feat: The worker_pools input variable now requires a value for the operating_system option to be passed to it (#516)

Aayush-Abhyarthi · web-flow · commit f7a2638360de · 2024-10-09T10:18:00.000+01:00
diff --git a/README.md b/README.md
@@ -111,6 +111,7 @@ module "ocp_base" {
       pool_name        = "default"
       machine_type     = "bx2.4x16"
       workers_per_zone = 2
+      operating_system = "REDHAT_8_64"
     }
   ]
 }
@@ -323,7 +324,7 @@ Optionally, you need the following permissions to attach Access Management tags
 | <a name="input_verify_worker_network_readiness"></a> [verify\_worker\_network\_readiness](#input\_verify\_worker\_network\_readiness) | By setting this to true, a script will run kubectl commands to verify that all worker nodes can communicate successfully with the master. If the runtime does not have access to the kube cluster to run kubectl commands, this should be set to false. | `bool` | `true` | no |
 | <a name="input_vpc_id"></a> [vpc\_id](#input\_vpc\_id) | Id of the VPC instance where this cluster will be provisioned | `string` | n/a | yes |
 | <a name="input_vpc_subnets"></a> [vpc\_subnets](#input\_vpc\_subnets) | Metadata that describes the VPC's subnets. Obtain this information from the VPC where this cluster will be created | <pre>map(list(object({<br/>    id         = string<br/>    zone       = string<br/>    cidr_block = string<br/>  })))</pre> | n/a | yes |
-| <a name="input_worker_pools"></a> [worker\_pools](#input\_worker\_pools) | List of worker pools | <pre>list(object({<br/>    subnet_prefix = optional(string)<br/>    vpc_subnets = optional(list(object({<br/>      id         = string<br/>      zone       = string<br/>      cidr_block = string<br/>    })))<br/>    pool_name         = string<br/>    machine_type      = string<br/>    workers_per_zone  = number<br/>    resource_group_id = optional(string)<br/>    operating_system  = optional(string)<br/>    labels            = optional(map(string))<br/>    minSize           = optional(number)<br/>    secondary_storage = optional(string)<br/>    maxSize           = optional(number)<br/>    enableAutoscaling = optional(bool)<br/>    boot_volume_encryption_kms_config = optional(object({<br/>      crk             = string<br/>      kms_instance_id = string<br/>      kms_account_id  = optional(string)<br/>    }))<br/>    additional_security_group_ids = optional(list(string))<br/>  }))</pre> | n/a | yes |
+| <a name="input_worker_pools"></a> [worker\_pools](#input\_worker\_pools) | List of worker pools | <pre>list(object({<br/>    subnet_prefix = optional(string)<br/>    vpc_subnets = optional(list(object({<br/>      id         = string<br/>      zone       = string<br/>      cidr_block = string<br/>    })))<br/>    pool_name         = string<br/>    machine_type      = string<br/>    workers_per_zone  = number<br/>    resource_group_id = optional(string)<br/>    operating_system  = string<br/>    labels            = optional(map(string))<br/>    minSize           = optional(number)<br/>    secondary_storage = optional(string)<br/>    maxSize           = optional(number)<br/>    enableAutoscaling = optional(bool)<br/>    boot_volume_encryption_kms_config = optional(object({<br/>      crk             = string<br/>      kms_instance_id = string<br/>      kms_account_id  = optional(string)<br/>    }))<br/>    additional_security_group_ids = optional(list(string))<br/>  }))</pre> | n/a | yes |
 | <a name="input_worker_pools_taints"></a> [worker\_pools\_taints](#input\_worker\_pools\_taints) | Optional, Map of lists containing node taints by node-pool name | `map(list(object({ key = string, value = string, effect = string })))` | `null` | no |
 
 ### Outputs
diff --git a/examples/add_rules_to_sg/main.tf b/examples/add_rules_to_sg/main.tf
@@ -158,6 +158,7 @@ locals {
       pool_name         = "default" # ibm_container_vpc_cluster automatically names standard pool "standard" (See https://github.com/IBM-Cloud/terraform-provider-ibm/issues/2849)
       machine_type      = "bx2.4x16"
       workers_per_zone  = 2
+      operating_system  = "REDHAT_8_64"
       labels            = {}
       resource_group_id = module.resource_group.resource_group_id
     }
diff --git a/examples/advanced/main.tf b/examples/advanced/main.tf
@@ -111,6 +111,7 @@ locals {
       pool_name                         = "default" # ibm_container_vpc_cluster automatically names default pool "default" (See https://github.com/IBM-Cloud/terraform-provider-ibm/issues/2849)
       machine_type                      = "mx2.4x32"
       workers_per_zone                  = 1
+      operating_system                  = "REDHAT_8_64"
       enableAutoscaling                 = true
       minSize                           = 1
       maxSize                           = 6
@@ -122,13 +123,15 @@ locals {
       machine_type                      = "bx2.4x16"
       workers_per_zone                  = 1
       secondary_storage                 = "300gb.5iops-tier"
+      operating_system                  = "REDHAT_8_64"
       boot_volume_encryption_kms_config = local.boot_volume_encryption_kms_config
     },
     {
       subnet_prefix                     = "zone-3"
       pool_name                         = "zone-3"
       machine_type                      = "bx2.4x16"
       workers_per_zone                  = 1
+      operating_system                  = "REDHAT_8_64"
       boot_volume_encryption_kms_config = local.boot_volume_encryption_kms_config
     }
   ]
diff --git a/examples/basic/main.tf b/examples/basic/main.tf
@@ -63,6 +63,7 @@ locals {
       pool_name        = "default" # ibm_container_vpc_cluster automatically names default pool "default" (See https://github.com/IBM-Cloud/terraform-provider-ibm/issues/2849)
       machine_type     = "bx2.4x16"
       workers_per_zone = 2 # minimum of 2 is allowed when using single zone
+      operating_system = "REDHAT_8_64"
     }
   ]
 }
diff --git a/examples/cross_kms_support/main.tf b/examples/cross_kms_support/main.tf
@@ -68,6 +68,7 @@ locals {
       pool_name                         = "default" # ibm_container_vpc_cluster automatically names default pool "default" (See https://github.com/IBM-Cloud/terraform-provider-ibm/issues/2849)
       machine_type                      = "bx2.4x16"
       workers_per_zone                  = 2 # minimum of 2 is allowed when using single zone
+      operating_system                  = "REDHAT_8_64"
       boot_volume_encryption_kms_config = local.boot_volume_encryption_kms_config
     }
   ]
diff --git a/examples/custom_sg/main.tf b/examples/custom_sg/main.tf
@@ -63,12 +63,14 @@ locals {
       pool_name        = "default" # ibm_container_vpc_cluster automatically names default pool "default" (See https://github.com/IBM-Cloud/terraform-provider-ibm/issues/2849)
       machine_type     = "bx2.4x16"
       workers_per_zone = 2 # minimum of 2 is allowed when using single zone
+      operating_system = "REDHAT_8_64"
     },
     {
       subnet_prefix                 = "default"
       pool_name                     = "custom-sg"
       machine_type                  = "bx2.4x16"
       workers_per_zone              = 2
+      operating_system              = "REDHAT_8_64"
       additional_security_group_ids = [module.custom_sg["custom-worker-pool-sg"].security_group_id]
     },
   ]
diff --git a/examples/fscloud/main.tf b/examples/fscloud/main.tf
@@ -222,6 +222,7 @@ locals {
       pool_name         = "default" # ibm_container_vpc_cluster automatically names default pool "default" (See https://github.com/IBM-Cloud/terraform-provider-ibm/issues/2849)
       machine_type      = "bx2.4x16"
       workers_per_zone  = 2
+      operating_system  = "RHCOS"
       labels            = {}
       resource_group_id = module.resource_group.resource_group_id
       boot_volume_encryption_kms_config = {
diff --git a/main.tf b/main.tf
@@ -56,7 +56,7 @@ locals {
   ocp_version_num           = regex("^([0-9]+\\.[0-9]+)", local.ocp_version)[0]
   is_valid_version          = local.ocp_version_num != null ? tonumber(local.ocp_version_num) >= 4.15 : false
   rhcos_allowed_ocp_version = var.operating_system == local.os_rhcos && local.is_valid_version
-  worker_pool_rhcos_entry   = [for worker in var.worker_pools : (worker.operating_system == null || worker.operating_system == local.os_rhel || (worker.operating_system == local.os_rhcos && local.is_valid_version) ? true : false)]
+  worker_pool_rhcos_entry   = [for worker in var.worker_pools : (worker.operating_system == local.os_rhel || (worker.operating_system == local.os_rhcos && local.is_valid_version) ? true : false)]
 
   # To verify rhcos operating system exists only for OCP versions >=4.15
   # tflint-ignore: terraform_unused_declarations
@@ -66,8 +66,9 @@ locals {
   worker_pool_rhcos_validation = alltrue(local.worker_pool_rhcos_entry) ? true : tobool("RHCOS requires VPC clusters created from 4.15 onwards. Upgraded clusters from 4.14 cannot use RHCOS")
 
   # Validate if default worker pool's operating system is RHEL, all pools' operating system must be RHEL
-  check_other_os                      = local.default_pool.operating_system == null || local.default_pool.operating_system == local.os_rhcos
-  rhel_check_for_all_standalone_pools = [for pool in var.worker_pools : pool.pool_name != "default" && pool.operating_system == local.os_rhel ? true : false]
+  check_other_os                      = local.default_pool.operating_system == local.os_rhcos
+  rhel_check_for_all_standalone_pools = [for pool in var.worker_pools : pool.operating_system == local.os_rhel if pool.pool_name != "default"]
+
   # tflint-ignore: terraform_unused_declarations
   valid_rhel_worker_pools = local.check_other_os || (local.default_pool.operating_system == local.os_rhel && alltrue(local.rhel_check_for_all_standalone_pools)) == true ? true : tobool("Choosing RHEL for the default worker pool will limit all additional worker pools to RHEL.")
 
diff --git a/modules/fscloud/README.md b/modules/fscloud/README.md
@@ -7,6 +7,86 @@ This is a profile for IBM Cloud Red Hat OpenShift cluster on VPC Gen2 that meets
 It has been scanned by [IBM Code Risk Analyzer (CRA)](https://cloud.ibm.com/docs/code-risk-analyzer-cli-plugin?topic=code-risk-analyzer-cli-plugin-cra-cli-plugin#terraform-command) and meets all applicable goals.
 
 
+### Usage
+
+```hcl
+module "ocp_base_fscloud" {
+  source               = "terraform-ibm-modules/terraform-ibm-base-ocp-vpc/ibm//modules/fscloud"
+  version              = "X.X.X" # Replace "X.X.X" with a release version to lock into a specific release
+  cluster_name         = "example-fs-cluster-name"
+  resource_group_id    = "xxXXxxXXxXxXXXXxxXxxxXXXXxXXXXX"
+  region               = "us-south"
+  force_delete_storage = true
+  vpc_id               = "79cxxxx-xxxx-xxxx-xxxx-xxxxxXX8667"
+  # obtain the below values from the targeted VPC and adjust to the number of zones, subnets, subnet name, cidr_block, id, zone
+  vpc_subnets          = {
+    zone-1    = [
+        {
+            cidr_block = "192.168.32.0/22"
+            id         = "0717-afc29fbb-0dbe-493a-a5b9-f3c5899cb8b9"
+            zone       = "us-south-1"
+        },
+        {
+            cidr_block = "192.168.36.0/22"
+            id         = "0727-d65c1eda-9e38-4200-8452-cb8ff5bb3140"
+            zone       = "us-south-2"
+        },
+        {
+            cidr_block = "192.168.40.0/22"
+            id         = "0737-9a823cd3-16bf-4ba4-a429-9e1fc7db74b8"
+            zone       = "us-south-3"
+        }
+    ]
+    zone-2 = [
+        {
+            cidr_block = "192.168.0.0/22"
+            id         = "0717-846b9490-34ae-4a6c-8288-28112dca1ba3"
+            zone       = "us-south-1"
+        },
+        {
+            cidr_block = "192.168.4.0/22"
+            id         = "0727-ef8db7f6-ffa5-4d8b-a317-4631741a45ee"
+            zone       = "us-south-2"
+        },
+        {
+            cidr_block = "192.168.8.0/22"
+            id         = "0737-c9a6d871-d95b-4914-abf5-82c22f4161d1"
+            zone       = "us-south-3"
+        }
+    ]
+    zone-3 = [
+        {
+            cidr_block = "192.168.16.0/22"
+            id         = "0717-d46e227c-89d4-4b02-9008-d03907a275b6"
+            zone       = "us-south-1"
+        },
+        {
+            cidr_block = "192.168.20.0/22"
+            id         = "0727-93b1edcb-966c-4517-a7af-6ac63cd93adf"
+            zone       = "us-south-2"
+        },
+        {
+            cidr_block = "192.168.24.0/22"
+            id         = "0737-807ec4f1-4d84-484e-b2f4-62dd5e431065"
+            zone       = "us-south-3"
+        }
+    ]
+  }
+  worker_pools         = [
+    {
+      subnet_prefix    = "default"
+      pool_name        = "default"
+      machine_type     = "bx2.4x16"
+      workers_per_zone = 2
+      operating_system = "REDHAT_8_64"
+    }
+  ]
+  import_default_worker_pool_on_create = false
+  use_private_endpoint                 = true
+
+}
+```
+
 <!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
 ### Requirements
 
@@ -60,7 +140,7 @@ No resources.
 | <a name="input_verify_worker_network_readiness"></a> [verify\_worker\_network\_readiness](#input\_verify\_worker\_network\_readiness) | By setting this to true, a script will run kubectl commands to verify that all worker nodes can communicate successfully with the master. If the runtime does not have access to the kube cluster to run kubectl commands, this should be set to false. | `bool` | `true` | no |
 | <a name="input_vpc_id"></a> [vpc\_id](#input\_vpc\_id) | ID of the VPC instance where this cluster will be provisioned | `string` | n/a | yes |
 | <a name="input_vpc_subnets"></a> [vpc\_subnets](#input\_vpc\_subnets) | Metadata that describes the VPC's subnets. Obtain this information from the VPC where this cluster will be created | <pre>map(list(object({<br/>    id         = string<br/>    zone       = string<br/>    cidr_block = string<br/>  })))</pre> | n/a | yes |
-| <a name="input_worker_pools"></a> [worker\_pools](#input\_worker\_pools) | List of worker pools | <pre>list(object({<br/>    subnet_prefix = optional(string)<br/>    vpc_subnets = optional(list(object({<br/>      id         = string<br/>      zone       = string<br/>      cidr_block = string<br/>    })))<br/>    pool_name         = string<br/>    machine_type      = string<br/>    workers_per_zone  = number<br/>    resource_group_id = optional(string)<br/>    operating_system  = optional(string)<br/>    labels            = optional(map(string))<br/>    minSize           = optional(number)<br/>    secondary_storage = optional(string)<br/>    maxSize           = optional(number)<br/>    enableAutoscaling = optional(bool)<br/>    boot_volume_encryption_kms_config = optional(object({<br/>      crk             = string<br/>      kms_instance_id = string<br/>      kms_account_id  = optional(string)<br/>    }))<br/>    additional_security_group_ids = optional(list(string))<br/>  }))</pre> | n/a | yes |
+| <a name="input_worker_pools"></a> [worker\_pools](#input\_worker\_pools) | List of worker pools | <pre>list(object({<br/>    subnet_prefix = optional(string)<br/>    vpc_subnets = optional(list(object({<br/>      id         = string<br/>      zone       = string<br/>      cidr_block = string<br/>    })))<br/>    pool_name         = string<br/>    machine_type      = string<br/>    workers_per_zone  = number<br/>    resource_group_id = optional(string)<br/>    operating_system  = string<br/>    labels            = optional(map(string))<br/>    minSize           = optional(number)<br/>    secondary_storage = optional(string)<br/>    maxSize           = optional(number)<br/>    enableAutoscaling = optional(bool)<br/>    boot_volume_encryption_kms_config = optional(object({<br/>      crk             = string<br/>      kms_instance_id = string<br/>      kms_account_id  = optional(string)<br/>    }))<br/>    additional_security_group_ids = optional(list(string))<br/>  }))</pre> | n/a | yes |
 | <a name="input_worker_pools_taints"></a> [worker\_pools\_taints](#input\_worker\_pools\_taints) | Optional, Map of lists containing node taints by node-pool name | `map(list(object({ key = string, value = string, effect = string })))` | `null` | no |
 
 ### Outputs
diff --git a/modules/fscloud/variables.tf b/modules/fscloud/variables.tf
@@ -66,7 +66,7 @@ variable "worker_pools" {
     machine_type      = string
     workers_per_zone  = number
     resource_group_id = optional(string)
-    operating_system  = optional(string)
+    operating_system  = string
     labels            = optional(map(string))
     minSize           = optional(number)
     secondary_storage = optional(string)
diff --git a/variables.tf b/variables.tf
@@ -66,7 +66,7 @@ variable "worker_pools" {
     machine_type      = string
     workers_per_zone  = number
     resource_group_id = optional(string)
-    operating_system  = optional(string)
+    operating_system  = string
     labels            = optional(map(string))
     minSize           = optional(number)
     secondary_storage = optional(string)
@@ -106,7 +106,6 @@ variable "worker_pools" {
     condition = alltrue([
       for worker_pool in var.worker_pools :
       anytrue([
-        worker_pool.operating_system == null,
         worker_pool.operating_system == "REDHAT_8_64",
         worker_pool.operating_system == "RHCOS"
       ])

Original file line number	Diff line number	Diff line change
`@@ -111,6 +111,7 @@ module "ocp_base" {`
`111`	`111`	`pool_name = "default"`
`112`	`112`	`machine_type = "bx2.4x16"`
`113`	`113`	`workers_per_zone = 2`
	`114`	`+ operating_system = "REDHAT_8_64"`
`114`	`115`	`}`
`115`	`116`	`]`
`116`	`117`	`}`
`@@ -323,7 +324,7 @@ Optionally, you need the following permissions to attach Access Management tags`
`323`	`324`	\| <a name="input_verify_worker_network_readiness"></a> [verify\_worker\_network\_readiness](#input\_verify\_worker\_network\_readiness) \| By setting this to true, a script will run kubectl commands to verify that all worker nodes can communicate successfully with the master. If the runtime does not have access to the kube cluster to run kubectl commands, this should be set to false. \| `bool` \| `true` \| no \|
`324`	`325`	\| <a name="input_vpc_id"></a> [vpc\_id](#input\_vpc\_id) \| Id of the VPC instance where this cluster will be provisioned \| `string` \| n/a \| yes \|
`325`	`326`	`\| <a name="input_vpc_subnets"></a> [vpc\_subnets](#input\_vpc\_subnets) \| Metadata that describes the VPC's subnets. Obtain this information from the VPC where this cluster will be created \| <pre>map(list(object({<br/> id = string<br/> zone = string<br/> cidr_block = string<br/> })))</pre> \| n/a \| yes \|`
`326`		-\| <a name="input_worker_pools"></a> [worker\_pools](#input\_worker\_pools) \| List of worker pools \| <pre>list(object({<br/> subnet_prefix = optional(string)<br/> vpc_subnets = optional(list(object({<br/> id = string<br/> zone = string<br/> cidr_block = string<br/> })))<br/> pool_name = string<br/> machine_type = string<br/> workers_per_zone = number<br/> resource_group_id = optional(string)<br/> operating_system = optional(string)<br/> labels = optional(map(string))<br/> minSize = optional(number)<br/> secondary_storage = optional(string)<br/> maxSize = optional(number)<br/> enableAutoscaling = optional(bool)<br/> boot_volume_encryption_kms_config = optional(object({<br/> crk = string<br/> kms_instance_id = string<br/> kms_account_id = optional(string)<br/> }))<br/> additional_security_group_ids = optional(list(string))<br/> }))</pre> \| n/a \| yes \|
	`327`	+\| <a name="input_worker_pools"></a> [worker\_pools](#input\_worker\_pools) \| List of worker pools \| <pre>list(object({<br/> subnet_prefix = optional(string)<br/> vpc_subnets = optional(list(object({<br/> id = string<br/> zone = string<br/> cidr_block = string<br/> })))<br/> pool_name = string<br/> machine_type = string<br/> workers_per_zone = number<br/> resource_group_id = optional(string)<br/> operating_system = string<br/> labels = optional(map(string))<br/> minSize = optional(number)<br/> secondary_storage = optional(string)<br/> maxSize = optional(number)<br/> enableAutoscaling = optional(bool)<br/> boot_volume_encryption_kms_config = optional(object({<br/> crk = string<br/> kms_instance_id = string<br/> kms_account_id = optional(string)<br/> }))<br/> additional_security_group_ids = optional(list(string))<br/> }))</pre> \| n/a \| yes \|
`327`	`328`	\| <a name="input_worker_pools_taints"></a> [worker\_pools\_taints](#input\_worker\_pools\_taints) \| Optional, Map of lists containing node taints by node-pool name \| `map(list(object({ key = string, value = string, effect = string })))` \| `null` \| no \|
`328`	`329`
`329`	`330`	`### Outputs`
Original file line number	Diff line number	Diff line change
`@@ -158,6 +158,7 @@ locals {`
`158`	`158`	`pool_name = "default" # ibm_container_vpc_cluster automatically names standard pool "standard" (See https://github.com/IBM-Cloud/terraform-provider-ibm/issues/2849)`
`159`	`159`	`machine_type = "bx2.4x16"`
`160`	`160`	`workers_per_zone = 2`
	`161`	`+ operating_system = "REDHAT_8_64"`
`161`	`162`	`labels = {}`
`162`	`163`	`resource_group_id = module.resource_group.resource_group_id`
`163`	`164`	`}`
Original file line number	Diff line number	Diff line change
`@@ -63,6 +63,7 @@ locals {`
`63`	`63`	`pool_name = "default" # ibm_container_vpc_cluster automatically names default pool "default" (See https://github.com/IBM-Cloud/terraform-provider-ibm/issues/2849)`
`64`	`64`	`machine_type = "bx2.4x16"`
`65`	`65`	`workers_per_zone = 2 # minimum of 2 is allowed when using single zone`
	`66`	`+ operating_system = "REDHAT_8_64"`
`66`	`67`	`}`
`67`	`68`	`]`
`68`	`69`	`}`
Original file line number	Diff line number	Diff line change
`@@ -68,6 +68,7 @@ locals {`
`68`	`68`	`pool_name = "default" # ibm_container_vpc_cluster automatically names default pool "default" (See https://github.com/IBM-Cloud/terraform-provider-ibm/issues/2849)`
`69`	`69`	`machine_type = "bx2.4x16"`
`70`	`70`	`workers_per_zone = 2 # minimum of 2 is allowed when using single zone`
	`71`	`+ operating_system = "REDHAT_8_64"`
`71`	`72`	`boot_volume_encryption_kms_config = local.boot_volume_encryption_kms_config`
`72`	`73`	`}`
`73`	`74`	`]`