diff --git a/README.md b/README.md
index e9636621..5fd99018 100644
--- a/README.md
+++ b/README.md
@@ -111,6 +111,7 @@ module "ocp_base" {
pool_name = "default"
machine_type = "bx2.4x16"
workers_per_zone = 2
+ operating_system = "REDHAT_8_64"
}
]
}
@@ -323,7 +324,7 @@ Optionally, you need the following permissions to attach Access Management tags
| [verify\_worker\_network\_readiness](#input\_verify\_worker\_network\_readiness) | By setting this to true, a script will run kubectl commands to verify that all worker nodes can communicate successfully with the master. If the runtime does not have access to the kube cluster to run kubectl commands, this should be set to false. | `bool` | `true` | no |
| [vpc\_id](#input\_vpc\_id) | Id of the VPC instance where this cluster will be provisioned | `string` | n/a | yes |
| [vpc\_subnets](#input\_vpc\_subnets) | Metadata that describes the VPC's subnets. Obtain this information from the VPC where this cluster will be created | map(list(object({
id = string
zone = string
cidr_block = string
}))) | n/a | yes |
-| [worker\_pools](#input\_worker\_pools) | List of worker pools | list(object({
subnet_prefix = optional(string)
vpc_subnets = optional(list(object({
id = string
zone = string
cidr_block = string
})))
pool_name = string
machine_type = string
workers_per_zone = number
resource_group_id = optional(string)
operating_system = optional(string)
labels = optional(map(string))
minSize = optional(number)
secondary_storage = optional(string)
maxSize = optional(number)
enableAutoscaling = optional(bool)
boot_volume_encryption_kms_config = optional(object({
crk = string
kms_instance_id = string
kms_account_id = optional(string)
}))
additional_security_group_ids = optional(list(string))
})) | n/a | yes |
+| [worker\_pools](#input\_worker\_pools) | List of worker pools | list(object({
subnet_prefix = optional(string)
vpc_subnets = optional(list(object({
id = string
zone = string
cidr_block = string
})))
pool_name = string
machine_type = string
workers_per_zone = number
resource_group_id = optional(string)
operating_system = string
labels = optional(map(string))
minSize = optional(number)
secondary_storage = optional(string)
maxSize = optional(number)
enableAutoscaling = optional(bool)
boot_volume_encryption_kms_config = optional(object({
crk = string
kms_instance_id = string
kms_account_id = optional(string)
}))
additional_security_group_ids = optional(list(string))
})) | n/a | yes |
| [worker\_pools\_taints](#input\_worker\_pools\_taints) | Optional, Map of lists containing node taints by node-pool name | `map(list(object({ key = string, value = string, effect = string })))` | `null` | no |
### Outputs
diff --git a/examples/add_rules_to_sg/main.tf b/examples/add_rules_to_sg/main.tf
index 64f0c33a..bb9c5bb7 100644
--- a/examples/add_rules_to_sg/main.tf
+++ b/examples/add_rules_to_sg/main.tf
@@ -158,6 +158,7 @@ locals {
pool_name = "default" # ibm_container_vpc_cluster automatically names standard pool "standard" (See https://github.com/IBM-Cloud/terraform-provider-ibm/issues/2849)
machine_type = "bx2.4x16"
workers_per_zone = 2
+ operating_system = "REDHAT_8_64"
labels = {}
resource_group_id = module.resource_group.resource_group_id
}
diff --git a/examples/advanced/main.tf b/examples/advanced/main.tf
index 1c735206..50139935 100644
--- a/examples/advanced/main.tf
+++ b/examples/advanced/main.tf
@@ -111,6 +111,7 @@ locals {
pool_name = "default" # ibm_container_vpc_cluster automatically names default pool "default" (See https://github.com/IBM-Cloud/terraform-provider-ibm/issues/2849)
machine_type = "mx2.4x32"
workers_per_zone = 1
+ operating_system = "REDHAT_8_64"
enableAutoscaling = true
minSize = 1
maxSize = 6
@@ -122,6 +123,7 @@ locals {
machine_type = "bx2.4x16"
workers_per_zone = 1
secondary_storage = "300gb.5iops-tier"
+ operating_system = "REDHAT_8_64"
boot_volume_encryption_kms_config = local.boot_volume_encryption_kms_config
},
{
@@ -129,6 +131,7 @@ locals {
pool_name = "zone-3"
machine_type = "bx2.4x16"
workers_per_zone = 1
+ operating_system = "REDHAT_8_64"
boot_volume_encryption_kms_config = local.boot_volume_encryption_kms_config
}
]
diff --git a/examples/basic/main.tf b/examples/basic/main.tf
index 536129c6..634f579d 100644
--- a/examples/basic/main.tf
+++ b/examples/basic/main.tf
@@ -63,6 +63,7 @@ locals {
pool_name = "default" # ibm_container_vpc_cluster automatically names default pool "default" (See https://github.com/IBM-Cloud/terraform-provider-ibm/issues/2849)
machine_type = "bx2.4x16"
workers_per_zone = 2 # minimum of 2 is allowed when using single zone
+ operating_system = "REDHAT_8_64"
}
]
}
diff --git a/examples/cross_kms_support/main.tf b/examples/cross_kms_support/main.tf
index ff0ea5f1..62fa4392 100644
--- a/examples/cross_kms_support/main.tf
+++ b/examples/cross_kms_support/main.tf
@@ -68,6 +68,7 @@ locals {
pool_name = "default" # ibm_container_vpc_cluster automatically names default pool "default" (See https://github.com/IBM-Cloud/terraform-provider-ibm/issues/2849)
machine_type = "bx2.4x16"
workers_per_zone = 2 # minimum of 2 is allowed when using single zone
+ operating_system = "REDHAT_8_64"
boot_volume_encryption_kms_config = local.boot_volume_encryption_kms_config
}
]
diff --git a/examples/custom_sg/main.tf b/examples/custom_sg/main.tf
index fb3260d4..777a9243 100644
--- a/examples/custom_sg/main.tf
+++ b/examples/custom_sg/main.tf
@@ -63,12 +63,14 @@ locals {
pool_name = "default" # ibm_container_vpc_cluster automatically names default pool "default" (See https://github.com/IBM-Cloud/terraform-provider-ibm/issues/2849)
machine_type = "bx2.4x16"
workers_per_zone = 2 # minimum of 2 is allowed when using single zone
+ operating_system = "REDHAT_8_64"
},
{
subnet_prefix = "default"
pool_name = "custom-sg"
machine_type = "bx2.4x16"
workers_per_zone = 2
+ operating_system = "REDHAT_8_64"
additional_security_group_ids = [module.custom_sg["custom-worker-pool-sg"].security_group_id]
},
]
diff --git a/examples/fscloud/main.tf b/examples/fscloud/main.tf
index e0f2b428..e5a66ebd 100644
--- a/examples/fscloud/main.tf
+++ b/examples/fscloud/main.tf
@@ -222,6 +222,7 @@ locals {
pool_name = "default" # ibm_container_vpc_cluster automatically names default pool "default" (See https://github.com/IBM-Cloud/terraform-provider-ibm/issues/2849)
machine_type = "bx2.4x16"
workers_per_zone = 2
+ operating_system = "RHCOS"
labels = {}
resource_group_id = module.resource_group.resource_group_id
boot_volume_encryption_kms_config = {
diff --git a/main.tf b/main.tf
index d153feaa..e5c7e9e9 100644
--- a/main.tf
+++ b/main.tf
@@ -56,7 +56,7 @@ locals {
ocp_version_num = regex("^([0-9]+\\.[0-9]+)", local.ocp_version)[0]
is_valid_version = local.ocp_version_num != null ? tonumber(local.ocp_version_num) >= 4.15 : false
rhcos_allowed_ocp_version = var.operating_system == local.os_rhcos && local.is_valid_version
- worker_pool_rhcos_entry = [for worker in var.worker_pools : (worker.operating_system == null || worker.operating_system == local.os_rhel || (worker.operating_system == local.os_rhcos && local.is_valid_version) ? true : false)]
+ worker_pool_rhcos_entry = [for worker in var.worker_pools : (worker.operating_system == local.os_rhel || (worker.operating_system == local.os_rhcos && local.is_valid_version) ? true : false)]
# To verify rhcos operating system exists only for OCP versions >=4.15
# tflint-ignore: terraform_unused_declarations
@@ -66,8 +66,9 @@ locals {
worker_pool_rhcos_validation = alltrue(local.worker_pool_rhcos_entry) ? true : tobool("RHCOS requires VPC clusters created from 4.15 onwards. Upgraded clusters from 4.14 cannot use RHCOS")
# Validate if default worker pool's operating system is RHEL, all pools' operating system must be RHEL
- check_other_os = local.default_pool.operating_system == null || local.default_pool.operating_system == local.os_rhcos
- rhel_check_for_all_standalone_pools = [for pool in var.worker_pools : pool.pool_name != "default" && pool.operating_system == local.os_rhel ? true : false]
+ check_other_os = local.default_pool.operating_system == local.os_rhcos
+ rhel_check_for_all_standalone_pools = [for pool in var.worker_pools : pool.operating_system == local.os_rhel if pool.pool_name != "default"]
+
# tflint-ignore: terraform_unused_declarations
valid_rhel_worker_pools = local.check_other_os || (local.default_pool.operating_system == local.os_rhel && alltrue(local.rhel_check_for_all_standalone_pools)) == true ? true : tobool("Choosing RHEL for the default worker pool will limit all additional worker pools to RHEL.")
diff --git a/modules/fscloud/README.md b/modules/fscloud/README.md
index 621e6c04..14db9a5f 100644
--- a/modules/fscloud/README.md
+++ b/modules/fscloud/README.md
@@ -7,6 +7,86 @@ This is a profile for IBM Cloud Red Hat OpenShift cluster on VPC Gen2 that meets
It has been scanned by [IBM Code Risk Analyzer (CRA)](https://cloud.ibm.com/docs/code-risk-analyzer-cli-plugin?topic=code-risk-analyzer-cli-plugin-cra-cli-plugin#terraform-command) and meets all applicable goals.
+### Usage
+
+```hcl
+module "ocp_base_fscloud" {
+ source = "terraform-ibm-modules/terraform-ibm-base-ocp-vpc/ibm//modules/fscloud"
+ version = "X.X.X" # Replace "X.X.X" with a release version to lock into a specific release
+ cluster_name = "example-fs-cluster-name"
+ resource_group_id = "xxXXxxXXxXxXXXXxxXxxxXXXXxXXXXX"
+ region = "us-south"
+ force_delete_storage = true
+ vpc_id = "79cxxxx-xxxx-xxxx-xxxx-xxxxxXX8667"
+ # obtain the below values from the targeted VPC and adjust to the number of zones, subnets, subnet name, cidr_block, id, zone
+ vpc_subnets = {
+ zone-1 = [
+ {
+ cidr_block = "192.168.32.0/22"
+ id = "0717-afc29fbb-0dbe-493a-a5b9-f3c5899cb8b9"
+ zone = "us-south-1"
+ },
+ {
+ cidr_block = "192.168.36.0/22"
+ id = "0727-d65c1eda-9e38-4200-8452-cb8ff5bb3140"
+ zone = "us-south-2"
+ },
+ {
+ cidr_block = "192.168.40.0/22"
+ id = "0737-9a823cd3-16bf-4ba4-a429-9e1fc7db74b8"
+ zone = "us-south-3"
+ }
+ ]
+ zone-2 = [
+ {
+ cidr_block = "192.168.0.0/22"
+ id = "0717-846b9490-34ae-4a6c-8288-28112dca1ba3"
+ zone = "us-south-1"
+ },
+ {
+ cidr_block = "192.168.4.0/22"
+ id = "0727-ef8db7f6-ffa5-4d8b-a317-4631741a45ee"
+ zone = "us-south-2"
+ },
+ {
+ cidr_block = "192.168.8.0/22"
+ id = "0737-c9a6d871-d95b-4914-abf5-82c22f4161d1"
+ zone = "us-south-3"
+ }
+ ]
+ zone-3 = [
+ {
+ cidr_block = "192.168.16.0/22"
+ id = "0717-d46e227c-89d4-4b02-9008-d03907a275b6"
+ zone = "us-south-1"
+ },
+ {
+ cidr_block = "192.168.20.0/22"
+ id = "0727-93b1edcb-966c-4517-a7af-6ac63cd93adf"
+ zone = "us-south-2"
+ },
+ {
+ cidr_block = "192.168.24.0/22"
+ id = "0737-807ec4f1-4d84-484e-b2f4-62dd5e431065"
+ zone = "us-south-3"
+ }
+ ]
+ }
+ worker_pools = [
+ {
+ subnet_prefix = "default"
+ pool_name = "default"
+ machine_type = "bx2.4x16"
+ workers_per_zone = 2
+ operating_system = "REDHAT_8_64"
+ }
+ ]
+ import_default_worker_pool_on_create = false
+ use_private_endpoint = true
+
+}
+```
+
### Requirements
@@ -60,7 +140,7 @@ No resources.
| [verify\_worker\_network\_readiness](#input\_verify\_worker\_network\_readiness) | By setting this to true, a script will run kubectl commands to verify that all worker nodes can communicate successfully with the master. If the runtime does not have access to the kube cluster to run kubectl commands, this should be set to false. | `bool` | `true` | no |
| [vpc\_id](#input\_vpc\_id) | ID of the VPC instance where this cluster will be provisioned | `string` | n/a | yes |
| [vpc\_subnets](#input\_vpc\_subnets) | Metadata that describes the VPC's subnets. Obtain this information from the VPC where this cluster will be created | map(list(object({
id = string
zone = string
cidr_block = string
}))) | n/a | yes |
-| [worker\_pools](#input\_worker\_pools) | List of worker pools | list(object({
subnet_prefix = optional(string)
vpc_subnets = optional(list(object({
id = string
zone = string
cidr_block = string
})))
pool_name = string
machine_type = string
workers_per_zone = number
resource_group_id = optional(string)
operating_system = optional(string)
labels = optional(map(string))
minSize = optional(number)
secondary_storage = optional(string)
maxSize = optional(number)
enableAutoscaling = optional(bool)
boot_volume_encryption_kms_config = optional(object({
crk = string
kms_instance_id = string
kms_account_id = optional(string)
}))
additional_security_group_ids = optional(list(string))
})) | n/a | yes |
+| [worker\_pools](#input\_worker\_pools) | List of worker pools | list(object({
subnet_prefix = optional(string)
vpc_subnets = optional(list(object({
id = string
zone = string
cidr_block = string
})))
pool_name = string
machine_type = string
workers_per_zone = number
resource_group_id = optional(string)
operating_system = string
labels = optional(map(string))
minSize = optional(number)
secondary_storage = optional(string)
maxSize = optional(number)
enableAutoscaling = optional(bool)
boot_volume_encryption_kms_config = optional(object({
crk = string
kms_instance_id = string
kms_account_id = optional(string)
}))
additional_security_group_ids = optional(list(string))
})) | n/a | yes |
| [worker\_pools\_taints](#input\_worker\_pools\_taints) | Optional, Map of lists containing node taints by node-pool name | `map(list(object({ key = string, value = string, effect = string })))` | `null` | no |
### Outputs
diff --git a/modules/fscloud/variables.tf b/modules/fscloud/variables.tf
index 09bf712a..4cdd1060 100644
--- a/modules/fscloud/variables.tf
+++ b/modules/fscloud/variables.tf
@@ -66,7 +66,7 @@ variable "worker_pools" {
machine_type = string
workers_per_zone = number
resource_group_id = optional(string)
- operating_system = optional(string)
+ operating_system = string
labels = optional(map(string))
minSize = optional(number)
secondary_storage = optional(string)
diff --git a/variables.tf b/variables.tf
index 9f64d1ff..55823b57 100644
--- a/variables.tf
+++ b/variables.tf
@@ -66,7 +66,7 @@ variable "worker_pools" {
machine_type = string
workers_per_zone = number
resource_group_id = optional(string)
- operating_system = optional(string)
+ operating_system = string
labels = optional(map(string))
minSize = optional(number)
secondary_storage = optional(string)
@@ -106,7 +106,6 @@ variable "worker_pools" {
condition = alltrue([
for worker_pool in var.worker_pools :
anytrue([
- worker_pool.operating_system == null,
worker_pool.operating_system == "REDHAT_8_64",
worker_pool.operating_system == "RHCOS"
])