feat: support for ocp v4.15 (#423)

Author: Aashiq-J

README.md

@@ -194,7 +194,7 @@ Optionally, you need the following permissions to attach Access Management tags
 | Name | Version |
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.3.0, < 1.7.0 |
-| <a name="requirement_ibm"></a> [ibm](#requirement\_ibm) | >= 1.63.0, < 2.0.0 |
+| <a name="requirement_ibm"></a> [ibm](#requirement\_ibm) | >= 1.64.0, < 2.0.0 |
 | <a name="requirement_kubernetes"></a> [kubernetes](#requirement\_kubernetes) | >= 2.16.1, < 3.0.0 |
 | <a name="requirement_null"></a> [null](#requirement\_null) | >= 3.2.1, < 4.0.0 |
 
@@ -244,6 +244,7 @@ Optionally, you need the following permissions to attach Access Management tags
 | <a name="input_cluster_ready_when"></a> [cluster\_ready\_when](#input\_cluster\_ready\_when) | The cluster is ready when one of the following: MasterNodeReady (not recommended), OneWorkerNodeReady, Normal, IngressReady | `string` | `"IngressReady"` | no |
 | <a name="input_cos_name"></a> [cos\_name](#input\_cos\_name) | Name of the COS instance to provision for OpenShift internal registry storage. New instance only provisioned if 'enable\_registry\_storage' is true and 'use\_existing\_cos' is false. Default: '<cluster\_name>\_cos' | `string` | `null` | no |
 | <a name="input_custom_security_group_ids"></a> [custom\_security\_group\_ids](#input\_custom\_security\_group\_ids) | Security groups to add to all worker nodes. This comes in addition to the IBM maintained security group if attach\_ibm\_managed\_security\_group is set to true. If this variable is set, the default VPC security group is NOT assigned to the worker nodes. | `list(string)` | `null` | no |
+| <a name="input_disable_outbound_traffic_protection"></a> [disable\_outbound\_traffic\_protection](#input\_disable\_outbound\_traffic\_protection) | Whether to allow public outbound access from the cluster workers. This is only applicable for `ocp_version` 4.15 | `bool` | `false` | no |
 | <a name="input_disable_public_endpoint"></a> [disable\_public\_endpoint](#input\_disable\_public\_endpoint) | Whether access to the public service endpoint is disabled when the cluster is created. Does not affect existing clusters. You can't disable a public endpoint on an existing cluster, so you can't convert a public cluster to a private cluster. To change a public endpoint to private, create another cluster with this input set to `true`. | `bool` | `false` | no |
 | <a name="input_enable_registry_storage"></a> [enable\_registry\_storage](#input\_enable\_registry\_storage) | Set to `true` to enable IBM Cloud Object Storage for the Red Hat OpenShift internal image registry. Set to `false` only for new cluster deployments in an account that is allowlisted for this feature. | `bool` | `true` | no |
 | <a name="input_existing_cos_id"></a> [existing\_cos\_id](#input\_existing\_cos\_id) | The COS id of an already existing COS instance to use for OpenShift internal registry storage. Only required if 'enable\_registry\_storage' and 'use\_existing\_cos' are true | `string` | `null` | no |

examples/add_rules_to_sg/version.tf

@@ -6,7 +6,7 @@ terraform {
   required_providers {
     ibm = {
       source  = "IBM-Cloud/ibm"
-      version = "1.63.0"
+      version = "1.64.0"
     }
   }
 }

examples/advanced/version.tf

@@ -6,7 +6,7 @@ terraform {
   required_providers {
     ibm = {
       source  = "IBM-Cloud/ibm"
-      version = ">= 1.63.0"
+      version = ">= 1.64.0"
     }
     kubernetes = {
       source  = "hashicorp/kubernetes"

examples/basic/version.tf

@@ -6,7 +6,7 @@ terraform {
   required_providers {
     ibm = {
       source  = "IBM-Cloud/ibm"
-      version = "1.63.0"
+      version = "1.64.0"
     }
   }
 }

examples/cross_kms_support/version.tf

@@ -6,7 +6,7 @@ terraform {
   required_providers {
     ibm = {
       source  = "IBM-Cloud/ibm"
-      version = ">= 1.63.0"
+      version = ">= 1.64.0"
     }
   }
 }

examples/custom_sg/version.tf

@@ -6,7 +6,7 @@ terraform {
   required_providers {
     ibm = {
       source  = "IBM-Cloud/ibm"
-      version = ">= 1.63.0"
+      version = ">= 1.64.0"
     }
   }
 }

examples/fscloud/version.tf

@@ -6,7 +6,7 @@ terraform {
   required_providers {
     ibm = {
       source  = "ibm-cloud/ibm"
-      version = ">= 1.63.0"
+      version = ">= 1.64.0"
     }
     logdna = {
       source  = "logdna/logdna"

examples/multiple_mzr_clusters/version.tf

@@ -6,7 +6,7 @@ terraform {
   required_providers {
     ibm = {
       source  = "ibm-cloud/ibm"
-      version = ">= 1.63.0"
+      version = ">= 1.64.0"
     }
     kubernetes = {
       source  = "hashicorp/kubernetes"

main.tf

@@ -86,24 +86,25 @@ resource "ibm_resource_tag" "cos_access_tag" {
 ##############################################################################
 
 resource "ibm_container_vpc_cluster" "cluster" {
-  depends_on                      = [null_resource.reset_api_key]
-  count                           = var.ignore_worker_pool_size_changes ? 0 : 1
-  name                            = var.cluster_name
-  vpc_id                          = var.vpc_id
-  tags                            = var.tags
-  kube_version                    = local.ocp_version
-  flavor                          = local.default_pool.machine_type
-  entitlement                     = var.ocp_entitlement
-  cos_instance_crn                = local.cos_instance_crn
-  worker_count                    = local.default_pool.workers_per_zone
-  resource_group_id               = var.resource_group_id
-  wait_till                       = var.cluster_ready_when
-  force_delete_storage            = var.force_delete_storage
-  disable_public_service_endpoint = var.disable_public_endpoint
-  worker_labels                   = local.default_pool.labels
-  crk                             = local.default_pool.boot_volume_encryption_kms_config == null ? null : local.default_pool.boot_volume_encryption_kms_config.crk
-  kms_instance_id                 = local.default_pool.boot_volume_encryption_kms_config == null ? null : local.default_pool.boot_volume_encryption_kms_config.kms_instance_id
-  kms_account_id                  = local.default_pool.boot_volume_encryption_kms_config == null ? null : local.default_pool.boot_volume_encryption_kms_config.kms_account_id
+  depends_on                          = [null_resource.reset_api_key]
+  count                               = var.ignore_worker_pool_size_changes ? 0 : 1
+  name                                = var.cluster_name
+  vpc_id                              = var.vpc_id
+  tags                                = var.tags
+  kube_version                        = local.ocp_version
+  flavor                              = local.default_pool.machine_type
+  entitlement                         = var.ocp_entitlement
+  cos_instance_crn                    = local.cos_instance_crn
+  worker_count                        = local.default_pool.workers_per_zone
+  resource_group_id                   = var.resource_group_id
+  wait_till                           = var.cluster_ready_when
+  force_delete_storage                = var.force_delete_storage
+  disable_public_service_endpoint     = var.disable_public_endpoint
+  worker_labels                       = local.default_pool.labels
+  disable_outbound_traffic_protection = var.disable_outbound_traffic_protection
+  crk                                 = local.default_pool.boot_volume_encryption_kms_config == null ? null : local.default_pool.boot_volume_encryption_kms_config.crk
+  kms_instance_id                     = local.default_pool.boot_volume_encryption_kms_config == null ? null : local.default_pool.boot_volume_encryption_kms_config.kms_instance_id
+  kms_account_id                      = local.default_pool.boot_volume_encryption_kms_config == null ? null : local.default_pool.boot_volume_encryption_kms_config.kms_account_id
 
   security_groups = local.cluster_security_groups
 
@@ -151,24 +152,25 @@ resource "ibm_container_vpc_cluster" "cluster" {
 
 # copy of the cluster resource above which ignores changes to the worker pool for use in autoscaling scenarios
 resource "ibm_container_vpc_cluster" "autoscaling_cluster" {
-  depends_on                      = [null_resource.reset_api_key]
-  count                           = var.ignore_worker_pool_size_changes ? 1 : 0
-  name                            = var.cluster_name
-  vpc_id                          = var.vpc_id
-  tags                            = var.tags
-  kube_version                    = local.ocp_version
-  flavor                          = local.default_pool.machine_type
-  entitlement                     = var.ocp_entitlement
-  cos_instance_crn                = local.cos_instance_crn
-  worker_count                    = local.default_pool.workers_per_zone
-  resource_group_id               = var.resource_group_id
-  wait_till                       = var.cluster_ready_when
-  force_delete_storage            = var.force_delete_storage
-  disable_public_service_endpoint = var.disable_public_endpoint
-  worker_labels                   = local.default_pool.labels
-  crk                             = local.default_pool.boot_volume_encryption_kms_config == null ? null : local.default_pool.boot_volume_encryption_kms_config.crk
-  kms_instance_id                 = local.default_pool.boot_volume_encryption_kms_config == null ? null : local.default_pool.boot_volume_encryption_kms_config.kms_instance_id
-  kms_account_id                  = local.default_pool.boot_volume_encryption_kms_config == null ? null : local.default_pool.boot_volume_encryption_kms_config.kms_account_id
+  depends_on                          = [null_resource.reset_api_key]
+  count                               = var.ignore_worker_pool_size_changes ? 1 : 0
+  name                                = var.cluster_name
+  vpc_id                              = var.vpc_id
+  tags                                = var.tags
+  kube_version                        = local.ocp_version
+  flavor                              = local.default_pool.machine_type
+  entitlement                         = var.ocp_entitlement
+  cos_instance_crn                    = local.cos_instance_crn
+  worker_count                        = local.default_pool.workers_per_zone
+  resource_group_id                   = var.resource_group_id
+  wait_till                           = var.cluster_ready_when
+  force_delete_storage                = var.force_delete_storage
+  disable_public_service_endpoint     = var.disable_public_endpoint
+  worker_labels                       = local.default_pool.labels
+  disable_outbound_traffic_protection = var.disable_outbound_traffic_protection
+  crk                                 = local.default_pool.boot_volume_encryption_kms_config == null ? null : local.default_pool.boot_volume_encryption_kms_config.crk
+  kms_instance_id                     = local.default_pool.boot_volume_encryption_kms_config == null ? null : local.default_pool.boot_volume_encryption_kms_config.kms_instance_id
+  kms_account_id                      = local.default_pool.boot_volume_encryption_kms_config == null ? null : local.default_pool.boot_volume_encryption_kms_config.kms_account_id
 
   security_groups = local.cluster_security_groups
 

modules/fscloud/README.md

@@ -13,7 +13,7 @@ It has been scanned by [IBM Code Risk Analyzer (CRA)](https://cloud.ibm.com/docs
 | Name | Version |
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.3.0, < 1.7.0 |
-| <a name="requirement_ibm"></a> [ibm](#requirement\_ibm) | >= 1.63.0, < 2.0.0 |
+| <a name="requirement_ibm"></a> [ibm](#requirement\_ibm) | >= 1.64.0, < 2.0.0 |
 | <a name="requirement_kubernetes"></a> [kubernetes](#requirement\_kubernetes) | >= 2.16.1, < 3.0.0 |
 | <a name="requirement_null"></a> [null](#requirement\_null) | >= 3.2.1, < 4.0.0 |
 | <a name="requirement_time"></a> [time](#requirement\_time) | >= 0.9.1, < 1.0.0 |