feat: add support for deploying ocp using custom cloud endpoints. (#578)

Aashiq-J · web-flow · commit 7a9f89952bb6 · 2025-01-10T17:38:35.000+05:30
diff --git a/README.md b/README.md
@@ -117,6 +117,15 @@ module "ocp_base" {
 }
 ```
 
+### Customizing default cloud service endpoints.
+
+The user must export the endpoint as an environment variable in order to use custom cloud service endpoints with this module. [Learn more](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/guides/custom-service-endpoints#1-define-service-endpoints-by-using-environment-variables).
+
+**Important** The only supported method for customizing cloud service endpoints is to export the endpoint; be sure to export the value for `IBMCLOUD_API_ENDPOINT`. For example,
+```
+export IBMCLOUD_API_ENDPOINT="<endpoint_url>"
+```
+
 ### Secure by default cluster settings
 
 In OCP version 4.15, outbound traffic is disabled by default. [Learn more](https://cloud.ibm.com/docs/openshift?topic=openshift-vpc-security-group-reference).
diff --git a/scripts/confirm_lb_active.sh b/scripts/confirm_lb_active.sh
@@ -5,18 +5,25 @@ set -euo pipefail
 REGION="$1"
 LB_ID="$2"
 PRIVATE_ENV="$3"
+CLOUD_ENDPOINT=""
 API_VERSION="2024-03-01"
 
 if [[ -z "${REGION}" ]]; then
     echo "Region must be passed as first input script argument" >&2
     exit 1
 fi
 
+get_cloud_endpoint() {
+    cloud_endpoint="${IBMCLOUD_API_ENDPOINT:-"cloud.ibm.com"}"
+    CLOUD_ENDPOINT=${cloud_endpoint#https://}
+}
+
+get_cloud_endpoint
 lb_attempts=1
 if [ "$PRIVATE_ENV" = true ]; then
-    URL="https://$REGION.private.iaas.cloud.ibm.com/v1/load_balancers/$LB_ID?version=$API_VERSION&generation=2"
+    URL="https://$REGION.private.iaas.$CLOUD_ENDPOINT/v1/load_balancers/$LB_ID?version=$API_VERSION&generation=2"
 else
-    URL="https://$REGION.iaas.cloud.ibm.com/v1/load_balancers/$LB_ID?version=$API_VERSION&generation=2"
+    URL="https://$REGION.iaas.$CLOUD_ENDPOINT/v1/load_balancers/$LB_ID?version=$API_VERSION&generation=2"
 fi
 
 while true; do
diff --git a/scripts/reset_iks_api_key.sh b/scripts/reset_iks_api_key.sh
@@ -7,6 +7,7 @@ RESOURCE_GROUP_ID="$2"
 APIKEY_KEY_NAME="containers-kubernetes-key"
 PRIVATE_ENV="$3"
 CLUSTER_ENDPOINT="$4"
+CLOUD_ENDPOINT=""
 
 if [[ -z "${REGION}" ]]; then
     echo "Region must be passed as first input script argument" >&2
@@ -18,10 +19,17 @@ if [[ -z "${RESOURCE_GROUP_ID}" ]]; then
     exit 1
 fi
 
+get_cloud_endpoint() {
+    cloud_endpoint="${IBMCLOUD_API_ENDPOINT:-"cloud.ibm.com"}"
+    CLOUD_ENDPOINT=${cloud_endpoint#https://}
+}
+
+get_cloud_endpoint
+
 if [ "$PRIVATE_ENV" = true ]; then
-    IAM_URL="https://private.iam.cloud.ibm.com/v1/apikeys?account_id=$ACCOUNT_ID&scope=account&pagesize=100&type=user&sort=name"
+    IAM_URL="https://private.iam.$CLOUD_ENDPOINT/v1/apikeys?account_id=$ACCOUNT_ID&scope=account&pagesize=100&type=user&sort=name"
 else
-    IAM_URL="https://iam.cloud.ibm.com/v1/apikeys?account_id=$ACCOUNT_ID&scope=account&pagesize=100&type=user&sort=name"
+    IAM_URL="https://iam.$CLOUD_ENDPOINT/v1/apikeys?account_id=$ACCOUNT_ID&scope=account&pagesize=100&type=user&sort=name"
 fi
 
 reset=true
@@ -53,16 +61,16 @@ fetch_data
 if [ "${reset}" == true ]; then
     if [ "$PRIVATE_ENV" = true ]; then
         if [ "$CLUSTER_ENDPOINT" == "private" ] || [ "$CLUSTER_ENDPOINT" == "default" ]; then
-            RESET_URL="https://private.$REGION.containers.cloud.ibm.com/v1/keys"
+            RESET_URL="https://private.$REGION.containers.$CLOUD_ENDPOINT/v1/keys"
             result=$(curl -i -H "accept: application/json" -H "Authorization: $IAM_TOKEN" -H "X-Auth-Resource-Group: $RESOURCE_GROUP_ID" -X POST "$RESET_URL" 2>/dev/null)
             status_code=$(echo "$result" | head -n 1 | cut -d$' ' -f2)
         elif [ "$CLUSTER_ENDPOINT" == "vpe" ]; then
-            RESET_URL="https://api.$REGION.containers.cloud.ibm.com/v1/keys"
+            RESET_URL="https://api.$REGION.containers.$CLOUD_ENDPOINT/v1/keys"
             result=$(curl -i -H "accept: application/json" -H "Authorization: $IAM_TOKEN" -H "X-Auth-Resource-Group: $RESOURCE_GROUP_ID" -X POST "$RESET_URL" 2>/dev/null)
             status_code=$(echo "$result" | head -n 1 | cut -d$' ' -f2)
         fi
     else
-        RESET_URL="https://containers.cloud.ibm.com/global/v1/keys"
+        RESET_URL="https://containers.$CLOUD_ENDPOINT/global/v1/keys"
         result=$(curl -i -H "accept: application/json" -H "X-Region: $REGION" -H "Authorization: $IAM_TOKEN" -H "X-Auth-Resource-Group: $RESOURCE_GROUP_ID" -X POST "$RESET_URL" -d '' 2>/dev/null)
         status_code=$(echo "$result" | head -n 1 | cut -d$' ' -f2)
     fi
