Items can be either CIDR blocks or total ipv4 addressess. Public gateways will be enabled only in zones where a gateway has been created"
+  type = object({
+    zone-1 = list(object({
+      acl_name       = string
+      name           = string
+      cidr           = string
+      public_gateway = optional(bool)
+    }))
+    zone-2 = list(object({
+      acl_name       = string
+      name           = string
+      cidr           = string
+      public_gateway = optional(bool)
+    }))
+    zone-3 = list(object({
+      acl_name       = string
+      name           = string
+      cidr           = string
+      public_gateway = optional(bool)
+    }))
+  })
+
+  default = {
+    zone-1 = [
+      {
+        acl_name = "vpc-acl"
+        name     = "zone-1"
+        cidr     = "10.10.10.0/24"
+      }
+    ],
+    zone-2 = [
+      {
+        acl_name = "vpc-acl"
+        name     = "zone-2"
+        cidr     = "10.20.10.0/24"
+      }
+    ],
+    zone-3 = [
+      {
+        acl_name = "vpc-acl"
+        name     = "zone-3"
+        cidr     = "10.30.10.0/24"
+      }
+    ]
+  }
+}
+
+variable "worker_pools" {
+  type = list(object({
+    subnet_prefix     = string
+    pool_name         = string
+    machine_type      = string
+    workers_per_zone  = number
+    resource_group_id = optional(string)
+    labels            = optional(map(string))
+  }))
+  description = "List of worker pools."
+  default = [
+    {
+      subnet_prefix    = "zone-1"
+      pool_name        = "default" # ibm_container_vpc_cluster automatically names standard pool "standard" (See https://github.com/IBM-Cloud/terraform-provider-ibm/issues/2849)
+      machine_type     = "bx2.4x16"
+      workers_per_zone = 2
+    },
+    {
+      subnet_prefix    = "zone-2"
+      pool_name        = "zone-2"
+      machine_type     = "bx2.4x16"
+      workers_per_zone = 2
+    },
+    {
+      subnet_prefix    = "zone-3"
+      pool_name        = "zone-3"
+      machine_type     = "bx2.4x16"
+      workers_per_zone = 2
+    }
+  ]
+}
+
+variable "worker_pools_taints" {
+  type        = map(list(object({ key = string, value = string, effect = string })))
+  description = "Map of lists containing node taints by node-pool name"
+
+  default = {
+    all     = []
+    default = []
+    zone-2 = [{
+      key    = "dedicated"
+      value  = "zone-2"
+      effect = "NoExecute"
+    }]
+    zone-3 = [{
+      key    = "dedicated"
+      value  = "zone-3"
+      effect = "NoExecute"
+    }]
+  }
+}
+
+##############################################################################

examples/apply_taints/version.tf

@@ -0,0 +1,12 @@
+terraform {
+  required_version = ">=1.3.0"
+  required_providers {
+    # Pin to the lowest provider version of the range defined in the main module to ensure lowest version still works
+    ibm = {
+      source  = "ibm-cloud/ibm"
+      version = "1.49.0"
+    }
+  }
+}
+
+##############################################################################