feat: Updates the default configuration of the cluster<br> - The default_worker_pool_machine_type now defaults to bx2.4x16<br> - The default_worker_pool_workers_per_zone now defaults to 1 <br>Make COS as a hard dependency for fully-configurable DA<br> Docs changes<br> The input variable variable allow_public_access_to_cluster is renamed to allow_public_access_to_cluster_management<br> - (#803)

* fixes

* fix: dependency plus SKIP UPGRADE TEST

* fix: diagram

* fix: diagram

* added part2 changes

---------

Co-authored-by: Aditya-ranjan-16 <[email protected]>

Author: Aayush-Abhyarthi

ibm_catalog.json

@@ -293,6 +293,10 @@
               "key": "default_worker_pool_machine_type",
               "required": true,
               "options": [
+                {
+                  "displayname": "bx2.4x16",
+                  "value": "bx2.4x16"
+                },
                 {
                   "displayname": "bx2.16x64",
                   "value": "bx2.16x64"
@@ -510,7 +514,7 @@
               "default_value": "us-south"
             },
             {
-              "key": "allow_public_access_to_cluster",
+              "key": "allow_public_access_to_cluster_management",
               "required": true
             },
             {
@@ -951,7 +955,7 @@
           "dependencies": [
             {
               "name": "deploy-arch-ibm-slz-vpc",
-              "description": "Configure the VPC and subnets to deploy the OpenShift cluster.",
+              "description": "Configure the VPC and subnets required to deploy your OpenShift cluster.",
               "id": "9fc0fa64-27af-4fed-9dce-47b3640ba739-global",
               "version": "v8.2.1",
               "flavors": [
@@ -989,7 +993,7 @@
             },
             {
               "name": "deploy-arch-ibm-account-infra-base",
-              "description": "Organize your IBM Cloud account with preconfigured resource groups. If not selected, the default resource group is used. Optionally, expand to apply recommended security controls via \"with Account Settings\" variation.",
+              "description": "Organize your IBM Cloud account using preconfigured groups and access policies to manage resource group usage. Optionally, extend security controls with IAM Account Settings validation.",
               "catalog_id": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3",
               "flavors": [
                 "resource-group-only",
@@ -1014,7 +1018,7 @@
             },
             {
               "name": "deploy-arch-ibm-kms",
-              "description": "Enables managed encryption with your own keys via IBM Cloud Key Protect. If disabled, services will default to IBM-managed encryption.",
+              "description": "Integrate IBM Key Protect to manage encryption keys for your cluster, securing persistent volumes and supporting compliance. If unselected, encryption is still applied using IBM-managed keys.",
               "id": "2cad4789-fa90-4886-9c9e-857081c273ee-global",
               "version": "v5.1.19",
               "flavors": [
@@ -1046,14 +1050,14 @@
             },
             {
               "name": "deploy-arch-ibm-cos",
-              "description": "Sets up a Cloud Object Storage (COS) instance and bucket to serve as the internal registry storage for your OpenShift cluster.",
+              "description": "Set up a Cloud Object Storage (COS) instance and bucket to serve as internal registry storage for your OpenShift cluster.",
               "id": "68921490-2778-4930-ac6d-bae7be6cd958-global",
               "version": "v10.2.1",
               "flavors": [
                 "instance"
               ],
               "catalog_id": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3",
-              "optional": true,
+              "optional": false,
               "on_by_default": true,
               "input_mapping": [
                 {
@@ -1069,7 +1073,7 @@
             },
             {
               "name": "deploy-arch-ibm-cloud-logs",
-              "description": "Configure an IBM Cloud Logs instance to analyse the platform logs.",
+              "description": "Set up an IBM Cloud Logs instance to analyze platform logs.",
               "catalog_id": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3",
               "flavors": [
                 "fully-configurable"
@@ -1108,7 +1112,7 @@
             },
             {
               "name": "deploy-arch-ibm-cloud-monitoring",
-              "description": "Sets up a Cloud Monitoring instance to collect the platform metrics.",
+              "description": "Set up a Cloud Monitoring instance to collect platform metrics.",
               "id": "73debdbf-894f-4c14-81c7-5ece3a70b67d-global",
               "version": "v1.6.4",
               "flavors": [
@@ -1147,7 +1151,7 @@
             },
             {
               "name": "deploy-arch-ibm-activity-tracker",
-              "description": "Configure Activity Tracker Event Routing to route the auditing events.",
+              "description": "Configure Activity Tracker Event Routing to direct auditing events appropriately.",
               "id": "918453c3-4f97-4583-8c4a-83ef12fc7916-global",
               "version": "v1.2.25",
               "flavors": [
@@ -1181,7 +1185,7 @@
             },
             {
               "name": "deploy-arch-ibm-secrets-manager",
-              "description": "Provisions a Secrets Manager instance to centrally manage Ingress subdomain certificates and other sensitive credentials.",
+              "description": "Provision a Secrets Manager instance to securely store and manage sensitive credentials—such as certificates—used by services integrated with your cluster.",
               "id": "6d6ebc76-7bbd-42f5-8bc7-78f4fabd5944-global",
               "version": "v2.8.6",
               "flavors": [
@@ -1223,7 +1227,7 @@
             },
             {
               "name": "deploy-arch-ibm-scc-workload-protection",
-              "description": "Configure an IBM Cloud Security and Compliance Center Workload Protection instance to help you manage security and compliance for your organization.",
+              "description": "Integrate with Workload Protection to monitor and manage your cluster’s security posture, helping detect misconfigurations and enforce compliance.",
               "id": "4322cf44-2289-49aa-a719-dd79e39b14dc-global",
               "version": "v1.11.4",
               "flavors": [
@@ -1467,7 +1471,7 @@
               }
             },
             {
-              "key": "allow_public_access_to_cluster"
+              "key": "allow_public_access_to_cluster_management"
             },
             {
               "key": "allow_outbound_traffic"

reference-architectures/deployable-architecture-ocp-cluster.svg

@@ -225,7 +225,7 @@ module "ocp_base" {
   cluster_ready_when                       = var.cluster_ready_when
   custom_security_group_ids                = var.custom_security_group_ids
   disable_outbound_traffic_protection      = var.allow_outbound_traffic
-  disable_public_endpoint                  = !var.allow_public_access_to_cluster
+  disable_public_endpoint                  = !var.allow_public_access_to_cluster_management
   enable_ocp_console                       = var.enable_ocp_console
   ignore_worker_pool_size_changes          = var.ignore_worker_pool_size_changes
   kms_config                               = local.kms_config

solutions/fully-configurable/main.tf

@@ -165,7 +165,7 @@ variable "allow_default_worker_pool_replacement" {
 variable "default_worker_pool_machine_type" {
   type        = string
   description = "The machine type for worker nodes.[Learn more](https://cloud.ibm.com/docs/openshift?topic=openshift-vpc-flavors)"
-  default     = "bx2.8x32"
+  default     = "bx2.4x16"
   validation {
     condition     = length(regexall("^[a-z0-9]+(?:\\.[a-z0-9]+)*\\.\\d+x\\d+(?:\\.[a-z0-9]+)?$", var.default_worker_pool_machine_type)) > 0
     error_message = "Invalid value provided for the machine type."
@@ -175,7 +175,7 @@ variable "default_worker_pool_machine_type" {
 variable "default_worker_pool_workers_per_zone" {
   type        = number
   description = "Number of worker nodes in each zone of the cluster."
-  default     = 2
+  default     = 1
 }
 
 variable "default_worker_pool_operating_system" {
@@ -266,7 +266,7 @@ variable "use_private_endpoint" {
   default     = true
 }
 
-variable "allow_public_access_to_cluster" {
+variable "allow_public_access_to_cluster_management" {
   type        = bool
   description = "Set to true to allow public access to master node of the cluster by enabling public endpoint."
   default     = false

solutions/fully-configurable/variables.tf

@@ -142,6 +142,6 @@ module "ocp_base" {
   worker_pools                        = local.worker_pools
   disable_outbound_traffic_protection = var.allow_outbound_traffic
   access_tags                         = var.access_tags
-  disable_public_endpoint             = !var.allow_public_access_to_cluster
+  disable_public_endpoint             = !var.allow_public_access_to_cluster_management
   cluster_config_endpoint_type        = "default"
 }

solutions/quickstart/main.tf

@@ -91,7 +91,7 @@ variable "size" {
   default     = "mini"
 }
 
-variable "allow_public_access_to_cluster" {
+variable "allow_public_access_to_cluster_management" {
   type        = bool
   description = "Set to true to allow public access to master node of the cluster by enabling public endpoint."
   default     = true