From 680d4e2d69ce06cd78350d4b63706ee61e94492d Mon Sep 17 00:00:00 2001 From: Aditya-ranjan-16 Date: Fri, 18 Jul 2025 01:19:26 +0530 Subject: [PATCH 01/40] feat: Migration to landing zone OCP DA --- .catalog-onboard-pipeline.yaml | 15 + ibm_catalog.json | 950 +++++++++++++++++++++++++++++++++ 2 files changed, 965 insertions(+) diff --git a/.catalog-onboard-pipeline.yaml b/.catalog-onboard-pipeline.yaml index f1fbee85..abf5c4b0 100644 --- a/.catalog-onboard-pipeline.yaml +++ b/.catalog-onboard-pipeline.yaml @@ -15,3 +15,18 @@ offerings: instance_id: 1c7d5f78-9262-44c3-b779-b28fe4d88c37 region: us-south scope_resource_group_var_name: existing_resource_group_name + + - name: deploy-arch-ibm-slz-ocp + kind: solution + catalog_id: 7df1e4ca-d54c-4fd0-82ce-3d13247308cd + offering_id: 95fccffc-ae3b-42df-b6d9-80be5914d852 + variations: + - name: fully-configurable + mark_ready: true + install_type: fullstack + pre_validation: "tests/scripts/pre-validation-deploy-cos-instance-and-vpc.sh" + post_validation: "tests/scripts/post-validation-destroy-cos-instance-and-vpc.sh" + scc: + instance_id: 1c7d5f78-9262-44c3-b779-b28fe4d88c37 + region: us-south + scope_resource_group_var_name: existing_resource_group_name diff --git a/ibm_catalog.json b/ibm_catalog.json index 3c0bbef7..0373f194 100644 --- a/ibm_catalog.json +++ b/ibm_catalog.json @@ -957,6 +957,956 @@ "terraform_version": "1.10.5" } ] + }, + { + "name": "deploy-arch-ibm-slz-ocp", + "label": "Red Hat OpenShift Container Platform on VPC landing zone", + "product_kind": "solution", + "tags": [ + "compute", + "ibm_created", + "target_terraform", + "terraform", + "reference_architecture", + "solution" + ], + "keywords": [ + "vpc", + "slz", + "IaC", + "infrastructure as code", + "terraform", + "solution", + "Red Hat OpenShift Container Platform", + "OCP" + ], + "short_description": "Creates Red Hat OpenShift workload clusters on a secure VPC network", + "long_description": "The Red Hat OpenShift Container Platform on VPC landing zone provides the tools to deploy a Red Hat OpenShift Container Platform cluster in a single Virtual Private Cloud (VPC) network. The VPC is a multi-zoned, multi-subnet implementation that keeps your VPC secure and highly available.\n", + "offering_docs_url": "https://cloud.ibm.com/docs/secure-infrastructure-vpc?topic=secure-infrastructure-vpc-overview#overview-ocp", + "offering_icon_url": "https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-landing-zone/main/.docs/images/deploy-arch-slz-ocp-lt.svg", + "provider_name": "IBM", + "features": [ + { + "description": "Creates and configures one or more clusters to handle workloads. You can specify the version and cluster size.\n", + "title": "Creates Open Shift Container Platform clusters for workloads" + }, + { + "description": "With worker pools, you can group and manage worker nodes with similar configurations, such as compute resources and availability zones.\n", + "title": "Creates worker pools" + }, + { + "description": "Configures the subnets for the cluster, and specifies the subnets to deploy the worker nodes in.\n", + "title": "Configures subnets for containers" + }, + { + "description": "Configures private and public endpoints for the cluster.\n", + "title": "Supports private and public endpoints" + }, + { + "description": "Configures the ingress controller for the cluster, responsible for routing external traffic to the appropriate services within the cluster.\n", + "title": "Configures ingress" + } + ], + "flavors": [ + { + "label": "Fully configurable", + "name": "fully-configurable", + "index": 1, + "install_type": "fullstack", + "working_directory": "solutions/fully-configurable", + "compliance": { + "authority": "scc-v3", + "profiles": [ + { + "profile_name": "IBM Cloud Framework for Financial Services", + "profile_version": "1.7.0" + } + ] + }, + "iam_permissions": [ + { + "service_name": "containers-kubernetes", + "role_crns": [ + "crn:v1:bluemix:public:iam::::serviceRole:Manager", + "crn:v1:bluemix:public:iam::::role:Editor" + ], + "notes": "Required to create and edit OpenShift cluster and the related resources." + }, + { + "service_name": "iam-identity", + "role_crns": [ + "crn:v1:bluemix:public:iam::::role:Administrator", + "crn:v1:bluemix:public:iam-identity::::serviceRole:UserApiKeyCreator" + ], + "notes": "Required to create the containers-kubernetes-key needed by the OpenShift cluster on IBM Cloud." + }, + { + "service_name": "is.vpc", + "role_crns": [ + "crn:v1:bluemix:public:iam::::role:Administrator" + ], + "notes": "Required for creating Virtual Private Cloud(VPC)." + }, + { + "service_name": "cloud-object-storage", + "role_crns": [ + "crn:v1:bluemix:public:iam::::serviceRole:Manager", + "crn:v1:bluemix:public:iam::::role:Editor" + ], + "notes": "Required to create Cloud Object Storage (COS) Instance." + }, + { + "service_name": "hs-crypto", + "role_crns": [ + "crn:v1:bluemix:public:iam::::serviceRole:Manager", + "crn:v1:bluemix:public:iam::::role:Editor" + ], + "notes": "[Optional] Required if KMS encryption is enabled and IBM Hyper Protect Crypto Services is used to encrypt the Kubernetes Secrets and Object Storage bucket." + }, + { + "service_name": "kms", + "role_crns": [ + "crn:v1:bluemix:public:iam::::serviceRole:Manager", + "crn:v1:bluemix:public:iam::::role:Editor" + ], + "notes": "[Optional] Required if KMS encryption is enabled and Key protect is used for encryption of Kubernetes Secrets and Object Storage bucket." + }, + { + "service_name": "sysdig-monitor", + "role_crns": [ + "crn:v1:bluemix:public:iam::::serviceRole:Manager", + "crn:v1:bluemix:public:iam::::role:Editor" + ], + "notes": "[Optional] Required if you are consuming Observability deployable architecture which sets up Cloud monitoring." + }, + { + "service_name": "logs", + "role_crns": [ + "crn:v1:bluemix:public:iam::::serviceRole:Manager", + "crn:v1:bluemix:public:iam::::role:Editor" + ], + "notes": "[Optional] Required if you are consuming Observability deployable architecture which sets up Cloud logs." + }, + { + "service_name": "logs-router", + "role_crns": [ + "crn:v1:bluemix:public:iam::::serviceRole:Manager" + ], + "notes": "[Optional] Required if you are consuming Observability deployable architecture which sets up Logs Routing." + }, + { + "service_name": "atracker", + "role_crns": [ + "crn:v1:bluemix:public:iam::::serviceRole:Writer", + "crn:v1:bluemix:public:iam::::role:Editor" + ], + "notes": "[Optional] Required if you are consuming Observability deployable architecture which sets up Activity Tracker Event Routing." + }, + { + "service_name": "secrets-manager", + "role_crns": [ + "crn:v1:bluemix:public:iam::::role:Administrator", + "crn:v1:bluemix:public:iam::::serviceRole:Manager" + ], + "notes": "[Optional] Required for creating an Secrets Manager instance. 'Manager' access required to create new secret groups." + } + ], + "architecture": { + "features": [ + { + "title": " ", + "description": "Configured to use IBM secure by default standards, but can be edited to fit your use case." + } + ], + "diagrams": [ + { + "diagram": { + "caption": "Red Hat OpenShift cluster topology", + "url": "https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-base-ocp-vpc/refs/heads/main/reference-architecture/deployable-architecture-ocp-cluster.svg", + "type": "image/svg+xml" + }, + "description": "This architecture supports creation of Red Hat OpenShift cluster within a Virtual Private Cloud (VPC).

You can create a fully-configured VPC by selecting the [Cloud automation for VPC](https://cloud.ibm.com/catalog/7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3/architecture/deploy-arch-ibm-vpc-2af61763-f8ef-4527-a815-b92166f29bc8-global) dependency or you can use an existing VPC if any. The VPC can be provisioned either in a single-zone or multi-zone configuration, depending on your availability requirements. By default, the VPC addon provisions a three-zone VPC, forming the foundation for your OpenShift cluster. This cluster includes a single worker pool distributed across all three zones, with two worker nodes per zone. If you need additional worker pools, you can easily configure them using the additional_worker_pools variable.

A Cloud Object Storage (COS) instance is required for this topology. Within this instance, an Object Storage bucket will be created, which serves as the internal registry storage for the OpenShift cluster. The [Cloud automation for Object Storage](https://cloud.ibm.com/catalog/7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3/architecture/deploy-arch-ibm-cos-68921490-2778-4930-ac6d-bae7be6cd958-global) architecture supports the creation of COS instance. Additionally, the storage bucket can be encrypted using Key Management Services(KMS) to enhance security.

For logging and monitoring needs, you can enable Observability for your cluster. [Cloud automation for Observability](https://cloud.ibm.com/catalog/7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3/architecture/deploy-arch-ibm-observability-a3137d28-79e0-479d-8a24-758ebd5a0eab-global) provides advanced monitoring, logging, and operational insights into the performance and health of your deployment.

Secrets Manager Integration can also be enabled using [Cloud automation for Secrets Manager](https://cloud.ibm.com/catalog/7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3/architecture/dep[…]bm-secrets-manager-6d6ebc76-7bbd-42f5-8bc7-78f4fabd5944-global) for centrally managing Ingress subdomain certificates, ensuring secure management of sensitive credentials.

This architecture provides a robust and secure foundation for deploying and managing your Red Hat OpenShift cluster, enabling seamless integration, enhanced security, and comprehensive monitoring for your cloud-native applications." + } + ] + }, + "configuration": [ + { + "key": "ibmcloud_api_key" + }, + { + "key": "prefix", + "required": true + }, + { + "key": "cluster_name", + "required": true + }, + { + "key": "ocp_version", + "display_name":"openshift_version", + "required": true, + "options": [ + { + "displayname": "4.18", + "value": "4.18" + }, + { + "displayname": "4.17", + "value": "4.17" + }, + { + "displayname": "4.16", + "value": "4.16" + }, + { + "displayname": "4.15", + "value": "4.15" + }, + { + "displayname": "4.14", + "value": "4.14" + } + ] + }, + { + "key": "default_worker_pool_machine_type", + "required": true, + "options": [ + { + "displayname": "bx2.16x64", + "value": "bx2.16x64" + }, + { + "displayname": "bx2.32x128", + "value": "bx2.32x128" + }, + { + "displayname": "bx2.48x192", + "value": "bx2.48x192" + }, + { + "displayname": "bx2.8x32", + "value": "bx2.8x32" + }, + { + "displayname": "bx3d.128x640", + "value": "bx3d.128x640" + }, + { + "displayname": "bx3d.16x80", + "value": "bx3d.16x80" + }, + { + "displayname": "bx3d.24x120", + "value": "bx3d.24x120" + }, + { + "displayname": "bx3d.32x160", + "value": "bx3d.32x160" + }, + { + "displayname": "bx3d.48x240", + "value": "bx3d.48x240" + }, + { + "displayname": "bx3d.64x320", + "value": "bx3d.64x320" + }, + { + "displayname": "bx3d.8x40", + "value": "bx3d.8x40" + }, + { + "displayname": "bx3d.96x480", + "value": "bx3d.96x480" + }, + { + "displayname": "cx2.16x32", + "value": "cx2.16x32" + }, + { + "displayname": "cx2.32x64", + "value": "cx2.32x64" + }, + { + "displayname": "cx2.48x96", + "value": "cx2.48x96" + }, + { + "displayname": "cx3d.128x320", + "value": "cx3d.128x320" + }, + { + "displayname": "cx3d.16x40", + "value": "cx3d.16x40" + }, + { + "displayname": "cx3d.24x60", + "value": "cx3d.24x60" + }, + { + "displayname": "cx3d.32x80", + "value": "cx3d.32x80" + }, + { + "displayname": "cx3d.48x120", + "value": "cx3d.48x120" + }, + { + "displayname": "cx3d.64x160", + "value": "cx3d.64x160" + }, + { + "displayname": "cx3d.96x240", + "value": "cx3d.96x240" + }, + { + "displayname": "mx2.128x1024", + "value": "mx2.128x1024" + }, + { + "displayname": "mx2.16x128", + "value": "mx2.16x128" + }, + { + "displayname": "mx2.32x256", + "value": "mx2.32x256" + }, + { + "displayname": "mx2.48x384", + "value": "mx2.48x384" + }, + { + "displayname": "mx2.64x512", + "value": "mx2.64x512" + }, + { + "displayname": "mx2.8x64", + "value": "mx2.8x64" + }, + { + "displayname": "mx3d.128x1280", + "value": "mx3d.128x1280" + }, + { + "displayname": "mx3d.24x240", + "value": "mx3d.24x240" + }, + { + "displayname": "mx3d.32x320", + "value": "mx3d.32x320" + }, + { + "displayname": "mx3d.48x480", + "value": "mx3d.48x480" + }, + { + "displayname": "mx3d.64x640", + "value": "mx3d.64x640" + }, + { + "displayname": "mx3d.96x960", + "value": "mx3d.96x960" + }, + { + "displayname": "bx2d.metal.96x384 (Only available in Toronto (ca-tor))", + "value": "bx2d.metal.96x384" + }, + { + "displayname": "cx2d.metal.96x192 (Only available in Toronto (ca-tor)) ", + "value": "cx2d.metal.96x192" + }, + { + "displayname": "mx2d.metal.96x768 (Only available in Toronto (ca-tor))) ", + "value": "mx2d.metal.96x768" + }, + { + "displayname": "mx2.16x128.2000gb (Not available in Sao Paulo (br-sao), Montreal (ca-mon), Madrid (eu-es), Osaka (jp-osa))", + "value": "mx2.16x128.2000gb" + }, + { + "displayname": "ox2.128x1024 (Not available in Sao Paulo (br-sao), Montreal (ca-mon))", + "value": "ox2.128x1024" + }, + { + "displayname": "ox2.16x128 (Not available in Sao Paulo (br-sao), Montreal (ca-mon))", + "value": "ox2.16x128" + }, + { + "displayname": "ox2.32x256 (Not available in Sao Paulo (br-sao), Montreal (ca-mon))", + "value": "ox2.32x256" + }, + { + "displayname": "ox2.64x512 (Not available in Sao Paulo (br-sao), Montreal (ca-mon))", + "value": "ox2.64x512" + }, + { + "displayname": "ox2.8x64 (Not available in Sao Paulo (br-sao), Montreal (ca-mon))", + "value": "ox2.8x64" + }, + { + "displayname": "ox2.96x768 (Not available in Sao Paulo (br-sao), Montreal (ca-mon))", + "value": "ox2.96x768" + } + ] + }, + { + "key": "default_worker_pool_workers_per_zone", + "required": true + }, + { + "key": "default_worker_pool_operating_system", + "required": true, + "options": [ + { + "displayname": "RHEL 9", + "value": "RHEL_9_64" + }, + { + "displayname": "Red Hat CoreOS", + "value": "RHCOS" + }, + { + "displayname": "RHEL 8", + "value": "REDHAT_8_64" + } + ] + }, + { + "key": "existing_vpc_crn", + "required": true + }, + { + "key": "region", + "required": true, + "type": "string", + "custom_config": { + "config_constraints": { + "generationType": "2" + }, + "grouping": "deployment", + "original_grouping": "deployment", + "type": "vpc_region" + }, + "description": "Region in which all the resources will be deployed. [Learn More](https://terraform-ibm-modules.github.io/documentation/#/region).", + "virtual": true, + "default_value": "us-south" + }, + { + "key": "existing_cos_instance_crn", + "required": true + }, + { + "key": "enable_platform_metrics", + "type": "string", + "default_value": "true", + "description": "When set to `true`, the IBM Cloud Monitoring instance will be configured to collect platform metrics from the provided region. ⚠️ You can configure 1 instance only of the IBM Cloud Monitoring service per region to collect platform metrics in that location. Check with the account or service administrator if another monitoring instance has already been configured. You may not have permissions to see all monitoring instances in the region. [Learn more](https://cloud.ibm.com/docs/monitoring?topic=monitoring-platform_metrics_enabling).", + "required": true, + "virtual": true, + "options": [ + { + "displayname": "true", + "value": "true" + }, + { + "displayname": "false", + "value": "false" + } + ] + }, + { + "key": "logs_routing_tenant_regions", + "type": "list(string)", + "default_value": "[]", + "description": "To manage platform logs that are generated by IBM Cloud services in a region of IBM Cloud, you must create a tenant in each region that you operate. Pass a list of regions to create a tenant in. For example: [\"us-south\", \"us-east\"]. [Learn more](https://cloud.ibm.com/docs/logs-router?topic=logs-router-about-platform-logs).", + "required": true, + "virtual": true, + "custom_config": { + "grouping": "deployment", + "original_grouping": "deployment", + "config_constraints": { + "type": "string" + } + } + }, + { + "key": "existing_resource_group_name", + "display_name": "resource_group", + "custom_config": { + "type": "resource_group", + "grouping": "deployment", + "original_grouping": "deployment", + "config_constraints": { + "identifier": "rg_name" + } + } + }, + { + "key": "cluster_resource_tags", + "custom_config": { + "type": "array", + "grouping": "deployment", + "original_grouping": "deployment", + "config_constraints": { + "type": "string" + } + } + }, + { + "key": "access_tags", + "custom_config": { + "type": "array", + "grouping": "deployment", + "original_grouping": "deployment", + "config_constraints": { + "type": "string" + } + } + }, + { + "key": "ocp_entitlement" + }, + { + "key": "cluster_ready_when", + "options": [ + { + "displayname": "Normal", + "value": "Normal" + }, + { + "displayname": "IngressReady", + "value": "IngressReady" + }, + { + "displayname": "OneWorkerNodeReady", + "value": "OneWorkerNodeReady" + }, + { + "displayname": "MasterNodeReady", + "value": "MasterNodeReady" + } + ] + }, + { + "key": "enable_ocp_console" + }, + { + "key": "addons" + }, + { + "key": "manage_all_addons" + }, + { + "key": "additional_worker_pools", + "type": "array", + "custom_config": { + "type": "textarea", + "grouping": "deployment", + "original_grouping": "deployment" + } + }, + { + "key": "worker_pools_taints", + "type": "array", + "custom_config": { + "type": "textarea", + "grouping": "deployment", + "original_grouping": "deployment" + } + }, + { + "key": "ignore_worker_pool_size_changes" + }, + { + "key": "allow_default_worker_pool_replacement" + }, + { + "key": "default_worker_pool_labels" + }, + { + "key": "enable_autoscaling_for_default_pool" + }, + { + "key": "default_pool_minimum_number_of_nodes" + }, + { + "key": "default_pool_maximum_number_of_nodes" + }, + { + "key": "additional_security_group_ids" + }, + { + "key": "existing_subnet_ids" + }, + { + "key": "use_private_endpoint" + }, + { + "key": "disable_public_endpoint" + }, + { + "key": "cluster_config_endpoint_type", + "options": [ + { + "displayname": "default", + "value": "default" + }, + { + "displayname": "private", + "value": "private" + }, + { + "displayname": "vpe", + "value": "vpe" + }, + { + "displayname": "link", + "value": "link" + } + ] + }, + { + "key": "disable_outbound_traffic_protection" + }, + { + "key": "verify_worker_network_readiness" + }, + { + "key": "pod_subnet_cidr" + }, + { + "key": "service_subnet_cidr" + }, + { + "key": "custom_security_group_ids" + }, + { + "key": "attach_ibm_managed_security_group" + }, + { + "key": "additional_lb_security_group_ids" + }, + { + "key": "number_of_lbs" + }, + { + "key": "additional_vpe_security_group_ids" + }, + { + "key": "ibmcloud_kms_api_key" + }, + { + "key": "kms_encryption_enabled_cluster" + }, + { + "key": "existing_kms_instance_crn" + }, + { + "key": "existing_cluster_kms_key_crn" + }, + { + "key": "kms_endpoint_type", + "options": [ + { + "displayname": "Public", + "value": "public" + }, + { + "displayname": "Private", + "value": "private" + } + ], + "hidden": true + }, + { + "key": "cluster_kms_key_name" + }, + { + "key": "cluster_kms_key_ring_name" + }, + { + "key": "kms_encryption_enabled_boot_volume" + }, + { + "key": "existing_boot_volume_kms_key_crn" + }, + { + "key": "boot_volume_kms_key_name" + }, + { + "key": "boot_volume_kms_key_ring_name" + }, + { + "key": "cbr_rules", + "display_name": "openshift_cluster_cbr_rules", + "type": "array", + "custom_config": { + "type": "textarea", + "grouping": "deployment", + "original_grouping": "deployment" + } + }, + { + "key": "enable_secrets_manager_integration" + }, + { + "key": "existing_secrets_manager_instance_crn" + }, + { + "key": "secrets_manager_secret_group_id" + }, + { + "key": "secrets_manager_endpoint_type", + "hidden": true + }, + { + "key": "secrets_manager_service_plan", + "required": true, + "virtual": true, + "type": "string", + "options": [ + { + "displayname": "Standard", + "value": "standard" + }, + { + "displayname": "Trial", + "value": "trial" + } + ], + "default_value": "__NOT_SET__", + "description": "The pricing plan to use when provisioning a Secrets Manager instance. Possible values: `standard`, `trial`. You can create only one Trial instance of Secrets Manager per account. Before you can create a new Trial instance, you must delete the existing Trial instance and its reclamation. [Learn more](https://cloud.ibm.com/docs/secrets-manager?topic=secrets-manager-create-instance&interface=ui#upgrade-instance-standard)." + }, + { + "key": "skip_ocp_secrets_manager_iam_auth_policy" + }, + { + "key": "subnets", + "type": "object", + "default_value": "{\n zone-1 = [\n {\n name = \"subnet-a\"\n cidr = \"10.10.10.0/24\"\n public_gateway = true\n acl_name = \"vpc-acl\"\n no_addr_prefix = false\n }\n ],\n zone-2 = [\n {\n name = \"subnet-b\"\n cidr = \"10.20.10.0/24\"\n public_gateway = false\n acl_name = \"vpc-acl\"\n no_addr_prefix = false\n }\n ],\n zone-3 = [\n {\n name = \"subnet-c\"\n cidr = \"10.30.10.0/24\"\n public_gateway = false\n acl_name = \"vpc-acl\"\n no_addr_prefix = false\n }\n ]\n }", + "description": "List of subnets for the vpc. For each item in each array, a subnet will be created. Items can be either CIDR blocks or total ipv4 addressess. Public gateways will be enabled only in zones where a gateway has been created. [Learn more](https://github.com/terraform-ibm-modules/terraform-ibm-landing-zone-vpc/blob/main/solutions/fully-configurable/DA-types.md#subnets-).", + "required": false, + "virtual": true + }, + { + "key": "provider_visibility", + "options": [ + { + "displayname": "private", + "value": "private" + }, + { + "displayname": "public", + "value": "public" + }, + { + "displayname": "public-and-private", + "value": "public-and-private" + } + ], + "hidden": true + } + ], + "dependencies": [ + { + "name": "deploy-arch-ibm-vpc", + "description": "Configure the VPC instance and subnets where the OpenShift cluster will be deployed. ", + "id": "2af61763-f8ef-4527-a815-b92166f29bc8-global", + "version": "v7.24.0", + "flavors": [ + "fully-configurable" + ], + "catalog_id": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3", + "optional": true, + "on_by_default": true, + "input_mapping": [ + { + "dependency_input": "prefix", + "version_input": "prefix", + "reference_version": true + }, + { + "dependency_input": "existing_resource_group_name", + "version_input": "existing_resource_group_name", + "reference_version": true + }, + { + "dependency_input": "region", + "version_input": "region", + "reference_version": true + }, + { + "dependency_output": "vpc_crn", + "version_input": "existing_vpc_crn" + }, + { + "dependency_input": "subnets", + "version_input": "subnets", + "reference_version": true + } + ] + }, + { + "name": "deploy-arch-ibm-account-infra-base", + "description": "Cloud automation for Account Configuration organizes your IBM Cloud account with a ready-made set of resource groups by default and, when you enable the \"with Account Settings\" option, it also applies baseline security and governance settings. ", + "catalog_id": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3", + "flavors": [ + "resource-group-only", + "resource-groups-with-account-settings" + ], + "default_flavor": "resource-group-only", + "id": "63641cec-6093-4b4f-b7b0-98d2f4185cd6-global", + "input_mapping": [ + { + "dependency_output": "workload_resource_group_name", + "version_input": "existing_resource_group_name" + }, + { + "dependency_input": "prefix", + "version_input": "prefix", + "reference_version": true + } + ], + "optional": true, + "on_by_default": false, + "version": "v3.0.7" + }, + { + "name": "deploy-arch-ibm-kms", + "description": "Enable Cloud Automation for Key Protect when you want services to use your own managed encryption keys. If disabled, it will fall back on IBM Cloud's default service-managed encryption. ", + "id": "2cad4789-fa90-4886-9c9e-857081c273ee-global", + "version": "v5.1.4", + "flavors": [ + "fully-configurable" + ], + "catalog_id": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3", + "optional": true, + "on_by_default": true, + "input_mapping": [ + { + "version_input": "kms_encryption_enabled_cluster", + "value": true + }, + { + "dependency_output": "kms_instance_crn", + "version_input": "existing_kms_instance_crn" + }, + { + "dependency_input": "existing_resource_group_name", + "version_input": "existing_resource_group_name", + "reference_version": true + }, + { + "dependency_input": "prefix", + "version_input": "prefix", + "reference_version": true + } + ] + }, + { + "name": "deploy-arch-ibm-cos", + "description": "Set up a Cloud Object Storage (COS) instance, where an object storage bucket will be created and used as the internal registry storage for OpenShift cluster. ", + "id": "68921490-2778-4930-ac6d-bae7be6cd958-global", + "version": "v9.0.2", + "flavors": [ + "instance" + ], + "catalog_id": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3", + "optional": true, + "on_by_default": true, + "input_mapping": [ + { + "dependency_output": "cos_instance_crn", + "version_input": "existing_cos_instance_crn" + }, + { + "dependency_input": "prefix", + "version_input": "prefix", + "reference_version": true + }, + { + "dependency_input": "existing_resource_group_name", + "version_input": "existing_resource_group_name", + "reference_version": true + } + ] + }, + { + "name": "deploy-arch-ibm-observability", + "description": "Configure IBM Cloud Logs, Cloud Monitoring and Activity Tracker event routing for analysing logs and metrics generated by the OpenShift cluster. ", + "id": "a3137d28-79e0-479d-8a24-758ebd5a0eab-global", + "version": "v3.0.3", + "flavors": [ + "instances" + ], + "catalog_id": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3", + "optional": true, + "on_by_default": true, + "input_mapping": [ + { + "dependency_input": "prefix", + "version_input": "prefix", + "reference_version": true + }, + { + "dependency_input": "enable_platform_metrics", + "version_input": "enable_platform_metrics", + "reference_version": true + }, + { + "dependency_input": "logs_routing_tenant_regions", + "version_input": "logs_routing_tenant_regions", + "reference_version": true + } + ] + }, + { + "name": "deploy-arch-ibm-secrets-manager", + "description": "Configure Secrets Manager instance for centrally managing Ingress subdomain certificates and other secrets. ", + "id": "6d6ebc76-7bbd-42f5-8bc7-78f4fabd5944-global", + "version": "v2.4.0", + "flavors": [ + "fully-configurable" + ], + "catalog_id": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3", + "optional": true, + "on_by_default": true, + "input_mapping": [ + { + "dependency_input": "prefix", + "version_input": "prefix", + "reference_version": true + }, + { + "dependency_input": "service_plan", + "version_input": "secrets_manager_service_plan", + "reference_version": true + }, + { + "dependency_input": "secrets_manager_endpoint_type", + "version_input": "secrets_manager_endpoint_type", + "reference_version": true + }, + { + "dependency_input": "existing_resource_group_name", + "version_input": "existing_resource_group_name", + "reference_version": true + }, + { + "dependency_output": "secrets_manager_crn", + "version_input": "existing_secrets_manager_instance_crn" + }, + { + "version_input": "enable_secrets_manager_integration", + "value": true + } + ] + } + ], + "dependency_version_2": true, + "terraform_version": "1.10.5" + } + ] } ] } From 479dab3bdbe3ffe036c6b1d4f68e86b4fade0100 Mon Sep 17 00:00:00 2001 From: Aditya-ranjan-16 Date: Mon, 21 Jul 2025 01:03:28 +0530 Subject: [PATCH 02/40] fix --- .catalog-onboard-pipeline.yaml | 15 - ibm_catalog.json | 962 +-------------------------------- 2 files changed, 2 insertions(+), 975 deletions(-) diff --git a/.catalog-onboard-pipeline.yaml b/.catalog-onboard-pipeline.yaml index abf5c4b0..3b47c60d 100644 --- a/.catalog-onboard-pipeline.yaml +++ b/.catalog-onboard-pipeline.yaml @@ -1,21 +1,6 @@ --- apiVersion: v1 offerings: - - name: deploy-arch-ibm-ocp-vpc - kind: solution - catalog_id: f64499c8-eb50-4985-bf91-29f9e605a433 - offering_id: 1728a4fd-f561-4cf9-82ef-2b1eeb5da1a8 - variations: - - name: fully-configurable - mark_ready: true - install_type: fullstack - pre_validation: "tests/scripts/pre-validation-deploy-cos-instance-and-vpc.sh" - post_validation: "tests/scripts/post-validation-destroy-cos-instance-and-vpc.sh" - scc: - instance_id: 1c7d5f78-9262-44c3-b779-b28fe4d88c37 - region: us-south - scope_resource_group_var_name: existing_resource_group_name - - name: deploy-arch-ibm-slz-ocp kind: solution catalog_id: 7df1e4ca-d54c-4fd0-82ce-3d13247308cd diff --git a/ibm_catalog.json b/ibm_catalog.json index b6547735..077363f6 100644 --- a/ibm_catalog.json +++ b/ibm_catalog.json @@ -1,964 +1,5 @@ { "products": [ - { - "name": "deploy-arch-ibm-ocp-vpc", - "label": "Cloud automation for Red Hat OpenShift Container Platform on VPC", - "product_kind": "solution", - "tags": [ - "ibm_created", - "target_terraform", - "terraform", - "solution", - "containers", - "converged_infra" - ], - "keywords": [ - "terraform", - "ocp", - "cluster", - "red_hat_openshift" - ], - "short_description": "Automates the deployment of Red Hat OpenShift container platform on IBM Cloud with optional integration of security and logging services.", - "long_description": "The Cloud automation for Red Hat OpenShift Container Platform on VPC enables a scalable and flexible cloud environment for containerized applications with seamless integration to other security and observability services. This architecture can be deployed independently while also serving as a foundational deployable architecture for other architectures like [Cloud automation for Red Hat OpenShift AI](https://cloud.ibm.com/catalog/7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3/architecture/deploy-arch-ibm-ocp-ai-ba708aed-bb8a-4ac0-83a7-53a066701db5-global) to deploy mission critical applications and AI-driven initiatives to market quickly and securely with a managed OpenShift service.\n\nℹ️ This Terraform-based automation is part of a broader suite of IBM-maintained Infrastructure as Code (IaC) assets, each following the naming pattern \"Cloud automation for *servicename*\" and focusing on single IBM Cloud service. These single-service deployable architectures can be used on their own to streamline and automate service deployments through an [IaC approach](https://cloud.ibm.com/docs/secure-enterprise?topic=secure-enterprise-understanding-projects), or assembled together into a broader [automated IaC stack](https://cloud.ibm.com/docs/secure-enterprise?topic=secure-enterprise-config-stack) to automate the deployment of an end-to-end solution architecture.", - "offering_docs_url": "https://github.com/terraform-ibm-modules/terraform-ibm-base-ocp-vpc/blob/main/README.md", - "offering_icon_url": "https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-base-ocp-vpc/main/images/ocp_icon.svg", - "provider_name": "IBM", - "features": [ - { - "title": "Red Hat OpenShift Cluster", - "description": "Creates a [Red Hat OpenShift Cluster](https://cloud.ibm.com/docs/openshift) on IBM Cloud that helps businesses manage their containerized applications at scale with added enterprise features such as security, scalability, and automation." - }, - { - "title": "Worker pools", - "description": "Configures worker pools in cluster through which you can group and manage [worker nodes](https://cloud.ibm.com/docs/openshift?topic=openshift-add-workers-vpc) of similar configurations, such as compute resources and availability zones." - }, - { - "title": "Access Endpoints", - "description": "Offers support for [private and public endpoints](https://cloud.ibm.com/docs/openshift?topic=openshift-access_cluster) to connect to the cluster. If the cluster is accessed only by applications running on IBM Cloud, the private endpoint can be enabled for enhanced security." - }, - { - "title": "Ingress Controller", - "description": "Sets up the [ingress controller](https://cloud.ibm.com/docs/openshift?topic=openshift-ingress-configure) for the cluster, responsible for routing external traffic to the appropriate services within the cluster." - }, - { - "title": "Object Storage", - "description": "Creates and configures an [Object Storage bucket](https://cloud.ibm.com/docs/openshift?topic=openshift-storage-cos-understand) which acts as OpenShift internal registry storage. You can provide an existing COS Instance or use the [Cloud automation for Object Storage](https://cloud.ibm.com/catalog/7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3/architecture/deploy-arch-ibm-cos-68921490-2778-4930-ac6d-bae7be6cd958-global) for creating a new instance." - }, - { - "title": "KMS Encryption", - "description": "Optionally you can enable key management services(KMS) [encryption](https://cloud.ibm.com/docs/openshift?topic=openshift-encryption-secrets) of the Kubernetes Secrets and Object Storage bucket using either a newly created key or an existing one." - }, - { - "title": "Secrets Manager", - "description": "Optional integration with [Cloud automation for Secrets Manager](https://cloud.ibm.com/catalog/7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3/architecture/deploy-arch-ibm-secrets-manager-6d6ebc76-7bbd-42f5-8bc7-78f4fabd5944-global) for centrally managing Ingress subdomain certificates." - }, - { - "title": "Observability", - "description": "This solution can leverage [Cloud automation for Observability](https://cloud.ibm.com/catalog/7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3/architecture/deploy-arch-ibm-observability-a3137d28-79e0-479d-8a24-758ebd5a0eab-global) that supports configuring resources for logging, monitoring and activity tracker event routing (optional)." - } - ], - "support_details": "This product is in the community registry, as such support is handled through the originated repo. If you experience issues, please open an issue in the repository [here](https://github.com/terraform-ibm-modules/terraform-ibm-base-ocp-vpc/issues). Please note this product is not supported via the IBM Cloud Support Center.", - "flavors": [ - { - "label": "Fully configurable", - "name": "fully-configurable", - "index": 1, - "install_type": "fullstack", - "working_directory": "solutions/fully-configurable", - "compliance": { - "authority": "scc-v3", - "profiles": [ - { - "profile_name": "IBM Cloud Framework for Financial Services", - "profile_version": "1.7.0" - } - ] - }, - "iam_permissions": [ - { - "service_name": "containers-kubernetes", - "role_crns": [ - "crn:v1:bluemix:public:iam::::serviceRole:Manager", - "crn:v1:bluemix:public:iam::::role:Editor" - ], - "notes": "Required to create and edit OpenShift cluster and the related resources." - }, - { - "service_name": "iam-identity", - "role_crns": [ - "crn:v1:bluemix:public:iam::::role:Administrator", - "crn:v1:bluemix:public:iam-identity::::serviceRole:UserApiKeyCreator" - ], - "notes": "Required to create the containers-kubernetes-key needed by the OpenShift cluster on IBM Cloud." - }, - { - "service_name": "is.vpc", - "role_crns": [ - "crn:v1:bluemix:public:iam::::role:Administrator" - ], - "notes": "Required for creating Virtual Private Cloud(VPC)." - }, - { - "service_name": "cloud-object-storage", - "role_crns": [ - "crn:v1:bluemix:public:iam::::serviceRole:Manager", - "crn:v1:bluemix:public:iam::::role:Editor" - ], - "notes": "Required to create Cloud Object Storage (COS) Instance." - }, - { - "service_name": "hs-crypto", - "role_crns": [ - "crn:v1:bluemix:public:iam::::serviceRole:Manager", - "crn:v1:bluemix:public:iam::::role:Editor" - ], - "notes": "[Optional] Required if KMS encryption is enabled and IBM Hyper Protect Crypto Services is used to encrypt the Kubernetes Secrets and Object Storage bucket." - }, - { - "service_name": "kms", - "role_crns": [ - "crn:v1:bluemix:public:iam::::serviceRole:Manager", - "crn:v1:bluemix:public:iam::::role:Editor" - ], - "notes": "[Optional] Required if KMS encryption is enabled and Key protect is used for encryption of Kubernetes Secrets and Object Storage bucket." - }, - { - "service_name": "sysdig-monitor", - "role_crns": [ - "crn:v1:bluemix:public:iam::::serviceRole:Manager", - "crn:v1:bluemix:public:iam::::role:Editor" - ], - "notes": "[Optional] Required if you are consuming Observability deployable architecture which sets up Cloud monitoring." - }, - { - "service_name": "logs", - "role_crns": [ - "crn:v1:bluemix:public:iam::::serviceRole:Manager", - "crn:v1:bluemix:public:iam::::role:Editor" - ], - "notes": "[Optional] Required if you are consuming Observability deployable architecture which sets up Cloud logs." - }, - { - "service_name": "logs-router", - "role_crns": [ - "crn:v1:bluemix:public:iam::::serviceRole:Manager" - ], - "notes": "[Optional] Required if you are consuming Observability deployable architecture which sets up Logs Routing." - }, - { - "service_name": "atracker", - "role_crns": [ - "crn:v1:bluemix:public:iam::::serviceRole:Writer", - "crn:v1:bluemix:public:iam::::role:Editor" - ], - "notes": "[Optional] Required if you are consuming Observability deployable architecture which sets up Activity Tracker Event Routing." - }, - { - "service_name": "secrets-manager", - "role_crns": [ - "crn:v1:bluemix:public:iam::::role:Administrator", - "crn:v1:bluemix:public:iam::::serviceRole:Manager" - ], - "notes": "[Optional] Required for creating an Secrets Manager instance. 'Manager' access required to create new secret groups." - } - ], - "architecture": { - "features": [ - { - "title": " ", - "description": "Configured to use IBM secure by default standards, but can be edited to fit your use case." - } - ], - "diagrams": [ - { - "diagram": { - "caption": "Red Hat OpenShift cluster topology", - "url": "https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-base-ocp-vpc/refs/heads/main/reference-architecture/deployable-architecture-ocp-cluster.svg", - "type": "image/svg+xml" - }, - "description": "This architecture supports creation of Red Hat OpenShift cluster within a Virtual Private Cloud (VPC).

You can create a fully-configured VPC by selecting the [Cloud automation for VPC](https://cloud.ibm.com/catalog/7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3/architecture/deploy-arch-ibm-vpc-2af61763-f8ef-4527-a815-b92166f29bc8-global) dependency or you can use an existing VPC if any. The VPC can be provisioned either in a single-zone or multi-zone configuration, depending on your availability requirements. By default, the VPC addon provisions a three-zone VPC, forming the foundation for your OpenShift cluster. This cluster includes a single worker pool distributed across all three zones, with two worker nodes per zone. If you need additional worker pools, you can easily configure them using the additional_worker_pools variable.

A Cloud Object Storage (COS) instance is required for this topology. Within this instance, an Object Storage bucket will be created, which serves as the internal registry storage for the OpenShift cluster. The [Cloud automation for Object Storage](https://cloud.ibm.com/catalog/7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3/architecture/deploy-arch-ibm-cos-68921490-2778-4930-ac6d-bae7be6cd958-global) architecture supports the creation of COS instance. Additionally, the storage bucket can be encrypted using Key Management Services(KMS) to enhance security.

For logging and monitoring needs, you can enable Observability for your cluster. [Cloud automation for Observability](https://cloud.ibm.com/catalog/7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3/architecture/deploy-arch-ibm-observability-a3137d28-79e0-479d-8a24-758ebd5a0eab-global) provides advanced monitoring, logging, and operational insights into the performance and health of your deployment.

Secrets Manager Integration can also be enabled using [Cloud automation for Secrets Manager](https://cloud.ibm.com/catalog/7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3/architecture/dep[…]bm-secrets-manager-6d6ebc76-7bbd-42f5-8bc7-78f4fabd5944-global) for centrally managing Ingress subdomain certificates, ensuring secure management of sensitive credentials.

This architecture provides a robust and secure foundation for deploying and managing your Red Hat OpenShift cluster, enabling seamless integration, enhanced security, and comprehensive monitoring for your cloud-native applications." - } - ] - }, - "configuration": [ - { - "key": "ibmcloud_api_key" - }, - { - "key": "prefix", - "required": true - }, - { - "key": "cluster_name", - "required": true - }, - { - "key": "ocp_version", - "display_name": "openshift_version", - "required": true, - "options": [ - { - "displayname": "4.18", - "value": "4.18" - }, - { - "displayname": "4.17", - "value": "4.17" - }, - { - "displayname": "4.16", - "value": "4.16" - }, - { - "displayname": "4.15", - "value": "4.15" - }, - { - "displayname": "4.14", - "value": "4.14" - } - ] - }, - { - "key": "default_worker_pool_machine_type", - "required": true, - "options": [ - { - "displayname": "bx2.16x64", - "value": "bx2.16x64" - }, - { - "displayname": "bx2.32x128", - "value": "bx2.32x128" - }, - { - "displayname": "bx2.48x192", - "value": "bx2.48x192" - }, - { - "displayname": "bx2.8x32", - "value": "bx2.8x32" - }, - { - "displayname": "bx3d.128x640", - "value": "bx3d.128x640" - }, - { - "displayname": "bx3d.16x80", - "value": "bx3d.16x80" - }, - { - "displayname": "bx3d.24x120", - "value": "bx3d.24x120" - }, - { - "displayname": "bx3d.32x160", - "value": "bx3d.32x160" - }, - { - "displayname": "bx3d.48x240", - "value": "bx3d.48x240" - }, - { - "displayname": "bx3d.64x320", - "value": "bx3d.64x320" - }, - { - "displayname": "bx3d.8x40", - "value": "bx3d.8x40" - }, - { - "displayname": "bx3d.96x480", - "value": "bx3d.96x480" - }, - { - "displayname": "cx2.16x32", - "value": "cx2.16x32" - }, - { - "displayname": "cx2.32x64", - "value": "cx2.32x64" - }, - { - "displayname": "cx2.48x96", - "value": "cx2.48x96" - }, - { - "displayname": "cx3d.128x320", - "value": "cx3d.128x320" - }, - { - "displayname": "cx3d.16x40", - "value": "cx3d.16x40" - }, - { - "displayname": "cx3d.24x60", - "value": "cx3d.24x60" - }, - { - "displayname": "cx3d.32x80", - "value": "cx3d.32x80" - }, - { - "displayname": "cx3d.48x120", - "value": "cx3d.48x120" - }, - { - "displayname": "cx3d.64x160", - "value": "cx3d.64x160" - }, - { - "displayname": "cx3d.96x240", - "value": "cx3d.96x240" - }, - { - "displayname": "mx2.128x1024", - "value": "mx2.128x1024" - }, - { - "displayname": "mx2.16x128", - "value": "mx2.16x128" - }, - { - "displayname": "mx2.32x256", - "value": "mx2.32x256" - }, - { - "displayname": "mx2.48x384", - "value": "mx2.48x384" - }, - { - "displayname": "mx2.64x512", - "value": "mx2.64x512" - }, - { - "displayname": "mx2.8x64", - "value": "mx2.8x64" - }, - { - "displayname": "mx3d.128x1280", - "value": "mx3d.128x1280" - }, - { - "displayname": "mx3d.24x240", - "value": "mx3d.24x240" - }, - { - "displayname": "mx3d.32x320", - "value": "mx3d.32x320" - }, - { - "displayname": "mx3d.48x480", - "value": "mx3d.48x480" - }, - { - "displayname": "mx3d.64x640", - "value": "mx3d.64x640" - }, - { - "displayname": "mx3d.96x960", - "value": "mx3d.96x960" - }, - { - "displayname": "bx2d.metal.96x384 (Only available in Toronto (ca-tor))", - "value": "bx2d.metal.96x384" - }, - { - "displayname": "cx2d.metal.96x192 (Only available in Toronto (ca-tor)) ", - "value": "cx2d.metal.96x192" - }, - { - "displayname": "mx2d.metal.96x768 (Only available in Toronto (ca-tor))) ", - "value": "mx2d.metal.96x768" - }, - { - "displayname": "mx2.16x128.2000gb (Not available in Sao Paulo (br-sao), Montreal (ca-mon), Madrid (eu-es), Osaka (jp-osa))", - "value": "mx2.16x128.2000gb" - }, - { - "displayname": "ox2.128x1024 (Not available in Sao Paulo (br-sao), Montreal (ca-mon))", - "value": "ox2.128x1024" - }, - { - "displayname": "ox2.16x128 (Not available in Sao Paulo (br-sao), Montreal (ca-mon))", - "value": "ox2.16x128" - }, - { - "displayname": "ox2.32x256 (Not available in Sao Paulo (br-sao), Montreal (ca-mon))", - "value": "ox2.32x256" - }, - { - "displayname": "ox2.64x512 (Not available in Sao Paulo (br-sao), Montreal (ca-mon))", - "value": "ox2.64x512" - }, - { - "displayname": "ox2.8x64 (Not available in Sao Paulo (br-sao), Montreal (ca-mon))", - "value": "ox2.8x64" - }, - { - "displayname": "ox2.96x768 (Not available in Sao Paulo (br-sao), Montreal (ca-mon))", - "value": "ox2.96x768" - } - ] - }, - { - "key": "default_worker_pool_workers_per_zone", - "required": true - }, - { - "key": "default_worker_pool_operating_system", - "required": true, - "options": [ - { - "displayname": "RHEL 9", - "value": "RHEL_9_64" - }, - { - "displayname": "Red Hat CoreOS", - "value": "RHCOS" - }, - { - "displayname": "RHEL 8", - "value": "REDHAT_8_64" - } - ] - }, - { - "key": "existing_vpc_crn", - "required": true - }, - { - "key": "region", - "required": true, - "type": "string", - "custom_config": { - "config_constraints": { - "generationType": "2" - }, - "grouping": "deployment", - "original_grouping": "deployment", - "type": "vpc_region" - }, - "description": "Region in which all the resources will be deployed. [Learn More](https://terraform-ibm-modules.github.io/documentation/#/region).", - "virtual": true, - "default_value": "us-south" - }, - { - "key": "existing_cos_instance_crn", - "required": true - }, - { - "key": "enable_platform_metrics", - "type": "string", - "default_value": "true", - "description": "When set to `true`, the IBM Cloud Monitoring instance will be configured to collect platform metrics from the provided region. ⚠️ You can configure 1 instance only of the IBM Cloud Monitoring service per region to collect platform metrics in that location. Check with the account or service administrator if another monitoring instance has already been configured. You may not have permissions to see all monitoring instances in the region. [Learn more](https://cloud.ibm.com/docs/monitoring?topic=monitoring-platform_metrics_enabling).", - "required": true, - "virtual": true, - "options": [ - { - "displayname": "true", - "value": "true" - }, - { - "displayname": "false", - "value": "false" - } - ] - }, - { - "key": "logs_routing_tenant_regions", - "type": "list(string)", - "default_value": "[]", - "description": "To manage platform logs that are generated by IBM Cloud services in a region of IBM Cloud, you must create a tenant in each region that you operate. Pass a list of regions to create a tenant in. For example: [\"us-south\", \"us-east\"]. [Learn more](https://cloud.ibm.com/docs/logs-router?topic=logs-router-about-platform-logs).", - "required": true, - "virtual": true, - "custom_config": { - "grouping": "deployment", - "original_grouping": "deployment", - "config_constraints": { - "type": "string" - } - } - }, - { - "key": "existing_resource_group_name", - "display_name": "resource_group", - "custom_config": { - "type": "resource_group", - "grouping": "deployment", - "original_grouping": "deployment", - "config_constraints": { - "identifier": "rg_name" - } - } - }, - { - "key": "cluster_resource_tags", - "custom_config": { - "type": "array", - "grouping": "deployment", - "original_grouping": "deployment", - "config_constraints": { - "type": "string" - } - } - }, - { - "key": "access_tags", - "custom_config": { - "type": "array", - "grouping": "deployment", - "original_grouping": "deployment", - "config_constraints": { - "type": "string" - } - } - }, - { - "key": "ocp_entitlement" - }, - { - "key": "cluster_ready_when", - "options": [ - { - "displayname": "Normal", - "value": "Normal" - }, - { - "displayname": "IngressReady", - "value": "IngressReady" - }, - { - "displayname": "OneWorkerNodeReady", - "value": "OneWorkerNodeReady" - }, - { - "displayname": "MasterNodeReady", - "value": "MasterNodeReady" - } - ] - }, - { - "key": "enable_ocp_console" - }, - { - "key": "addons" - }, - { - "key": "manage_all_addons" - }, - { - "key": "additional_worker_pools", - "type": "array", - "custom_config": { - "type": "textarea", - "grouping": "deployment", - "original_grouping": "deployment" - } - }, - { - "key": "worker_pools_taints", - "type": "array", - "custom_config": { - "type": "textarea", - "grouping": "deployment", - "original_grouping": "deployment" - } - }, - { - "key": "ignore_worker_pool_size_changes" - }, - { - "key": "allow_default_worker_pool_replacement" - }, - { - "key": "default_worker_pool_labels" - }, - { - "key": "enable_autoscaling_for_default_pool" - }, - { - "key": "default_pool_minimum_number_of_nodes" - }, - { - "key": "default_pool_maximum_number_of_nodes" - }, - { - "key": "additional_security_group_ids" - }, - { - "key": "existing_subnet_ids" - }, - { - "key": "use_private_endpoint" - }, - { - "key": "disable_public_endpoint" - }, - { - "key": "cluster_config_endpoint_type", - "options": [ - { - "displayname": "default", - "value": "default" - }, - { - "displayname": "private", - "value": "private" - }, - { - "displayname": "vpe", - "value": "vpe" - }, - { - "displayname": "link", - "value": "link" - } - ] - }, - { - "key": "disable_outbound_traffic_protection" - }, - { - "key": "verify_worker_network_readiness" - }, - { - "key": "pod_subnet_cidr" - }, - { - "key": "service_subnet_cidr" - }, - { - "key": "custom_security_group_ids" - }, - { - "key": "attach_ibm_managed_security_group" - }, - { - "key": "additional_lb_security_group_ids" - }, - { - "key": "number_of_lbs" - }, - { - "key": "additional_vpe_security_group_ids" - }, - { - "key": "ibmcloud_kms_api_key" - }, - { - "key": "kms_encryption_enabled_cluster" - }, - { - "key": "existing_kms_instance_crn" - }, - { - "key": "existing_cluster_kms_key_crn" - }, - { - "key": "kms_endpoint_type", - "options": [ - { - "displayname": "Public", - "value": "public" - }, - { - "displayname": "Private", - "value": "private" - } - ], - "hidden": true - }, - { - "key": "cluster_kms_key_name" - }, - { - "key": "cluster_kms_key_ring_name" - }, - { - "key": "kms_encryption_enabled_boot_volume" - }, - { - "key": "existing_boot_volume_kms_key_crn" - }, - { - "key": "boot_volume_kms_key_name" - }, - { - "key": "boot_volume_kms_key_ring_name" - }, - { - "key": "cbr_rules", - "display_name": "openshift_cluster_cbr_rules", - "type": "array", - "custom_config": { - "type": "textarea", - "grouping": "deployment", - "original_grouping": "deployment" - } - }, - { - "key": "enable_secrets_manager_integration" - }, - { - "key": "existing_secrets_manager_instance_crn" - }, - { - "key": "secrets_manager_secret_group_id" - }, - { - "key": "secrets_manager_endpoint_type", - "hidden": true - }, - { - "key": "secrets_manager_service_plan", - "required": true, - "virtual": true, - "type": "string", - "options": [ - { - "displayname": "Standard", - "value": "standard" - }, - { - "displayname": "Trial", - "value": "trial" - } - ], - "default_value": "__NOT_SET__", - "description": "The pricing plan to use when provisioning a Secrets Manager instance. Possible values: `standard`, `trial`. You can create only one Trial instance of Secrets Manager per account. Before you can create a new Trial instance, you must delete the existing Trial instance and its reclamation. [Learn more](https://cloud.ibm.com/docs/secrets-manager?topic=secrets-manager-create-instance&interface=ui#upgrade-instance-standard)." - }, - { - "key": "skip_ocp_secrets_manager_iam_auth_policy" - }, - { - "key": "subnets", - "type": "object", - "default_value": "{\n zone-1 = [\n {\n name = \"subnet-a\"\n cidr = \"10.10.10.0/24\"\n public_gateway = true\n acl_name = \"vpc-acl\"\n no_addr_prefix = false\n }\n ],\n zone-2 = [\n {\n name = \"subnet-b\"\n cidr = \"10.20.10.0/24\"\n public_gateway = false\n acl_name = \"vpc-acl\"\n no_addr_prefix = false\n }\n ],\n zone-3 = [\n {\n name = \"subnet-c\"\n cidr = \"10.30.10.0/24\"\n public_gateway = false\n acl_name = \"vpc-acl\"\n no_addr_prefix = false\n }\n ]\n }", - "description": "List of subnets for the vpc. For each item in each array, a subnet will be created. Items can be either CIDR blocks or total ipv4 addressess. Public gateways will be enabled only in zones where a gateway has been created. [Learn more](https://github.com/terraform-ibm-modules/terraform-ibm-landing-zone-vpc/blob/main/solutions/fully-configurable/DA-types.md#subnets-).", - "required": false, - "virtual": true - }, - { - "key": "provider_visibility", - "options": [ - { - "displayname": "private", - "value": "private" - }, - { - "displayname": "public", - "value": "public" - }, - { - "displayname": "public-and-private", - "value": "public-and-private" - } - ], - "hidden": true - } - ], - "dependencies": [ - { - "name": "deploy-arch-ibm-vpc", - "description": "Configure the VPC instance and subnets where the OpenShift cluster will be deployed. ", - "id": "2af61763-f8ef-4527-a815-b92166f29bc8-global", - "version": "v7.24.0", - "flavors": [ - "fully-configurable" - ], - "catalog_id": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3", - "optional": true, - "on_by_default": true, - "input_mapping": [ - { - "dependency_input": "prefix", - "version_input": "prefix", - "reference_version": true - }, - { - "dependency_input": "existing_resource_group_name", - "version_input": "existing_resource_group_name", - "reference_version": true - }, - { - "dependency_input": "region", - "version_input": "region", - "reference_version": true - }, - { - "dependency_output": "vpc_crn", - "version_input": "existing_vpc_crn" - }, - { - "dependency_input": "subnets", - "version_input": "subnets", - "reference_version": true - } - ] - }, - { - "name": "deploy-arch-ibm-account-infra-base", - "description": "Cloud automation for Account Configuration organizes your IBM Cloud account with a ready-made set of resource groups by default and, when you enable the \"with Account Settings\" option, it also applies baseline security and governance settings. ", - "catalog_id": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3", - "flavors": [ - "resource-group-only", - "resource-groups-with-account-settings" - ], - "default_flavor": "resource-group-only", - "id": "63641cec-6093-4b4f-b7b0-98d2f4185cd6-global", - "input_mapping": [ - { - "dependency_output": "workload_resource_group_name", - "version_input": "existing_resource_group_name" - }, - { - "dependency_input": "prefix", - "version_input": "prefix", - "reference_version": true - } - ], - "optional": true, - "on_by_default": false, - "version": "v3.0.7" - }, - { - "name": "deploy-arch-ibm-kms", - "description": "Enable Cloud Automation for Key Protect when you want services to use your own managed encryption keys. If disabled, it will fall back on IBM Cloud's default service-managed encryption. ", - "id": "2cad4789-fa90-4886-9c9e-857081c273ee-global", - "version": "v5.1.4", - "flavors": [ - "fully-configurable" - ], - "catalog_id": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3", - "optional": true, - "on_by_default": true, - "input_mapping": [ - { - "version_input": "kms_encryption_enabled_cluster", - "value": true - }, - { - "dependency_output": "kms_instance_crn", - "version_input": "existing_kms_instance_crn" - }, - { - "dependency_input": "existing_resource_group_name", - "version_input": "existing_resource_group_name", - "reference_version": true - }, - { - "dependency_input": "prefix", - "version_input": "prefix", - "reference_version": true - } - ] - }, - { - "name": "deploy-arch-ibm-cos", - "description": "Set up a Cloud Object Storage (COS) instance, where an object storage bucket will be created and used as the internal registry storage for OpenShift cluster. ", - "id": "68921490-2778-4930-ac6d-bae7be6cd958-global", - "version": "v9.0.2", - "flavors": [ - "instance" - ], - "catalog_id": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3", - "optional": true, - "on_by_default": true, - "input_mapping": [ - { - "dependency_output": "cos_instance_crn", - "version_input": "existing_cos_instance_crn" - }, - { - "dependency_input": "prefix", - "version_input": "prefix", - "reference_version": true - }, - { - "dependency_input": "existing_resource_group_name", - "version_input": "existing_resource_group_name", - "reference_version": true - } - ] - }, - { - "name": "deploy-arch-ibm-observability", - "description": "Configure IBM Cloud Logs, Cloud Monitoring and Activity Tracker event routing for analysing logs and metrics generated by the OpenShift cluster. ", - "id": "a3137d28-79e0-479d-8a24-758ebd5a0eab-global", - "version": "v3.0.3", - "flavors": [ - "instances" - ], - "catalog_id": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3", - "optional": true, - "on_by_default": true, - "input_mapping": [ - { - "dependency_input": "prefix", - "version_input": "prefix", - "reference_version": true - }, - { - "dependency_input": "enable_platform_metrics", - "version_input": "enable_platform_metrics", - "reference_version": true - }, - { - "dependency_input": "logs_routing_tenant_regions", - "version_input": "logs_routing_tenant_regions", - "reference_version": true - } - ] - }, - { - "name": "deploy-arch-ibm-secrets-manager", - "description": "Configure Secrets Manager instance for centrally managing Ingress subdomain certificates and other secrets. ", - "id": "6d6ebc76-7bbd-42f5-8bc7-78f4fabd5944-global", - "version": "v2.4.0", - "flavors": [ - "fully-configurable" - ], - "catalog_id": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3", - "optional": true, - "on_by_default": true, - "input_mapping": [ - { - "dependency_input": "prefix", - "version_input": "prefix", - "reference_version": true - }, - { - "dependency_input": "service_plan", - "version_input": "secrets_manager_service_plan", - "reference_version": true - }, - { - "dependency_input": "secrets_manager_endpoint_type", - "version_input": "secrets_manager_endpoint_type", - "reference_version": true - }, - { - "dependency_input": "existing_resource_group_name", - "version_input": "existing_resource_group_name", - "reference_version": true - }, - { - "dependency_output": "secrets_manager_crn", - "version_input": "existing_secrets_manager_instance_crn" - }, - { - "version_input": "enable_secrets_manager_integration", - "value": true - } - ] - } - ], - "dependency_version_2": true, - "terraform_version": "1.10.5" - } - ] - }, { "name": "deploy-arch-ibm-slz-ocp", "label": "Red Hat OpenShift Container Platform on VPC landing zone", @@ -1008,6 +49,7 @@ "title": "Configures ingress" } ], + "support_details": "This product is in the community registry, as such support is handled through the originated repo. If you experience issues, please open an issue in the repository [here](https://github.com/terraform-ibm-modules/terraform-ibm-base-ocp-vpc/issues). Please note this product is not supported via the IBM Cloud Support Center.", "flavors": [ { "label": "Fully configurable", @@ -1144,7 +186,7 @@ }, { "key": "ocp_version", - "display_name":"openshift_version", + "display_name": "openshift_version", "required": true, "options": [ { From fdb68bf1fdb28d6fde4c922771bd0845ee38ec7e Mon Sep 17 00:00:00 2001 From: Aditya-ranjan-16 Date: Mon, 21 Jul 2025 01:20:14 +0530 Subject: [PATCH 03/40] fix --- ibm_catalog.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ibm_catalog.json b/ibm_catalog.json index 077363f6..b24eba9c 100644 --- a/ibm_catalog.json +++ b/ibm_catalog.json @@ -52,7 +52,7 @@ "support_details": "This product is in the community registry, as such support is handled through the originated repo. If you experience issues, please open an issue in the repository [here](https://github.com/terraform-ibm-modules/terraform-ibm-base-ocp-vpc/issues). Please note this product is not supported via the IBM Cloud Support Center.", "flavors": [ { - "label": "Fully configurable", + "label": "[Experimental] Fully configurable", "name": "fully-configurable", "index": 1, "install_type": "fullstack", From cc8bc565b71033ca076e7505c9cf978c14b322b9 Mon Sep 17 00:00:00 2001 From: Aditya-ranjan-16 Date: Mon, 21 Jul 2025 11:03:34 +0530 Subject: [PATCH 04/40] fix --- ibm_catalog.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ibm_catalog.json b/ibm_catalog.json index b24eba9c..f7568087 100644 --- a/ibm_catalog.json +++ b/ibm_catalog.json @@ -29,7 +29,7 @@ "provider_name": "IBM", "features": [ { - "description": "Creates and configures one or more clusters to handle workloads. You can specify the version and cluster size.\n", + "description": "Creates and configures one or more [clusters](https://cloud.ibm.com/docs/openshift) to handle workloads. You can specify the version and cluster size.\n", "title": "Creates Open Shift Container Platform clusters for workloads" }, { From e21a6a743ddf75351b356ebf42fe1d21bc6fedb3 Mon Sep 17 00:00:00 2001 From: Aditya-ranjan-16 Date: Mon, 21 Jul 2025 13:08:55 +0530 Subject: [PATCH 05/40] fix: catalog --- ibm_catalog.json | 32 ++++++++++++++++++++++++-------- 1 file changed, 24 insertions(+), 8 deletions(-) diff --git a/ibm_catalog.json b/ibm_catalog.json index f7568087..14200ab3 100644 --- a/ibm_catalog.json +++ b/ibm_catalog.json @@ -29,11 +29,11 @@ "provider_name": "IBM", "features": [ { - "description": "Creates and configures one or more [clusters](https://cloud.ibm.com/docs/openshift) to handle workloads. You can specify the version and cluster size.\n", - "title": "Creates Open Shift Container Platform clusters for workloads" + "title": "Red Hat OpenShift Cluster", + "description": "Creates a [Red Hat OpenShift Cluster](https://cloud.ibm.com/docs/openshift) on IBM Cloud that helps businesses manage their containerized applications at scale with added enterprise features such as security, scalability, and automation." }, { - "description": "With worker pools, you can group and manage worker nodes with similar configurations, such as compute resources and availability zones.\n", + "description": "With worker pools, you can group and manage [worker nodes](https://cloud.ibm.com/docs/openshift?topic=openshift-add-workers-vpc) with similar configurations, such as compute resources and availability zones.\n", "title": "Creates worker pools" }, { @@ -41,12 +41,28 @@ "title": "Configures subnets for containers" }, { - "description": "Configures private and public endpoints for the cluster.\n", - "title": "Supports private and public endpoints" + "title": "Access Endpoints", + "description": "Offers support for [private and public endpoints](https://cloud.ibm.com/docs/openshift?topic=openshift-access_cluster) to connect to the cluster. If the cluster is accessed only by applications running on IBM Cloud, the private endpoint can be enabled for enhanced security." }, { - "description": "Configures the ingress controller for the cluster, responsible for routing external traffic to the appropriate services within the cluster.\n", - "title": "Configures ingress" + "title": "Ingress Controller", + "description": "Sets up the [ingress controller](https://cloud.ibm.com/docs/openshift?topic=openshift-ingress-configure) for the cluster, responsible for routing external traffic to the appropriate services within the cluster." + }, + { + "title": "Object Storage", + "description": "Creates and configures an [Object Storage bucket](https://cloud.ibm.com/docs/openshift?topic=openshift-storage-cos-understand) which acts as OpenShift internal registry storage. You can provide an existing COS Instance or use the [Cloud automation for Object Storage](https://cloud.ibm.com/catalog/7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3/architecture/deploy-arch-ibm-cos-68921490-2778-4930-ac6d-bae7be6cd958-global) for creating a new instance." + }, + { + "title": "KMS Encryption", + "description": "Optionally you can enable key management services(KMS) [encryption](https://cloud.ibm.com/docs/openshift?topic=openshift-encryption-secrets) of the Kubernetes Secrets and Object Storage bucket using either a newly created key or an existing one." + }, + { + "title": "Secrets Manager", + "description": "Optional integration with [Cloud automation for Secrets Manager](https://cloud.ibm.com/catalog/7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3/architecture/deploy-arch-ibm-secrets-manager-6d6ebc76-7bbd-42f5-8bc7-78f4fabd5944-global) for centrally managing Ingress subdomain certificates." + }, + { + "title": "Observability", + "description": "This solution can leverage [Cloud automation for Observability](https://cloud.ibm.com/catalog/7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3/architecture/deploy-arch-ibm-observability-a3137d28-79e0-479d-8a24-758ebd5a0eab-global) that supports configuring resources for logging, monitoring and activity tracker event routing (optional)." } ], "support_details": "This product is in the community registry, as such support is handled through the originated repo. If you experience issues, please open an issue in the repository [here](https://github.com/terraform-ibm-modules/terraform-ibm-base-ocp-vpc/issues). Please note this product is not supported via the IBM Cloud Support Center.", @@ -164,7 +180,7 @@ "diagrams": [ { "diagram": { - "caption": "Red Hat OpenShift cluster topology", + "caption": "Red Hat OpenShift cluster topology - Fully configurable", "url": "https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-base-ocp-vpc/refs/heads/main/reference-architecture/deployable-architecture-ocp-cluster.svg", "type": "image/svg+xml" }, From 70a72eb563c9a35af85a812dd55d4bd9183394ee Mon Sep 17 00:00:00 2001 From: Aditya-ranjan-16 Date: Thu, 24 Jul 2025 11:06:13 +0530 Subject: [PATCH 06/40] fix: catalog --- ibm_catalog.json | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/ibm_catalog.json b/ibm_catalog.json index d82597da..53897669 100644 --- a/ibm_catalog.json +++ b/ibm_catalog.json @@ -22,8 +22,8 @@ "Red Hat OpenShift Container Platform", "OCP" ], - "short_description": "Creates Red Hat OpenShift workload clusters on a secure VPC network", - "long_description": "The Red Hat OpenShift Container Platform on VPC landing zone provides the tools to deploy a Red Hat OpenShift Container Platform cluster in a single Virtual Private Cloud (VPC) network. The VPC is a multi-zoned, multi-subnet implementation that keeps your VPC secure and highly available.\n", + "short_description": "Creates Red Hat OpenShift workload clusters on IBM Cloud within a secure VPC network, with optional integration of security and logging services", + "long_description": "The Red Hat OpenShift Container Platform on VPC landing zone provides the tools to deploy a Red Hat OpenShift Container Platform cluster within a single Virtual Private Cloud (VPC) network, enabling a scalable and flexible cloud environment for containerized applications with seamless integration to security and observability services. The VPC is implemented as a multi-zone, multi-subnet architecture, ensuring that your environment remains secure and highly available.\n This architecture can be deployed independently or serve as a foundational building block for other solutions, such as [Cloud automation for Red Hat OpenShift AI](https://cloud.ibm.com/catalog/7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3/architecture/deploy-arch-ibm-ocp-ai-ba708aed-bb8a-4ac0-83a7-53a066701db5-global), enabling the rapid and secure deployment of mission-critical applications and AI-driven initiatives with a managed OpenShift service.", "offering_docs_url": "https://cloud.ibm.com/docs/secure-infrastructure-vpc?topic=secure-infrastructure-vpc-overview#overview-ocp", "offering_icon_url": "https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-landing-zone/main/.docs/images/deploy-arch-slz-ocp-lt.svg", "provider_name": "IBM", @@ -62,7 +62,7 @@ }, { "title": "Observability", - "description": "This solution can leverage [Cloud automation for Observability](https://cloud.ibm.com/catalog/7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3/architecture/deploy-arch-ibm-observability-a3137d28-79e0-479d-8a24-758ebd5a0eab-global) that supports configuring resources for logging, monitoring and activity tracker event routing (optional)." + "description": "This solution can leverage Observability that supports configuring resources for logging, monitoring and activity tracker event routing (optional)." } ], "support_details": "This product is in the community registry, as such support is handled through the originated repo. If you experience issues, please open an issue in the repository [here](https://github.com/terraform-ibm-modules/terraform-ibm-base-ocp-vpc/issues). Please note this product is not supported via the IBM Cloud Support Center.", @@ -70,7 +70,7 @@ { "label": "[Experimental] Fully configurable", "name": "fully-configurable", - "index": 1, + "index": 3, "install_type": "fullstack", "working_directory": "solutions/fully-configurable", "compliance": { @@ -184,7 +184,7 @@ "url": "https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-base-ocp-vpc/refs/heads/main/reference-architecture/deployable-architecture-ocp-cluster.svg", "type": "image/svg+xml" }, - "description": "This architecture supports creation of Red Hat OpenShift cluster within a Virtual Private Cloud (VPC).

You can create a fully-configured VPC by selecting the [Cloud automation for VPC](https://cloud.ibm.com/catalog/7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3/architecture/deploy-arch-ibm-vpc-2af61763-f8ef-4527-a815-b92166f29bc8-global) dependency or you can use an existing VPC if any. The VPC can be provisioned either in a single-zone or multi-zone configuration, depending on your availability requirements. By default, the VPC addon provisions a three-zone VPC, forming the foundation for your OpenShift cluster. This cluster includes a single worker pool distributed across all three zones, with two worker nodes per zone. If you need additional worker pools, you can easily configure them using the additional_worker_pools variable.

A Cloud Object Storage (COS) instance is required for this topology. Within this instance, an Object Storage bucket will be created, which serves as the internal registry storage for the OpenShift cluster. The [Cloud automation for Object Storage](https://cloud.ibm.com/catalog/7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3/architecture/deploy-arch-ibm-cos-68921490-2778-4930-ac6d-bae7be6cd958-global) architecture supports the creation of COS instance. Additionally, the storage bucket can be encrypted using Key Management Services(KMS) to enhance security.

For logging and monitoring needs, you can enable Observability for your cluster. [Cloud automation for Observability](https://cloud.ibm.com/catalog/7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3/architecture/deploy-arch-ibm-observability-a3137d28-79e0-479d-8a24-758ebd5a0eab-global) provides advanced monitoring, logging, and operational insights into the performance and health of your deployment.

Secrets Manager Integration can also be enabled using [Cloud automation for Secrets Manager](https://cloud.ibm.com/catalog/7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3/architecture/dep[…]bm-secrets-manager-6d6ebc76-7bbd-42f5-8bc7-78f4fabd5944-global) for centrally managing Ingress subdomain certificates, ensuring secure management of sensitive credentials.

This architecture provides a robust and secure foundation for deploying and managing your Red Hat OpenShift cluster, enabling seamless integration, enhanced security, and comprehensive monitoring for your cloud-native applications." + "description": "This architecture supports creation of Red Hat OpenShift cluster within a Virtual Private Cloud (VPC).

You can create a fully-configured VPC by selecting the [Cloud automation for VPC](https://cloud.ibm.com/catalog/7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3/architecture/deploy-arch-ibm-vpc-2af61763-f8ef-4527-a815-b92166f29bc8-global) dependency or you can use an existing VPC if any. The VPC can be provisioned either in a single-zone or multi-zone configuration, depending on your availability requirements. By default, the VPC addon provisions a three-zone VPC, forming the foundation for your OpenShift cluster. This cluster includes a single worker pool distributed across all three zones, with two worker nodes per zone. If you need additional worker pools, you can easily configure them using the additional_worker_pools variable.

A Cloud Object Storage (COS) instance is required for this topology. Within this instance, an Object Storage bucket will be created, which serves as the internal registry storage for the OpenShift cluster. The [Cloud automation for Object Storage](https://cloud.ibm.com/catalog/7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3/architecture/deploy-arch-ibm-cos-68921490-2778-4930-ac6d-bae7be6cd958-global) architecture supports the creation of COS instance. Additionally, the storage bucket can be encrypted using Key Management Services(KMS) to enhance security.

For logging and monitoring needs, you can enable Observability for your cluster, providing advanced monitoring, logging, and operational insights into the performance and health of your deployment.

Secrets Manager Integration can also be enabled using [Cloud automation for Secrets Manager](https://cloud.ibm.com/catalog/7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3/architecture/dep[…]bm-secrets-manager-6d6ebc76-7bbd-42f5-8bc7-78f4fabd5944-global) for centrally managing Ingress subdomain certificates, ensuring secure management of sensitive credentials.

This architecture provides a robust and secure foundation for deploying and managing your Red Hat OpenShift cluster, enabling seamless integration, enhanced security, and comprehensive monitoring for your cloud-native applications." } ] }, From 5ed096053f4691c07622f5894aece7a4e2d4b767 Mon Sep 17 00:00:00 2001 From: Aditya-ranjan-16 Date: Fri, 25 Jul 2025 11:43:05 +0530 Subject: [PATCH 07/40] fix --- .catalog-onboard-pipeline.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.catalog-onboard-pipeline.yaml b/.catalog-onboard-pipeline.yaml index 3b47c60d..5083e143 100644 --- a/.catalog-onboard-pipeline.yaml +++ b/.catalog-onboard-pipeline.yaml @@ -7,7 +7,7 @@ offerings: offering_id: 95fccffc-ae3b-42df-b6d9-80be5914d852 variations: - name: fully-configurable - mark_ready: true + mark_ready: false install_type: fullstack pre_validation: "tests/scripts/pre-validation-deploy-cos-instance-and-vpc.sh" post_validation: "tests/scripts/post-validation-destroy-cos-instance-and-vpc.sh" From e3f5e52c89992a8a76fd66c92ab2b5a02c403b1b Mon Sep 17 00:00:00 2001 From: Aditya-ranjan-16 Date: Fri, 25 Jul 2025 18:24:21 +0530 Subject: [PATCH 08/40] fix --- ibm_catalog.json | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/ibm_catalog.json b/ibm_catalog.json index e5ebf2b7..1ca93e02 100644 --- a/ibm_catalog.json +++ b/ibm_catalog.json @@ -33,12 +33,12 @@ "description": "Creates a [Red Hat OpenShift Cluster](https://cloud.ibm.com/docs/openshift) on IBM Cloud that helps businesses manage their containerized applications at scale with added enterprise features such as security, scalability, and automation." }, { - "description": "With worker pools, you can group and manage [worker nodes](https://cloud.ibm.com/docs/openshift?topic=openshift-add-workers-vpc) with similar configurations, such as compute resources and availability zones.\n", - "title": "Creates worker pools" + "description": "Configures worker pools in cluster through which you can group and manage [worker nodes](https://cloud.ibm.com/docs/openshift?topic=openshift-add-workers-vpc) of similar configurations, such as compute resources and availability zones.\n", + "title": "Worker pools" }, { "description": "Configures the subnets for the cluster, and specifies the subnets to deploy the worker nodes in.\n", - "title": "Configures subnets for containers" + "title": "Subnets" }, { "title": "Access Endpoints", @@ -70,7 +70,6 @@ { "label": "[Experimental] Fully configurable", "name": "fully-configurable", - "index": 3, "install_type": "fullstack", "working_directory": "solutions/fully-configurable", "compliance": { @@ -173,8 +172,12 @@ "architecture": { "features": [ { - "title": " ", - "description": "Configured to use IBM secure by default standards, but can be edited to fit your use case." + "description": " ", + "title": "One VPC with three zone subnets" + }, + { + "description": " ", + "title": "Configures OCP cluster with a single worker pool distributed across all three zones, with two worker nodes per zone " } ], "diagrams": [ From c1a47a2bd08e511732e5dfc1db5a2bda2bc620df Mon Sep 17 00:00:00 2001 From: Aditya-ranjan-16 Date: Tue, 29 Jul 2025 12:12:00 +0530 Subject: [PATCH 09/40] fix: added link --- ibm_catalog.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ibm_catalog.json b/ibm_catalog.json index 1ca93e02..c2f738e4 100644 --- a/ibm_catalog.json +++ b/ibm_catalog.json @@ -37,7 +37,7 @@ "title": "Worker pools" }, { - "description": "Configures the subnets for the cluster, and specifies the subnets to deploy the worker nodes in.\n", + "description": "Configures the [subnets](https://cloud.ibm.com/docs/openshift?topic=openshift-vpc-subnets&interface=ui#vpc_basics_subnets) for the cluster, and specifies the subnets to deploy the worker nodes in.\n", "title": "Subnets" }, { From 373052f229164dd864b800b91e6a7685581f791d Mon Sep 17 00:00:00 2001 From: Aditya-ranjan-16 Date: Wed, 30 Jul 2025 14:13:10 +0530 Subject: [PATCH 10/40] fix: content --- ibm_catalog.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ibm_catalog.json b/ibm_catalog.json index c2f738e4..a8812b9b 100644 --- a/ibm_catalog.json +++ b/ibm_catalog.json @@ -23,7 +23,7 @@ "OCP" ], "short_description": "Creates Red Hat OpenShift workload clusters on IBM Cloud within a secure VPC network, with optional integration of security and logging services", - "long_description": "The Red Hat OpenShift Container Platform on VPC landing zone provides the tools to deploy a Red Hat OpenShift Container Platform cluster within a single Virtual Private Cloud (VPC) network, enabling a scalable and flexible cloud environment for containerized applications with seamless integration to security and observability services. The VPC is implemented as a multi-zone, multi-subnet architecture, ensuring that your environment remains secure and highly available.\n This architecture can be deployed independently or serve as a foundational building block for other solutions, such as [Cloud automation for Red Hat OpenShift AI](https://cloud.ibm.com/catalog/7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3/architecture/deploy-arch-ibm-ocp-ai-ba708aed-bb8a-4ac0-83a7-53a066701db5-global), enabling the rapid and secure deployment of mission-critical applications and AI-driven initiatives with a managed OpenShift service.", + "long_description": "The Red Hat OpenShift Container Platform on VPC landing zone provides the tools to deploy a Red Hat OpenShift Container Platform cluster within a single Virtual Private Cloud (VPC) network, enabling a scalable and flexible cloud environment for containerized applications with seamless integration to security and observability services. The VPC is implemented as a multi-zone, multi-subnet architecture, ensuring that your environment remains secure and highly available.", "offering_docs_url": "https://cloud.ibm.com/docs/secure-infrastructure-vpc?topic=secure-infrastructure-vpc-overview#overview-ocp", "offering_icon_url": "https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-landing-zone/main/.docs/images/deploy-arch-slz-ocp-lt.svg", "provider_name": "IBM", @@ -187,7 +187,7 @@ "url": "https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-base-ocp-vpc/refs/heads/main/reference-architecture/deployable-architecture-ocp-cluster.svg", "type": "image/svg+xml" }, - "description": "This architecture supports creation of Red Hat OpenShift cluster within a Virtual Private Cloud (VPC).

You can create a fully-configured VPC by selecting the [Cloud automation for VPC](https://cloud.ibm.com/catalog/7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3/architecture/deploy-arch-ibm-vpc-2af61763-f8ef-4527-a815-b92166f29bc8-global) dependency or you can use an existing VPC if any. The VPC can be provisioned either in a single-zone or multi-zone configuration, depending on your availability requirements. By default, the VPC addon provisions a three-zone VPC, forming the foundation for your OpenShift cluster. This cluster includes a single worker pool distributed across all three zones, with two worker nodes per zone. If you need additional worker pools, you can easily configure them using the additional_worker_pools variable.

A Cloud Object Storage (COS) instance is required for this topology. Within this instance, an Object Storage bucket will be created, which serves as the internal registry storage for the OpenShift cluster. The [Cloud automation for Object Storage](https://cloud.ibm.com/catalog/7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3/architecture/deploy-arch-ibm-cos-68921490-2778-4930-ac6d-bae7be6cd958-global) architecture supports the creation of COS instance. Additionally, the storage bucket can be encrypted using Key Management Services(KMS) to enhance security.

For logging and monitoring needs, you can enable Observability for your cluster, providing advanced monitoring, logging, and operational insights into the performance and health of your deployment.

Secrets Manager Integration can also be enabled using [Cloud automation for Secrets Manager](https://cloud.ibm.com/catalog/7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3/architecture/dep[…]bm-secrets-manager-6d6ebc76-7bbd-42f5-8bc7-78f4fabd5944-global) for centrally managing Ingress subdomain certificates, ensuring secure management of sensitive credentials.

This architecture provides a robust and secure foundation for deploying and managing your Red Hat OpenShift cluster, enabling seamless integration, enhanced security, and comprehensive monitoring for your cloud-native applications." + "description": "This architecture supports creation of Red Hat OpenShift cluster within a Virtual Private Cloud (VPC). The architecture can be deployed independently or serve as a foundational building block for other solutions, such as [Cloud automation for Red Hat OpenShift AI](https://cloud.ibm.com/catalog/7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3/architecture/deploy-arch-ibm-ocp-ai-ba708aed-bb8a-4ac0-83a7-53a066701db5-global)

You can create a fully-configured VPC by selecting the [Cloud automation for VPC](https://cloud.ibm.com/catalog/7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3/architecture/deploy-arch-ibm-vpc-2af61763-f8ef-4527-a815-b92166f29bc8-global) dependency or you can use an existing VPC if any. The VPC can be provisioned either in a single-zone or multi-zone configuration, depending on your availability requirements. By default, the VPC addon provisions a three-zone VPC, forming the foundation for your OpenShift cluster. This cluster includes a single worker pool distributed across all three zones, with two worker nodes per zone. If you need additional worker pools, you can easily configure them using the additional_worker_pools variable.

A Cloud Object Storage (COS) instance is required for this topology. Within this instance, an Object Storage bucket will be created, which serves as the internal registry storage for the OpenShift cluster. The [Cloud automation for Object Storage](https://cloud.ibm.com/catalog/7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3/architecture/deploy-arch-ibm-cos-68921490-2778-4930-ac6d-bae7be6cd958-global) architecture supports the creation of COS instance. Additionally, the storage bucket can be encrypted using Key Management Services(KMS) to enhance security.

For logging and monitoring needs, you can enable Observability for your cluster, providing advanced monitoring, logging, and operational insights into the performance and health of your deployment.

Secrets Manager Integration can also be enabled using [Cloud automation for Secrets Manager](https://cloud.ibm.com/catalog/7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3/architecture/dep[…]bm-secrets-manager-6d6ebc76-7bbd-42f5-8bc7-78f4fabd5944-global) for centrally managing Ingress subdomain certificates, ensuring secure management of sensitive credentials.

This architecture provides a robust and secure foundation for deploying and managing your Red Hat OpenShift cluster, enabling seamless integration, enhanced security, and comprehensive monitoring for your cloud-native applications." } ] }, From 6d9dc40b411fc381007b3080f31f910e74e21d7a Mon Sep 17 00:00:00 2001 From: Aditya-ranjan-16 Date: Wed, 30 Jul 2025 14:18:05 +0530 Subject: [PATCH 11/40] test: catalog --- ibm_catalog.json | 919 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 919 insertions(+) diff --git a/ibm_catalog.json b/ibm_catalog.json index a8812b9b..375d0898 100644 --- a/ibm_catalog.json +++ b/ibm_catalog.json @@ -985,6 +985,925 @@ ], "dependency_version_2": true, "terraform_version": "1.10.5" + }, + { + "label": "[Experimental] Dummy variation", + "name": "dummy-variation", + "install_type": "fullstack", + "working_directory": "solutions/fully-configurable", + "compliance": { + "authority": "scc-v3", + "profiles": [ + { + "profile_name": "IBM Cloud Framework for Financial Services", + "profile_version": "1.7.0" + } + ] + }, + "iam_permissions": [ + { + "service_name": "containers-kubernetes", + "role_crns": [ + "crn:v1:bluemix:public:iam::::serviceRole:Manager", + "crn:v1:bluemix:public:iam::::role:Editor" + ], + "notes": "Required to create and edit OpenShift cluster and the related resources." + }, + { + "service_name": "iam-identity", + "role_crns": [ + "crn:v1:bluemix:public:iam::::role:Administrator", + "crn:v1:bluemix:public:iam-identity::::serviceRole:UserApiKeyCreator" + ], + "notes": "Required to create the containers-kubernetes-key needed by the OpenShift cluster on IBM Cloud." + }, + { + "service_name": "is.vpc", + "role_crns": [ + "crn:v1:bluemix:public:iam::::role:Administrator" + ], + "notes": "Required for creating Virtual Private Cloud(VPC)." + }, + { + "service_name": "cloud-object-storage", + "role_crns": [ + "crn:v1:bluemix:public:iam::::serviceRole:Manager", + "crn:v1:bluemix:public:iam::::role:Editor" + ], + "notes": "Required to create Cloud Object Storage (COS) Instance." + }, + { + "service_name": "hs-crypto", + "role_crns": [ + "crn:v1:bluemix:public:iam::::serviceRole:Manager", + "crn:v1:bluemix:public:iam::::role:Editor" + ], + "notes": "[Optional] Required if KMS encryption is enabled and IBM Hyper Protect Crypto Services is used to encrypt the Kubernetes Secrets and Object Storage bucket." + }, + { + "service_name": "kms", + "role_crns": [ + "crn:v1:bluemix:public:iam::::serviceRole:Manager", + "crn:v1:bluemix:public:iam::::role:Editor" + ], + "notes": "[Optional] Required if KMS encryption is enabled and Key protect is used for encryption of Kubernetes Secrets and Object Storage bucket." + }, + { + "service_name": "sysdig-monitor", + "role_crns": [ + "crn:v1:bluemix:public:iam::::serviceRole:Manager", + "crn:v1:bluemix:public:iam::::role:Editor" + ], + "notes": "[Optional] Required if you are consuming Observability deployable architecture which sets up Cloud monitoring." + }, + { + "service_name": "logs", + "role_crns": [ + "crn:v1:bluemix:public:iam::::serviceRole:Manager", + "crn:v1:bluemix:public:iam::::role:Editor" + ], + "notes": "[Optional] Required if you are consuming Observability deployable architecture which sets up Cloud logs." + }, + { + "service_name": "logs-router", + "role_crns": [ + "crn:v1:bluemix:public:iam::::serviceRole:Manager" + ], + "notes": "[Optional] Required if you are consuming Observability deployable architecture which sets up Logs Routing." + }, + { + "service_name": "atracker", + "role_crns": [ + "crn:v1:bluemix:public:iam::::serviceRole:Writer", + "crn:v1:bluemix:public:iam::::role:Editor" + ], + "notes": "[Optional] Required if you are consuming Observability deployable architecture which sets up Activity Tracker Event Routing." + }, + { + "service_name": "secrets-manager", + "role_crns": [ + "crn:v1:bluemix:public:iam::::role:Administrator", + "crn:v1:bluemix:public:iam::::serviceRole:Manager" + ], + "notes": "[Optional] Required for creating an Secrets Manager instance. 'Manager' access required to create new secret groups." + } + ], + "architecture": { + "features": [ + { + "description": " ", + "title": "One VPC with three zone subnets" + }, + { + "description": " ", + "title": "Configures OCP cluster with a single worker pool distributed across all three zones, with two worker nodes per zone " + } + ], + "diagrams": [ + { + "diagram": { + "caption": "Red Hat OpenShift cluster topology - Fully configurable", + "url": "https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-base-ocp-vpc/refs/heads/main/reference-architecture/deployable-architecture-ocp-cluster.svg", + "type": "image/svg+xml" + }, + "description": "This architecture supports creation of Red Hat OpenShift cluster within a Virtual Private Cloud (VPC). The architecture can be deployed independently or serve as a foundational building block for other solutions, such as [Cloud automation for Red Hat OpenShift AI](https://cloud.ibm.com/catalog/7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3/architecture/deploy-arch-ibm-ocp-ai-ba708aed-bb8a-4ac0-83a7-53a066701db5-global)

You can create a fully-configured VPC by selecting the [Cloud automation for VPC](https://cloud.ibm.com/catalog/7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3/architecture/deploy-arch-ibm-vpc-2af61763-f8ef-4527-a815-b92166f29bc8-global) dependency or you can use an existing VPC if any. The VPC can be provisioned either in a single-zone or multi-zone configuration, depending on your availability requirements. By default, the VPC addon provisions a three-zone VPC, forming the foundation for your OpenShift cluster. This cluster includes a single worker pool distributed across all three zones, with two worker nodes per zone. If you need additional worker pools, you can easily configure them using the additional_worker_pools variable.

A Cloud Object Storage (COS) instance is required for this topology. Within this instance, an Object Storage bucket will be created, which serves as the internal registry storage for the OpenShift cluster. The [Cloud automation for Object Storage](https://cloud.ibm.com/catalog/7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3/architecture/deploy-arch-ibm-cos-68921490-2778-4930-ac6d-bae7be6cd958-global) architecture supports the creation of COS instance. Additionally, the storage bucket can be encrypted using Key Management Services(KMS) to enhance security.

For logging and monitoring needs, you can enable Observability for your cluster, providing advanced monitoring, logging, and operational insights into the performance and health of your deployment.

Secrets Manager Integration can also be enabled using [Cloud automation for Secrets Manager](https://cloud.ibm.com/catalog/7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3/architecture/dep[…]bm-secrets-manager-6d6ebc76-7bbd-42f5-8bc7-78f4fabd5944-global) for centrally managing Ingress subdomain certificates, ensuring secure management of sensitive credentials.

This architecture provides a robust and secure foundation for deploying and managing your Red Hat OpenShift cluster, enabling seamless integration, enhanced security, and comprehensive monitoring for your cloud-native applications." + } + ] + }, + "configuration": [ + { + "key": "ibmcloud_api_key" + }, + { + "key": "prefix", + "required": true + }, + { + "key": "cluster_name", + "required": true + }, + { + "key": "ocp_version", + "display_name": "openshift_version", + "required": true, + "options": [ + { + "displayname": "4.18", + "value": "4.18" + }, + { + "displayname": "4.17", + "value": "4.17" + }, + { + "displayname": "4.16", + "value": "4.16" + }, + { + "displayname": "4.15", + "value": "4.15" + }, + { + "displayname": "4.14", + "value": "4.14" + } + ] + }, + { + "key": "default_worker_pool_machine_type", + "required": true, + "options": [ + { + "displayname": "bx2.16x64", + "value": "bx2.16x64" + }, + { + "displayname": "bx2.32x128", + "value": "bx2.32x128" + }, + { + "displayname": "bx2.48x192", + "value": "bx2.48x192" + }, + { + "displayname": "bx2.8x32", + "value": "bx2.8x32" + }, + { + "displayname": "bx3d.128x640", + "value": "bx3d.128x640" + }, + { + "displayname": "bx3d.16x80", + "value": "bx3d.16x80" + }, + { + "displayname": "bx3d.24x120", + "value": "bx3d.24x120" + }, + { + "displayname": "bx3d.32x160", + "value": "bx3d.32x160" + }, + { + "displayname": "bx3d.48x240", + "value": "bx3d.48x240" + }, + { + "displayname": "bx3d.64x320", + "value": "bx3d.64x320" + }, + { + "displayname": "bx3d.8x40", + "value": "bx3d.8x40" + }, + { + "displayname": "bx3d.96x480", + "value": "bx3d.96x480" + }, + { + "displayname": "cx2.16x32", + "value": "cx2.16x32" + }, + { + "displayname": "cx2.32x64", + "value": "cx2.32x64" + }, + { + "displayname": "cx2.48x96", + "value": "cx2.48x96" + }, + { + "displayname": "cx3d.128x320", + "value": "cx3d.128x320" + }, + { + "displayname": "cx3d.16x40", + "value": "cx3d.16x40" + }, + { + "displayname": "cx3d.24x60", + "value": "cx3d.24x60" + }, + { + "displayname": "cx3d.32x80", + "value": "cx3d.32x80" + }, + { + "displayname": "cx3d.48x120", + "value": "cx3d.48x120" + }, + { + "displayname": "cx3d.64x160", + "value": "cx3d.64x160" + }, + { + "displayname": "cx3d.96x240", + "value": "cx3d.96x240" + }, + { + "displayname": "mx2.128x1024", + "value": "mx2.128x1024" + }, + { + "displayname": "mx2.16x128", + "value": "mx2.16x128" + }, + { + "displayname": "mx2.32x256", + "value": "mx2.32x256" + }, + { + "displayname": "mx2.48x384", + "value": "mx2.48x384" + }, + { + "displayname": "mx2.64x512", + "value": "mx2.64x512" + }, + { + "displayname": "mx2.8x64", + "value": "mx2.8x64" + }, + { + "displayname": "mx3d.128x1280", + "value": "mx3d.128x1280" + }, + { + "displayname": "mx3d.24x240", + "value": "mx3d.24x240" + }, + { + "displayname": "mx3d.32x320", + "value": "mx3d.32x320" + }, + { + "displayname": "mx3d.48x480", + "value": "mx3d.48x480" + }, + { + "displayname": "mx3d.64x640", + "value": "mx3d.64x640" + }, + { + "displayname": "mx3d.96x960", + "value": "mx3d.96x960" + }, + { + "displayname": "bx2d.metal.96x384 (Only available in Toronto (ca-tor))", + "value": "bx2d.metal.96x384" + }, + { + "displayname": "cx2d.metal.96x192 (Only available in Toronto (ca-tor)) ", + "value": "cx2d.metal.96x192" + }, + { + "displayname": "mx2d.metal.96x768 (Only available in Toronto (ca-tor))) ", + "value": "mx2d.metal.96x768" + }, + { + "displayname": "mx2.16x128.2000gb (Not available in Sao Paulo (br-sao), Montreal (ca-mon), Madrid (eu-es), Osaka (jp-osa))", + "value": "mx2.16x128.2000gb" + }, + { + "displayname": "ox2.128x1024 (Not available in Sao Paulo (br-sao), Montreal (ca-mon))", + "value": "ox2.128x1024" + }, + { + "displayname": "ox2.16x128 (Not available in Sao Paulo (br-sao), Montreal (ca-mon))", + "value": "ox2.16x128" + }, + { + "displayname": "ox2.32x256 (Not available in Sao Paulo (br-sao), Montreal (ca-mon))", + "value": "ox2.32x256" + }, + { + "displayname": "ox2.64x512 (Not available in Sao Paulo (br-sao), Montreal (ca-mon))", + "value": "ox2.64x512" + }, + { + "displayname": "ox2.8x64 (Not available in Sao Paulo (br-sao), Montreal (ca-mon))", + "value": "ox2.8x64" + }, + { + "displayname": "ox2.96x768 (Not available in Sao Paulo (br-sao), Montreal (ca-mon))", + "value": "ox2.96x768" + } + ] + }, + { + "key": "default_worker_pool_workers_per_zone", + "required": true + }, + { + "key": "default_worker_pool_operating_system", + "required": true, + "options": [ + { + "displayname": "RHEL 9", + "value": "RHEL_9_64" + }, + { + "displayname": "Red Hat CoreOS", + "value": "RHCOS" + }, + { + "displayname": "RHEL 8", + "value": "REDHAT_8_64" + } + ] + }, + { + "key": "existing_vpc_crn", + "required": true + }, + { + "key": "region", + "required": true, + "type": "string", + "custom_config": { + "config_constraints": { + "generationType": "2" + }, + "grouping": "deployment", + "original_grouping": "deployment", + "type": "vpc_region" + }, + "description": "Region in which all the resources will be deployed. [Learn More](https://terraform-ibm-modules.github.io/documentation/#/region).", + "virtual": true, + "default_value": "us-south" + }, + { + "key": "existing_cos_instance_crn", + "required": true + }, + { + "key": "enable_platform_metrics", + "type": "string", + "default_value": "true", + "description": "When set to `true`, the IBM Cloud Monitoring instance will be configured to collect platform metrics from the provided region. ⚠️ You can configure 1 instance only of the IBM Cloud Monitoring service per region to collect platform metrics in that location. Check with the account or service administrator if another monitoring instance has already been configured. You may not have permissions to see all monitoring instances in the region. [Learn more](https://cloud.ibm.com/docs/monitoring?topic=monitoring-platform_metrics_enabling).", + "required": true, + "virtual": true, + "options": [ + { + "displayname": "true", + "value": "true" + }, + { + "displayname": "false", + "value": "false" + } + ] + }, + { + "key": "logs_routing_tenant_regions", + "type": "list(string)", + "default_value": "[]", + "description": "To manage platform logs that are generated by IBM Cloud services in a region of IBM Cloud, you must create a tenant in each region that you operate. Pass a list of regions to create a tenant in. For example: [\"us-south\", \"us-east\"]. [Learn more](https://cloud.ibm.com/docs/logs-router?topic=logs-router-about-platform-logs).", + "required": true, + "virtual": true, + "custom_config": { + "grouping": "deployment", + "original_grouping": "deployment", + "config_constraints": { + "type": "string" + } + } + }, + { + "key": "existing_resource_group_name", + "display_name": "resource_group", + "custom_config": { + "type": "resource_group", + "grouping": "deployment", + "original_grouping": "deployment", + "config_constraints": { + "identifier": "rg_name" + } + } + }, + { + "key": "cluster_resource_tags", + "custom_config": { + "type": "array", + "grouping": "deployment", + "original_grouping": "deployment", + "config_constraints": { + "type": "string" + } + } + }, + { + "key": "access_tags", + "custom_config": { + "type": "array", + "grouping": "deployment", + "original_grouping": "deployment", + "config_constraints": { + "type": "string" + } + } + }, + { + "key": "ocp_entitlement" + }, + { + "key": "cluster_ready_when", + "options": [ + { + "displayname": "Normal", + "value": "Normal" + }, + { + "displayname": "IngressReady", + "value": "IngressReady" + }, + { + "displayname": "OneWorkerNodeReady", + "value": "OneWorkerNodeReady" + }, + { + "displayname": "MasterNodeReady", + "value": "MasterNodeReady" + } + ] + }, + { + "key": "enable_ocp_console" + }, + { + "key": "addons" + }, + { + "key": "manage_all_addons" + }, + { + "key": "additional_worker_pools", + "type": "array", + "custom_config": { + "type": "textarea", + "grouping": "deployment", + "original_grouping": "deployment" + } + }, + { + "key": "worker_pools_taints", + "type": "array", + "custom_config": { + "type": "textarea", + "grouping": "deployment", + "original_grouping": "deployment" + } + }, + { + "key": "ignore_worker_pool_size_changes" + }, + { + "key": "allow_default_worker_pool_replacement" + }, + { + "key": "default_worker_pool_labels" + }, + { + "key": "enable_autoscaling_for_default_pool" + }, + { + "key": "default_pool_minimum_number_of_nodes" + }, + { + "key": "default_pool_maximum_number_of_nodes" + }, + { + "key": "additional_security_group_ids" + }, + { + "key": "existing_subnet_ids" + }, + { + "key": "use_private_endpoint" + }, + { + "key": "disable_public_endpoint" + }, + { + "key": "cluster_config_endpoint_type", + "options": [ + { + "displayname": "default", + "value": "default" + }, + { + "displayname": "private", + "value": "private" + }, + { + "displayname": "vpe", + "value": "vpe" + }, + { + "displayname": "link", + "value": "link" + } + ] + }, + { + "key": "disable_outbound_traffic_protection" + }, + { + "key": "verify_worker_network_readiness" + }, + { + "key": "pod_subnet_cidr" + }, + { + "key": "service_subnet_cidr" + }, + { + "key": "custom_security_group_ids" + }, + { + "key": "attach_ibm_managed_security_group" + }, + { + "key": "additional_lb_security_group_ids" + }, + { + "key": "number_of_lbs" + }, + { + "key": "additional_vpe_security_group_ids" + }, + { + "key": "ibmcloud_kms_api_key" + }, + { + "key": "kms_encryption_enabled_cluster" + }, + { + "key": "existing_kms_instance_crn" + }, + { + "key": "existing_cluster_kms_key_crn" + }, + { + "key": "kms_endpoint_type", + "options": [ + { + "displayname": "Public", + "value": "public" + }, + { + "displayname": "Private", + "value": "private" + } + ], + "hidden": true + }, + { + "key": "cluster_kms_key_name" + }, + { + "key": "cluster_kms_key_ring_name" + }, + { + "key": "kms_encryption_enabled_boot_volume" + }, + { + "key": "existing_boot_volume_kms_key_crn" + }, + { + "key": "boot_volume_kms_key_name" + }, + { + "key": "boot_volume_kms_key_ring_name" + }, + { + "key": "cbr_rules", + "display_name": "openshift_cluster_cbr_rules", + "type": "array", + "custom_config": { + "type": "textarea", + "grouping": "deployment", + "original_grouping": "deployment" + } + }, + { + "key": "enable_secrets_manager_integration" + }, + { + "key": "existing_secrets_manager_instance_crn" + }, + { + "key": "secrets_manager_secret_group_id" + }, + { + "key": "secrets_manager_endpoint_type", + "hidden": true + }, + { + "key": "secrets_manager_service_plan", + "required": true, + "virtual": true, + "type": "string", + "options": [ + { + "displayname": "Standard", + "value": "standard" + }, + { + "displayname": "Trial", + "value": "trial" + } + ], + "default_value": "__NOT_SET__", + "description": "The pricing plan to use when provisioning a Secrets Manager instance. Possible values: `standard`, `trial`. You can create only one Trial instance of Secrets Manager per account. Before you can create a new Trial instance, you must delete the existing Trial instance and its reclamation. [Learn more](https://cloud.ibm.com/docs/secrets-manager?topic=secrets-manager-create-instance&interface=ui#upgrade-instance-standard)." + }, + { + "key": "skip_ocp_secrets_manager_iam_auth_policy" + }, + { + "key": "subnets", + "type": "object", + "default_value": "{\n zone-1 = [\n {\n name = \"subnet-a\"\n cidr = \"10.10.10.0/24\"\n public_gateway = true\n acl_name = \"vpc-acl\"\n no_addr_prefix = false\n }\n ],\n zone-2 = [\n {\n name = \"subnet-b\"\n cidr = \"10.20.10.0/24\"\n public_gateway = false\n acl_name = \"vpc-acl\"\n no_addr_prefix = false\n }\n ],\n zone-3 = [\n {\n name = \"subnet-c\"\n cidr = \"10.30.10.0/24\"\n public_gateway = false\n acl_name = \"vpc-acl\"\n no_addr_prefix = false\n }\n ]\n }", + "description": "List of subnets for the vpc. For each item in each array, a subnet will be created. Items can be either CIDR blocks or total ipv4 addressess. Public gateways will be enabled only in zones where a gateway has been created. [Learn more](https://github.com/terraform-ibm-modules/terraform-ibm-landing-zone-vpc/blob/main/solutions/fully-configurable/DA-types.md#subnets-).", + "required": false, + "virtual": true + }, + { + "key": "network_acls", + "type": "list(object)", + "default_value": "[\n {\n name = \"vpc-acl\"\n add_ibm_cloud_internal_rules = true\n add_vpc_connectivity_rules = true\n prepend_ibm_rules = true\n rules = [\n {\n name = \"allow-all-443-inbound\"\n action = \"allow\"\n direction = \"inbound\"\n tcp = {\n port_min = 443\n port_max = 443\n }\n destination = \"0.0.0.0/0\"\n source = \"0.0.0.0/0\"\n },\n {\n name = \"allow-all-80-inbound\"\n action = \"allow\"\n direction = \"inbound\"\n tcp = {\n port_min = 80\n port_max = 80\n source_port_min = 80\n source_port_max = 80\n }\n destination = \"0.0.0.0/0\"\n source = \"0.0.0.0/0\"\n },\n {\n name = \"allow-all-ingress-inbound\"\n action = \"allow\"\n direction = \"inbound\"\n tcp = {\n source_port_min = 30000\n source_port_max = 32767\n }\n destination = \"0.0.0.0/0\"\n source = \"0.0.0.0/0\"\n },\n {\n name = \"allow-all-443-outbound\"\n action = \"allow\"\n direction = \"outbound\"\n tcp = {\n source_port_min = 443\n source_port_max = 443\n }\n destination = \"0.0.0.0/0\"\n source = \"0.0.0.0/0\"\n },\n {\n name = \"allow-all-80-outbound\"\n action = \"allow\"\n direction = \"outbound\"\n tcp = {\n source_port_min = 80\n source_port_max = 80\n port_min = 80\n port_max = 80\n }\n destination = \"0.0.0.0/0\"\n source = \"0.0.0.0/0\"\n },\n {\n name = \"allow-all-ingress-outbound\"\n action = \"allow\"\n direction = \"outbound\"\n tcp = {\n port_min = 30000\n port_max = 32767\n }\n destination = \"0.0.0.0/0\"\n source = \"0.0.0.0/0\"\n }\n ]\n }\n]", + "description": "The list of ACLs to create. Provide at least one rule for each ACL. [Learn more](https://github.com/terraform-ibm-modules/terraform-ibm-landing-zone-vpc/blob/main/solutions/fully-configurable/DA-types.md#network-acls-).", + "required": false, + "virtual": true, + "custom_config": { + "type": "textarea", + "grouping": "deployment", + "original_grouping": "deployment" + } + }, + { + "key": "provider_visibility", + "options": [ + { + "displayname": "private", + "value": "private" + }, + { + "displayname": "public", + "value": "public" + }, + { + "displayname": "public-and-private", + "value": "public-and-private" + } + ], + "hidden": true + } + ], + "dependencies": [ + { + "name": "deploy-arch-ibm-vpc", + "description": "Configure the VPC instance and subnets where the OpenShift cluster will be deployed. ", + "id": "2af61763-f8ef-4527-a815-b92166f29bc8-global", + "version": "v7.24.0", + "flavors": [ + "fully-configurable" + ], + "catalog_id": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3", + "optional": true, + "on_by_default": true, + "input_mapping": [ + { + "dependency_input": "prefix", + "version_input": "prefix", + "reference_version": true + }, + { + "dependency_input": "existing_resource_group_name", + "version_input": "existing_resource_group_name", + "reference_version": true + }, + { + "dependency_input": "region", + "version_input": "region", + "reference_version": true + }, + { + "dependency_output": "vpc_crn", + "version_input": "existing_vpc_crn" + }, + { + "dependency_input": "subnets", + "version_input": "subnets", + "reference_version": true + }, + { + "dependency_input": "network_acls", + "version_input": "network_acls", + "reference_version": true + } + ] + }, + { + "name": "deploy-arch-ibm-account-infra-base", + "description": "Cloud automation for Account Configuration organizes your IBM Cloud account with a ready-made set of resource groups by default and, when you enable the \"with Account Settings\" option, it also applies baseline security and governance settings. ", + "catalog_id": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3", + "flavors": [ + "resource-group-only", + "resource-groups-with-account-settings" + ], + "default_flavor": "resource-group-only", + "id": "63641cec-6093-4b4f-b7b0-98d2f4185cd6-global", + "input_mapping": [ + { + "dependency_output": "workload_resource_group_name", + "version_input": "existing_resource_group_name" + }, + { + "dependency_input": "prefix", + "version_input": "prefix", + "reference_version": true + } + ], + "optional": true, + "on_by_default": false, + "version": "v3.0.7" + }, + { + "name": "deploy-arch-ibm-kms", + "description": "Enable Cloud Automation for Key Protect when you want services to use your own managed encryption keys. If disabled, it will fall back on IBM Cloud's default service-managed encryption. ", + "id": "2cad4789-fa90-4886-9c9e-857081c273ee-global", + "version": "v5.1.4", + "flavors": [ + "fully-configurable" + ], + "catalog_id": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3", + "optional": true, + "on_by_default": true, + "input_mapping": [ + { + "version_input": "kms_encryption_enabled_cluster", + "value": true + }, + { + "dependency_output": "kms_instance_crn", + "version_input": "existing_kms_instance_crn" + }, + { + "dependency_input": "existing_resource_group_name", + "version_input": "existing_resource_group_name", + "reference_version": true + }, + { + "dependency_input": "prefix", + "version_input": "prefix", + "reference_version": true + } + ] + }, + { + "name": "deploy-arch-ibm-cos", + "description": "Set up a Cloud Object Storage (COS) instance, where an object storage bucket will be created and used as the internal registry storage for OpenShift cluster. ", + "id": "68921490-2778-4930-ac6d-bae7be6cd958-global", + "version": "v9.0.2", + "flavors": [ + "instance" + ], + "catalog_id": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3", + "optional": true, + "on_by_default": true, + "input_mapping": [ + { + "dependency_output": "cos_instance_crn", + "version_input": "existing_cos_instance_crn" + }, + { + "dependency_input": "prefix", + "version_input": "prefix", + "reference_version": true + }, + { + "dependency_input": "existing_resource_group_name", + "version_input": "existing_resource_group_name", + "reference_version": true + } + ] + }, + { + "name": "deploy-arch-ibm-observability", + "description": "Configure IBM Cloud Logs, Cloud Monitoring and Activity Tracker event routing for analysing logs and metrics generated by the OpenShift cluster. ", + "id": "a3137d28-79e0-479d-8a24-758ebd5a0eab-global", + "version": "v3.0.3", + "flavors": [ + "instances" + ], + "catalog_id": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3", + "optional": true, + "on_by_default": true, + "input_mapping": [ + { + "dependency_input": "prefix", + "version_input": "prefix", + "reference_version": true + }, + { + "dependency_input": "enable_platform_metrics", + "version_input": "enable_platform_metrics", + "reference_version": true + }, + { + "dependency_input": "logs_routing_tenant_regions", + "version_input": "logs_routing_tenant_regions", + "reference_version": true + } + ] + }, + { + "name": "deploy-arch-ibm-secrets-manager", + "description": "Configure Secrets Manager instance for centrally managing Ingress subdomain certificates and other secrets. ", + "id": "6d6ebc76-7bbd-42f5-8bc7-78f4fabd5944-global", + "version": "v2.4.0", + "flavors": [ + "fully-configurable" + ], + "catalog_id": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3", + "optional": true, + "on_by_default": true, + "input_mapping": [ + { + "dependency_input": "prefix", + "version_input": "prefix", + "reference_version": true + }, + { + "dependency_input": "service_plan", + "version_input": "secrets_manager_service_plan", + "reference_version": true + }, + { + "dependency_input": "secrets_manager_endpoint_type", + "version_input": "secrets_manager_endpoint_type", + "reference_version": true + }, + { + "dependency_input": "existing_resource_group_name", + "version_input": "existing_resource_group_name", + "reference_version": true + }, + { + "dependency_output": "secrets_manager_crn", + "version_input": "existing_secrets_manager_instance_crn" + }, + { + "version_input": "enable_secrets_manager_integration", + "value": true + } + ] + } + ], + "dependency_version_2": true, + "terraform_version": "1.10.5" } ] } From 8b7aef63caa0ed80e4331dad6eb48fe3e81ea698 Mon Sep 17 00:00:00 2001 From: Aditya-ranjan-16 Date: Wed, 30 Jul 2025 14:42:41 +0530 Subject: [PATCH 12/40] test --- ibm_catalog.json | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ibm_catalog.json b/ibm_catalog.json index 375d0898..c7c2466a 100644 --- a/ibm_catalog.json +++ b/ibm_catalog.json @@ -69,6 +69,7 @@ "flavors": [ { "label": "[Experimental] Fully configurable", + "index":2, "name": "fully-configurable", "install_type": "fullstack", "working_directory": "solutions/fully-configurable", @@ -989,6 +990,7 @@ { "label": "[Experimental] Dummy variation", "name": "dummy-variation", + "index":1, "install_type": "fullstack", "working_directory": "solutions/fully-configurable", "compliance": { From bfcc9333622ac7a183e994fbc5085da7f7e56fb1 Mon Sep 17 00:00:00 2001 From: Aditya-ranjan-16 Date: Wed, 30 Jul 2025 14:55:39 +0530 Subject: [PATCH 13/40] test --- ibm_catalog.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ibm_catalog.json b/ibm_catalog.json index c7c2466a..ae99bf30 100644 --- a/ibm_catalog.json +++ b/ibm_catalog.json @@ -990,7 +990,7 @@ { "label": "[Experimental] Dummy variation", "name": "dummy-variation", - "index":1, + "index":3, "install_type": "fullstack", "working_directory": "solutions/fully-configurable", "compliance": { From c70bbef69a20a152d876d934b1f3b5d1de5766e1 Mon Sep 17 00:00:00 2001 From: Aditya-ranjan-16 Date: Thu, 31 Jul 2025 11:09:28 +0530 Subject: [PATCH 14/40] test --- ibm_catalog.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ibm_catalog.json b/ibm_catalog.json index ae99bf30..06794145 100644 --- a/ibm_catalog.json +++ b/ibm_catalog.json @@ -69,7 +69,7 @@ "flavors": [ { "label": "[Experimental] Fully configurable", - "index":2, + "index":3, "name": "fully-configurable", "install_type": "fullstack", "working_directory": "solutions/fully-configurable", @@ -990,7 +990,7 @@ { "label": "[Experimental] Dummy variation", "name": "dummy-variation", - "index":3, + "index":4, "install_type": "fullstack", "working_directory": "solutions/fully-configurable", "compliance": { From 35d461ceb67553bfb103a70c1c9959eb9cafdb14 Mon Sep 17 00:00:00 2001 From: Aditya-ranjan-16 Date: Fri, 8 Aug 2025 12:20:28 +0530 Subject: [PATCH 15/40] fix --- common-dev-assets | 2 +- ibm_catalog.json | 4 ++++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/common-dev-assets b/common-dev-assets index 875f11b6..2ba5cc2c 160000 --- a/common-dev-assets +++ b/common-dev-assets @@ -1 +1 @@ -Subproject commit 875f11b64778671daff496f5986d19c28553fff2 +Subproject commit 2ba5cc2c867361e8bcf34bd95f7359cc03d82b25 diff --git a/ibm_catalog.json b/ibm_catalog.json index 06794145..528dfb5a 100644 --- a/ibm_catalog.json +++ b/ibm_catalog.json @@ -63,6 +63,10 @@ { "title": "Observability", "description": "This solution can leverage Observability that supports configuring resources for logging, monitoring and activity tracker event routing (optional)." + }, + { + "title": "Kube Audit", + "description": "Deploys the Kube Audit solution to monitor and log Kubernetes API server activity. It captures events such as user actions, configuration changes, and access attempts, helping meet security and compliance requirements through centralized [audit logging](https://cloud.ibm.com/docs/containers?topic=containers-health-audit#audit-api-server)." } ], "support_details": "This product is in the community registry, as such support is handled through the originated repo. If you experience issues, please open an issue in the repository [here](https://github.com/terraform-ibm-modules/terraform-ibm-base-ocp-vpc/issues). Please note this product is not supported via the IBM Cloud Support Center.", From a4af637c292433c11cd577eaf28c91e7f2795f66 Mon Sep 17 00:00:00 2001 From: Aditya-ranjan-16 Date: Fri, 8 Aug 2025 12:48:45 +0530 Subject: [PATCH 16/40] add: quickstart --- .catalog-onboard-pipeline.yaml | 3 + .secrets.baseline | 4 +- ibm_catalog.json | 964 +++--------------- ...deployable-architecture-ocp-cluster-qs.svg | 4 + solutions/quickstart/DA_docs.md | 12 + solutions/quickstart/README.md | 3 + .../catalogValidationValues.json.template | 6 + solutions/quickstart/main.tf | 148 +++ solutions/quickstart/outputs.tf | 58 ++ solutions/quickstart/provider.tf | 6 + solutions/quickstart/variables.tf | 104 ++ solutions/quickstart/version.tf | 11 + tests/other_test.go | 1 - tests/pr_test.go | 52 + 14 files changed, 536 insertions(+), 840 deletions(-) create mode 100644 reference-architecture/deployable-architecture-ocp-cluster-qs.svg create mode 100644 solutions/quickstart/DA_docs.md create mode 100644 solutions/quickstart/README.md create mode 100644 solutions/quickstart/catalogValidationValues.json.template create mode 100644 solutions/quickstart/main.tf create mode 100644 solutions/quickstart/outputs.tf create mode 100644 solutions/quickstart/provider.tf create mode 100644 solutions/quickstart/variables.tf create mode 100644 solutions/quickstart/version.tf diff --git a/.catalog-onboard-pipeline.yaml b/.catalog-onboard-pipeline.yaml index 5083e143..90065326 100644 --- a/.catalog-onboard-pipeline.yaml +++ b/.catalog-onboard-pipeline.yaml @@ -15,3 +15,6 @@ offerings: instance_id: 1c7d5f78-9262-44c3-b779-b28fe4d88c37 region: us-south scope_resource_group_var_name: existing_resource_group_name + - name: quickstart + mark_ready: true + install_type: fullstack diff --git a/.secrets.baseline b/.secrets.baseline index a262313b..df2f5f87 100644 --- a/.secrets.baseline +++ b/.secrets.baseline @@ -3,7 +3,7 @@ "files": "go.sum|^.secrets.baseline$", "lines": null }, - "generated_at": "2025-05-14T17:28:16Z", + "generated_at": "2025-08-08T07:10:00Z", "plugins_used": [ { "name": "AWSKeyDetector" @@ -82,7 +82,7 @@ "hashed_secret": "8196b86ede820e665b2b8af9c648f4996be99838", "is_secret": false, "is_verified": false, - "line_number": 65, + "line_number": 89, "type": "Secret Keyword", "verified_result": null } diff --git a/ibm_catalog.json b/ibm_catalog.json index c079743e..fddd937f 100644 --- a/ibm_catalog.json +++ b/ibm_catalog.json @@ -785,6 +785,34 @@ } ], "hidden": true + }, + { + "key":"enable_kube_audit" + }, + { + "key": "audit_deployment_name" + }, + { + "key": "audit_log_policy", + "options": [ + { + "displayname": "Default", + "value": "default" + }, + { + "displayname": "Write Request Bodies", + "value": "WriteRequestBodies" + } + ] + }, + { + "key": "audit_namespace" + }, + { + "key": "audit_webhook_listener_image" + }, + { + "key": "audit_webhook_listener_image_tag_digest" } ], "dependencies": [ @@ -992,28 +1020,19 @@ "terraform_version": "1.10.5" }, { - "label": "[Experimental] Dummy variation", - "name": "dummy-variation", - "index":4, + "label": "[Experimental] QuickStart", + "name": "quickstart", + "index": 4, "install_type": "fullstack", - "working_directory": "solutions/fully-configurable", - "compliance": { - "authority": "scc-v3", - "profiles": [ - { - "profile_name": "IBM Cloud Framework for Financial Services", - "profile_version": "1.7.0" - } - ] - }, + "working_directory": "solutions/quickstart", "iam_permissions": [ { "service_name": "containers-kubernetes", "role_crns": [ "crn:v1:bluemix:public:iam::::serviceRole:Manager", - "crn:v1:bluemix:public:iam::::role:Editor" + "crn:v1:bluemix:public:iam::::role:Administrator" ], - "notes": "Required to create and edit OpenShift cluster and the related resources." + "notes": "Required to reset the cluster API key, create and edit the OpenShift cluster, and manage all related resources." }, { "service_name": "iam-identity", @@ -1021,98 +1040,46 @@ "crn:v1:bluemix:public:iam::::role:Administrator", "crn:v1:bluemix:public:iam-identity::::serviceRole:UserApiKeyCreator" ], - "notes": "Required to create the containers-kubernetes-key needed by the OpenShift cluster on IBM Cloud." + "notes": "Required to create the cluster API key needed by the OpenShift cluster on IBM Cloud and for managing and operating resources within the IBM Cloud environment." }, { "service_name": "is.vpc", "role_crns": [ - "crn:v1:bluemix:public:iam::::role:Administrator" - ], - "notes": "Required for creating Virtual Private Cloud(VPC)." - }, - { - "service_name": "cloud-object-storage", - "role_crns": [ - "crn:v1:bluemix:public:iam::::serviceRole:Manager", - "crn:v1:bluemix:public:iam::::role:Editor" - ], - "notes": "Required to create Cloud Object Storage (COS) Instance." - }, - { - "service_name": "hs-crypto", - "role_crns": [ - "crn:v1:bluemix:public:iam::::serviceRole:Manager", - "crn:v1:bluemix:public:iam::::role:Editor" - ], - "notes": "[Optional] Required if KMS encryption is enabled and IBM Hyper Protect Crypto Services is used to encrypt the Kubernetes Secrets and Object Storage bucket." - }, - { - "service_name": "kms", - "role_crns": [ - "crn:v1:bluemix:public:iam::::serviceRole:Manager", - "crn:v1:bluemix:public:iam::::role:Editor" - ], - "notes": "[Optional] Required if KMS encryption is enabled and Key protect is used for encryption of Kubernetes Secrets and Object Storage bucket." - }, - { - "service_name": "sysdig-monitor", - "role_crns": [ - "crn:v1:bluemix:public:iam::::serviceRole:Manager", - "crn:v1:bluemix:public:iam::::role:Editor" - ], - "notes": "[Optional] Required if you are consuming Observability deployable architecture which sets up Cloud monitoring." - }, - { - "service_name": "logs", - "role_crns": [ - "crn:v1:bluemix:public:iam::::serviceRole:Manager", "crn:v1:bluemix:public:iam::::role:Editor" ], - "notes": "[Optional] Required if you are consuming Observability deployable architecture which sets up Cloud logs." - }, - { - "service_name": "logs-router", - "role_crns": [ - "crn:v1:bluemix:public:iam::::serviceRole:Manager" - ], - "notes": "[Optional] Required if you are consuming Observability deployable architecture which sets up Logs Routing." + "notes": "Required for creating Virtual Private Cloud (VPC)." }, { - "service_name": "atracker", - "role_crns": [ - "crn:v1:bluemix:public:iam::::serviceRole:Writer", - "crn:v1:bluemix:public:iam::::role:Editor" - ], - "notes": "[Optional] Required if you are consuming Observability deployable architecture which sets up Activity Tracker Event Routing." + "service_name": "cloud-object-storage", + "role_crns": [ + "crn:v1:bluemix:public:iam::::serviceRole:Manager", + "crn:v1:bluemix:public:iam::::role:Editor" + ], + "notes": "Required for creating the OpenShift cluster's internal registry storage bucket." }, { - "service_name": "secrets-manager", "role_crns": [ - "crn:v1:bluemix:public:iam::::role:Administrator", - "crn:v1:bluemix:public:iam::::serviceRole:Manager" + "crn:v1:bluemix:public:iam::::role:Viewer" ], - "notes": "[Optional] Required for creating an Secrets Manager instance. 'Manager' access required to create new secret groups." + "service_name": "Resource group only", + "notes":"Viewer access is required in the resource group you want to provision in." } ], "architecture": { "features": [ { - "description": " ", - "title": "One VPC with three zone subnets" - }, - { - "description": " ", - "title": "Configures OCP cluster with a single worker pool distributed across all three zones, with two worker nodes per zone " + "title": " ", + "description": "Configures QuickStart deployment of a Red Hat OpenShift cluster within an IBM Cloud VPC with limited options." } ], "diagrams": [ { "diagram": { - "caption": "Red Hat OpenShift cluster topology - Fully configurable", - "url": "https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-base-ocp-vpc/refs/heads/main/reference-architecture/deployable-architecture-ocp-cluster.svg", + "caption": "Red Hat OpenShift cluster topology - Quickstart", + "url": "https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-base-ocp-vpc/refs/heads/main/reference-architecture/deployable-architecture-ocp-cluster-qs.svg", "type": "image/svg+xml" }, - "description": "This architecture supports creation of Red Hat OpenShift cluster within a Virtual Private Cloud (VPC). The architecture can be deployed independently or serve as a foundational building block for other solutions, such as [Cloud automation for Red Hat OpenShift AI](https://cloud.ibm.com/catalog/7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3/architecture/deploy-arch-ibm-ocp-ai-ba708aed-bb8a-4ac0-83a7-53a066701db5-global)

You can create a fully-configured VPC by selecting the [Cloud automation for VPC](https://cloud.ibm.com/catalog/7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3/architecture/deploy-arch-ibm-vpc-2af61763-f8ef-4527-a815-b92166f29bc8-global) dependency or you can use an existing VPC if any. The VPC can be provisioned either in a single-zone or multi-zone configuration, depending on your availability requirements. By default, the VPC addon provisions a three-zone VPC, forming the foundation for your OpenShift cluster. This cluster includes a single worker pool distributed across all three zones, with two worker nodes per zone. If you need additional worker pools, you can easily configure them using the additional_worker_pools variable.

A Cloud Object Storage (COS) instance is required for this topology. Within this instance, an Object Storage bucket will be created, which serves as the internal registry storage for the OpenShift cluster. The [Cloud automation for Object Storage](https://cloud.ibm.com/catalog/7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3/architecture/deploy-arch-ibm-cos-68921490-2778-4930-ac6d-bae7be6cd958-global) architecture supports the creation of COS instance. Additionally, the storage bucket can be encrypted using Key Management Services(KMS) to enhance security.

For logging and monitoring needs, you can enable Observability for your cluster, providing advanced monitoring, logging, and operational insights into the performance and health of your deployment.

Secrets Manager Integration can also be enabled using [Cloud automation for Secrets Manager](https://cloud.ibm.com/catalog/7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3/architecture/dep[…]bm-secrets-manager-6d6ebc76-7bbd-42f5-8bc7-78f4fabd5944-global) for centrally managing Ingress subdomain certificates, ensuring secure management of sensitive credentials.

This architecture provides a robust and secure foundation for deploying and managing your Red Hat OpenShift cluster, enabling seamless integration, enhanced security, and comprehensive monitoring for your cloud-native applications." + "description": "This QuickStart variation of deployable architecture enables deployment of a Red Hat OpenShift cluster within an IBM Cloud Virtual Private Cloud (VPC). It provisions the OpenShift cluster and its foundational VPC infrastructure with a limited set of essential options for rapid and streamlined setup. Additionally, the deployment creates an Object Storage bucket that serves as the internal container image registry for the OpenShift cluster. Thus, it helps ensure seamless storage integration.

Users can select from predefined cluster sizes — mini (default), small, medium, and large. Each size determining the number of availability zones, worker nodes per zone, and the machine type (worker node flavor). [Learn more](https://github.com/terraform-ibm-modules/terraform-ibm-base-ocp-vpc/blob/main/solutions/quickstart/DA_docs.md).

By default, the architecture provisions a two-zone VPC, forming the foundation for the OpenShift cluster. The cluster comprises a single worker pool distributed across these zones, with two worker nodes per zone in the mini configuration.

This streamlined architecture balances ease of use with flexibility, enabling rapid OpenShift cluster deployments with the infrastructure, integrated storage services, and right-sized compute resources of IBM Cloud." } ] }, @@ -1120,238 +1087,115 @@ { "key": "ibmcloud_api_key" }, + { + "key": "existing_resource_group_name", + "display_name": "resource_group", + "custom_config": { + "type": "resource_group", + "grouping": "deployment", + "original_grouping": "deployment", + "config_constraints": { + "identifier": "rg_name" + } + } + }, { "key": "prefix", "required": true }, { - "key": "cluster_name", - "required": true + "key": "region", + "required": true, + "type": "string", + "custom_config": { + "config_constraints": { + "generationType": "2" + }, + "grouping": "deployment", + "original_grouping": "deployment", + "type": "vpc_region" + } }, { - "key": "ocp_version", - "display_name": "openshift_version", + "key": "size", "required": true, "options": [ { - "displayname": "4.18", - "value": "4.18" - }, - { - "displayname": "4.17", - "value": "4.17" + "displayname": "mini", + "value": "mini" }, { - "displayname": "4.16", - "value": "4.16" + "displayname": "small", + "value": "small" }, { - "displayname": "4.15", - "value": "4.15" + "displayname": "medium", + "value": "medium" }, { - "displayname": "4.14", - "value": "4.14" + "displayname": "large", + "value": "large" } ] }, { - "key": "default_worker_pool_machine_type", - "required": true, + "key": "provider_visibility", "options": [ { - "displayname": "bx2.16x64", - "value": "bx2.16x64" - }, - { - "displayname": "bx2.32x128", - "value": "bx2.32x128" - }, - { - "displayname": "bx2.48x192", - "value": "bx2.48x192" - }, - { - "displayname": "bx2.8x32", - "value": "bx2.8x32" - }, - { - "displayname": "bx3d.128x640", - "value": "bx3d.128x640" - }, - { - "displayname": "bx3d.16x80", - "value": "bx3d.16x80" - }, - { - "displayname": "bx3d.24x120", - "value": "bx3d.24x120" - }, - { - "displayname": "bx3d.32x160", - "value": "bx3d.32x160" - }, - { - "displayname": "bx3d.48x240", - "value": "bx3d.48x240" - }, - { - "displayname": "bx3d.64x320", - "value": "bx3d.64x320" - }, - { - "displayname": "bx3d.8x40", - "value": "bx3d.8x40" - }, - { - "displayname": "bx3d.96x480", - "value": "bx3d.96x480" - }, - { - "displayname": "cx2.16x32", - "value": "cx2.16x32" + "displayname": "private", + "value": "private" }, { - "displayname": "cx2.32x64", - "value": "cx2.32x64" + "displayname": "public", + "value": "public" }, { - "displayname": "cx2.48x96", - "value": "cx2.48x96" - }, + "displayname": "public-and-private", + "value": "public-and-private" + } + ], + "hidden": true + }, + { + "key": "cluster_name" + }, + { + "key": "ocp_version", + "default_value": "4.17", + "required": true, + "options": [ { - "displayname": "cx3d.128x320", - "value": "cx3d.128x320" + "displayname": "4.18", + "value": "4.18" }, { - "displayname": "cx3d.16x40", - "value": "cx3d.16x40" + "displayname": "4.17", + "value": "4.17" }, { - "displayname": "cx3d.24x60", - "value": "cx3d.24x60" + "displayname": "4.16", + "value": "4.16" }, { - "displayname": "cx3d.32x80", - "value": "cx3d.32x80" + "displayname": "4.15", + "value": "4.15" }, { - "displayname": "cx3d.48x120", - "value": "cx3d.48x120" - }, + "displayname": "4.14", + "value": "4.14" + } + ] + }, + { + "key": "default_worker_pool_operating_system", + "options": [ { - "displayname": "cx3d.64x160", - "value": "cx3d.64x160" + "displayname": "RHEL 9", + "value": "RHEL_9_64" }, { - "displayname": "cx3d.96x240", - "value": "cx3d.96x240" - }, - { - "displayname": "mx2.128x1024", - "value": "mx2.128x1024" - }, - { - "displayname": "mx2.16x128", - "value": "mx2.16x128" - }, - { - "displayname": "mx2.32x256", - "value": "mx2.32x256" - }, - { - "displayname": "mx2.48x384", - "value": "mx2.48x384" - }, - { - "displayname": "mx2.64x512", - "value": "mx2.64x512" - }, - { - "displayname": "mx2.8x64", - "value": "mx2.8x64" - }, - { - "displayname": "mx3d.128x1280", - "value": "mx3d.128x1280" - }, - { - "displayname": "mx3d.24x240", - "value": "mx3d.24x240" - }, - { - "displayname": "mx3d.32x320", - "value": "mx3d.32x320" - }, - { - "displayname": "mx3d.48x480", - "value": "mx3d.48x480" - }, - { - "displayname": "mx3d.64x640", - "value": "mx3d.64x640" - }, - { - "displayname": "mx3d.96x960", - "value": "mx3d.96x960" - }, - { - "displayname": "bx2d.metal.96x384 (Only available in Toronto (ca-tor))", - "value": "bx2d.metal.96x384" - }, - { - "displayname": "cx2d.metal.96x192 (Only available in Toronto (ca-tor)) ", - "value": "cx2d.metal.96x192" - }, - { - "displayname": "mx2d.metal.96x768 (Only available in Toronto (ca-tor))) ", - "value": "mx2d.metal.96x768" - }, - { - "displayname": "mx2.16x128.2000gb (Not available in Sao Paulo (br-sao), Montreal (ca-mon), Madrid (eu-es), Osaka (jp-osa))", - "value": "mx2.16x128.2000gb" - }, - { - "displayname": "ox2.128x1024 (Not available in Sao Paulo (br-sao), Montreal (ca-mon))", - "value": "ox2.128x1024" - }, - { - "displayname": "ox2.16x128 (Not available in Sao Paulo (br-sao), Montreal (ca-mon))", - "value": "ox2.16x128" - }, - { - "displayname": "ox2.32x256 (Not available in Sao Paulo (br-sao), Montreal (ca-mon))", - "value": "ox2.32x256" - }, - { - "displayname": "ox2.64x512 (Not available in Sao Paulo (br-sao), Montreal (ca-mon))", - "value": "ox2.64x512" - }, - { - "displayname": "ox2.8x64 (Not available in Sao Paulo (br-sao), Montreal (ca-mon))", - "value": "ox2.8x64" - }, - { - "displayname": "ox2.96x768 (Not available in Sao Paulo (br-sao), Montreal (ca-mon))", - "value": "ox2.96x768" - } - ] - }, - { - "key": "default_worker_pool_workers_per_zone", - "required": true - }, - { - "key": "default_worker_pool_operating_system", - "required": true, - "options": [ - { - "displayname": "RHEL 9", - "value": "RHEL_9_64" - }, - { - "displayname": "Red Hat CoreOS", - "value": "RHCOS" + "displayname": "Red Hat CoreOS", + "value": "RHCOS" }, { "displayname": "RHEL 8", @@ -1360,91 +1204,15 @@ ] }, { - "key": "existing_vpc_crn", - "required": true - }, - { - "key": "region", - "required": true, - "type": "string", - "custom_config": { - "config_constraints": { - "generationType": "2" - }, - "grouping": "deployment", - "original_grouping": "deployment", - "type": "vpc_region" - }, - "description": "Region in which all the resources will be deployed. [Learn More](https://terraform-ibm-modules.github.io/documentation/#/region).", - "virtual": true, - "default_value": "us-south" - }, - { - "key": "existing_cos_instance_crn", - "required": true - }, - { - "key": "disable_public_endpoint", - "required": true - }, - { - "key": "enable_platform_metrics", - "type": "string", - "default_value": "true", - "description": "When set to `true`, the IBM Cloud Monitoring instance will be configured to collect platform metrics from the provided region. ⚠️ You can configure 1 instance only of the IBM Cloud Monitoring service per region to collect platform metrics in that location. Check with the account or service administrator if another monitoring instance has already been configured. You may not have permissions to see all monitoring instances in the region. [Learn more](https://cloud.ibm.com/docs/monitoring?topic=monitoring-platform_metrics_enabling).", - "required": true, - "virtual": true, - "options": [ - { - "displayname": "true", - "value": "true" - }, - { - "displayname": "false", - "value": "false" - } - ] - }, - { - "key": "logs_routing_tenant_regions", - "type": "list(string)", - "default_value": "[]", - "description": "To manage platform logs that are generated by IBM Cloud services in a region of IBM Cloud, you must create a tenant in each region that you operate. Pass a list of regions to create a tenant in. For example: [\"us-south\", \"us-east\"]. [Learn more](https://cloud.ibm.com/docs/logs-router?topic=logs-router-about-platform-logs).", - "required": true, - "virtual": true, - "custom_config": { - "grouping": "deployment", - "original_grouping": "deployment", - "config_constraints": { - "type": "string" - } - } - }, - { - "key": "existing_resource_group_name", - "display_name": "resource_group", - "custom_config": { - "type": "resource_group", - "grouping": "deployment", - "original_grouping": "deployment", - "config_constraints": { - "identifier": "rg_name" - } - } + "key": "address_prefix", + "hidden": true }, { - "key": "cluster_resource_tags", - "custom_config": { - "type": "array", - "grouping": "deployment", - "original_grouping": "deployment", - "config_constraints": { - "type": "string" - } - } + "key": "ocp_entitlement" }, { "key": "access_tags", + "hidden":true, "custom_config": { "type": "array", "grouping": "deployment", @@ -1455,490 +1223,12 @@ } }, { - "key": "ocp_entitlement" - }, - { - "key": "cluster_ready_when", - "options": [ - { - "displayname": "Normal", - "value": "Normal" - }, - { - "displayname": "IngressReady", - "value": "IngressReady" - }, - { - "displayname": "OneWorkerNodeReady", - "value": "OneWorkerNodeReady" - }, - { - "displayname": "MasterNodeReady", - "value": "MasterNodeReady" - } - ] - }, - { - "key": "enable_ocp_console" - }, - { - "key": "addons" - }, - { - "key": "manage_all_addons" - }, - { - "key": "additional_worker_pools", - "type": "array", - "custom_config": { - "type": "textarea", - "grouping": "deployment", - "original_grouping": "deployment" - } - }, - { - "key": "worker_pools_taints", - "type": "array", - "custom_config": { - "type": "textarea", - "grouping": "deployment", - "original_grouping": "deployment" - } - }, - { - "key": "ignore_worker_pool_size_changes" - }, - { - "key": "allow_default_worker_pool_replacement" - }, - { - "key": "default_worker_pool_labels" - }, - { - "key": "enable_autoscaling_for_default_pool" - }, - { - "key": "default_pool_minimum_number_of_nodes" - }, - { - "key": "default_pool_maximum_number_of_nodes" - }, - { - "key": "additional_security_group_ids" - }, - { - "key": "existing_subnet_ids" - }, - { - "key": "use_private_endpoint" - }, - { - "key": "cluster_config_endpoint_type", - "options": [ - { - "displayname": "default", - "value": "default" - }, - { - "displayname": "private", - "value": "private" - }, - { - "displayname": "vpe", - "value": "vpe" - }, - { - "displayname": "link", - "value": "link" - } - ] + "key": "disable_public_endpoint" }, { "key": "disable_outbound_traffic_protection" - }, - { - "key": "verify_worker_network_readiness" - }, - { - "key": "pod_subnet_cidr" - }, - { - "key": "service_subnet_cidr" - }, - { - "key": "custom_security_group_ids" - }, - { - "key": "attach_ibm_managed_security_group" - }, - { - "key": "additional_lb_security_group_ids" - }, - { - "key": "number_of_lbs" - }, - { - "key": "additional_vpe_security_group_ids" - }, - { - "key": "ibmcloud_kms_api_key" - }, - { - "key": "kms_encryption_enabled_cluster" - }, - { - "key": "existing_kms_instance_crn" - }, - { - "key": "existing_cluster_kms_key_crn" - }, - { - "key": "kms_endpoint_type", - "options": [ - { - "displayname": "Public", - "value": "public" - }, - { - "displayname": "Private", - "value": "private" - } - ], - "hidden": true - }, - { - "key": "cluster_kms_key_name" - }, - { - "key": "cluster_kms_key_ring_name" - }, - { - "key": "kms_encryption_enabled_boot_volume" - }, - { - "key": "existing_boot_volume_kms_key_crn" - }, - { - "key": "boot_volume_kms_key_name" - }, - { - "key": "boot_volume_kms_key_ring_name" - }, - { - "key": "cbr_rules", - "display_name": "openshift_cluster_cbr_rules", - "type": "array", - "custom_config": { - "type": "textarea", - "grouping": "deployment", - "original_grouping": "deployment" - } - }, - { - "key": "enable_secrets_manager_integration" - }, - { - "key": "existing_secrets_manager_instance_crn" - }, - { - "key": "secrets_manager_secret_group_id" - }, - { - "key": "secrets_manager_endpoint_type", - "hidden": true - }, - { - "key": "secrets_manager_service_plan", - "required": true, - "virtual": true, - "type": "string", - "options": [ - { - "displayname": "Standard", - "value": "standard" - }, - { - "displayname": "Trial", - "value": "trial" - } - ], - "default_value": "__NOT_SET__", - "description": "The pricing plan to use when provisioning a Secrets Manager instance. Possible values: `standard`, `trial`. You can create only one Trial instance of Secrets Manager per account. Before you can create a new Trial instance, you must delete the existing Trial instance and its reclamation. [Learn more](https://cloud.ibm.com/docs/secrets-manager?topic=secrets-manager-create-instance&interface=ui#upgrade-instance-standard)." - }, - { - "key": "skip_ocp_secrets_manager_iam_auth_policy" - }, - { - "key": "subnets", - "type": "object", - "default_value": "{\n zone-1 = [\n {\n name = \"subnet-a\"\n cidr = \"10.10.10.0/24\"\n public_gateway = true\n acl_name = \"vpc-acl\"\n no_addr_prefix = false\n }\n ],\n zone-2 = [\n {\n name = \"subnet-b\"\n cidr = \"10.20.10.0/24\"\n public_gateway = false\n acl_name = \"vpc-acl\"\n no_addr_prefix = false\n }\n ],\n zone-3 = [\n {\n name = \"subnet-c\"\n cidr = \"10.30.10.0/24\"\n public_gateway = false\n acl_name = \"vpc-acl\"\n no_addr_prefix = false\n }\n ]\n }", - "description": "List of subnets for the vpc. For each item in each array, a subnet will be created. Items can be either CIDR blocks or total ipv4 addressess. Public gateways will be enabled only in zones where a gateway has been created. [Learn more](https://github.com/terraform-ibm-modules/terraform-ibm-landing-zone-vpc/blob/main/solutions/fully-configurable/DA-types.md#subnets-).", - "required": false, - "virtual": true - }, - { - "key": "network_acls", - "type": "list(object)", - "default_value": "[\n {\n name = \"vpc-acl\"\n add_ibm_cloud_internal_rules = true\n add_vpc_connectivity_rules = true\n prepend_ibm_rules = true\n rules = [\n {\n name = \"allow-all-443-inbound\"\n action = \"allow\"\n direction = \"inbound\"\n tcp = {\n port_min = 443\n port_max = 443\n }\n destination = \"0.0.0.0/0\"\n source = \"0.0.0.0/0\"\n },\n {\n name = \"allow-all-80-inbound\"\n action = \"allow\"\n direction = \"inbound\"\n tcp = {\n port_min = 80\n port_max = 80\n source_port_min = 80\n source_port_max = 80\n }\n destination = \"0.0.0.0/0\"\n source = \"0.0.0.0/0\"\n },\n {\n name = \"allow-all-ingress-inbound\"\n action = \"allow\"\n direction = \"inbound\"\n tcp = {\n source_port_min = 30000\n source_port_max = 32767\n }\n destination = \"0.0.0.0/0\"\n source = \"0.0.0.0/0\"\n },\n {\n name = \"allow-all-443-outbound\"\n action = \"allow\"\n direction = \"outbound\"\n tcp = {\n source_port_min = 443\n source_port_max = 443\n }\n destination = \"0.0.0.0/0\"\n source = \"0.0.0.0/0\"\n },\n {\n name = \"allow-all-80-outbound\"\n action = \"allow\"\n direction = \"outbound\"\n tcp = {\n source_port_min = 80\n source_port_max = 80\n port_min = 80\n port_max = 80\n }\n destination = \"0.0.0.0/0\"\n source = \"0.0.0.0/0\"\n },\n {\n name = \"allow-all-ingress-outbound\"\n action = \"allow\"\n direction = \"outbound\"\n tcp = {\n port_min = 30000\n port_max = 32767\n }\n destination = \"0.0.0.0/0\"\n source = \"0.0.0.0/0\"\n }\n ]\n }\n]", - "description": "The list of ACLs to create. Provide at least one rule for each ACL. [Learn more](https://github.com/terraform-ibm-modules/terraform-ibm-landing-zone-vpc/blob/main/solutions/fully-configurable/DA-types.md#network-acls-).", - "required": false, - "virtual": true, - "custom_config": { - "type": "textarea", - "grouping": "deployment", - "original_grouping": "deployment" - } - }, - { - "key": "provider_visibility", - "options": [ - { - "displayname": "private", - "value": "private" - }, - { - "displayname": "public", - "value": "public" - }, - { - "displayname": "public-and-private", - "value": "public-and-private" - } - ], - "hidden": true - }, - { - "key": "enable_kube_audit" - }, - { - "key": "audit_deployment_name" - }, - { - "key": "audit_log_policy", - "options": [ - { - "displayname": "Default", - "value": "default" - }, - { - "displayname": "Write Request Bodies", - "value": "WriteRequestBodies" - } - ] - }, - { - "key": "audit_namespace" - }, - { - "key": "audit_webhook_listener_image" - }, - { - "key": "audit_webhook_listener_image_tag_digest" } - ], - "dependencies": [ - { - "name": "deploy-arch-ibm-vpc", - "description": "Configure the VPC instance and subnets where the OpenShift cluster will be deployed. ", - "id": "2af61763-f8ef-4527-a815-b92166f29bc8-global", - "version": "v7.24.0", - "flavors": [ - "fully-configurable" - ], - "catalog_id": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3", - "optional": true, - "on_by_default": true, - "input_mapping": [ - { - "dependency_input": "prefix", - "version_input": "prefix", - "reference_version": true - }, - { - "dependency_input": "existing_resource_group_name", - "version_input": "existing_resource_group_name", - "reference_version": true - }, - { - "dependency_input": "region", - "version_input": "region", - "reference_version": true - }, - { - "dependency_output": "vpc_crn", - "version_input": "existing_vpc_crn" - }, - { - "dependency_input": "subnets", - "version_input": "subnets", - "reference_version": true - }, - { - "dependency_input": "network_acls", - "version_input": "network_acls", - "reference_version": true - } - ] - }, - { - "name": "deploy-arch-ibm-account-infra-base", - "description": "Cloud automation for Account Configuration organizes your IBM Cloud account with a ready-made set of resource groups by default and, when you enable the \"with Account Settings\" option, it also applies baseline security and governance settings. ", - "catalog_id": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3", - "flavors": [ - "resource-group-only", - "resource-groups-with-account-settings" - ], - "default_flavor": "resource-group-only", - "id": "63641cec-6093-4b4f-b7b0-98d2f4185cd6-global", - "input_mapping": [ - { - "dependency_output": "workload_resource_group_name", - "version_input": "existing_resource_group_name" - }, - { - "dependency_input": "prefix", - "version_input": "prefix", - "reference_version": true - } - ], - "optional": true, - "on_by_default": false, - "version": "v3.0.7" - }, - { - "name": "deploy-arch-ibm-kms", - "description": "Enable Cloud Automation for Key Protect when you want services to use your own managed encryption keys. If disabled, it will fall back on IBM Cloud's default service-managed encryption. ", - "id": "2cad4789-fa90-4886-9c9e-857081c273ee-global", - "version": "v5.1.4", - "flavors": [ - "fully-configurable" - ], - "catalog_id": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3", - "optional": true, - "on_by_default": true, - "input_mapping": [ - { - "version_input": "kms_encryption_enabled_cluster", - "value": true - }, - { - "dependency_output": "kms_instance_crn", - "version_input": "existing_kms_instance_crn" - }, - { - "dependency_input": "existing_resource_group_name", - "version_input": "existing_resource_group_name", - "reference_version": true - }, - { - "dependency_input": "prefix", - "version_input": "prefix", - "reference_version": true - } - ] - }, - { - "name": "deploy-arch-ibm-cos", - "description": "Set up a Cloud Object Storage (COS) instance, where an object storage bucket will be created and used as the internal registry storage for OpenShift cluster. ", - "id": "68921490-2778-4930-ac6d-bae7be6cd958-global", - "version": "v9.0.2", - "flavors": [ - "instance" - ], - "catalog_id": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3", - "optional": true, - "on_by_default": true, - "input_mapping": [ - { - "dependency_output": "cos_instance_crn", - "version_input": "existing_cos_instance_crn" - }, - { - "dependency_input": "prefix", - "version_input": "prefix", - "reference_version": true - }, - { - "dependency_input": "existing_resource_group_name", - "version_input": "existing_resource_group_name", - "reference_version": true - } - ] - }, - { - "name": "deploy-arch-ibm-observability", - "description": "Configure IBM Cloud Logs, Cloud Monitoring and Activity Tracker event routing for analysing logs and metrics generated by the OpenShift cluster. ", - "id": "a3137d28-79e0-479d-8a24-758ebd5a0eab-global", - "version": "v3.0.3", - "flavors": [ - "instances" - ], - "catalog_id": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3", - "optional": true, - "on_by_default": true, - "input_mapping": [ - { - "dependency_input": "prefix", - "version_input": "prefix", - "reference_version": true - }, - { - "dependency_input": "enable_platform_metrics", - "version_input": "enable_platform_metrics", - "reference_version": true - }, - { - "dependency_input": "logs_routing_tenant_regions", - "version_input": "logs_routing_tenant_regions", - "reference_version": true - } - ] - }, - { - "name": "deploy-arch-ibm-secrets-manager", - "description": "Configure Secrets Manager instance for centrally managing Ingress subdomain certificates and other secrets. ", - "id": "6d6ebc76-7bbd-42f5-8bc7-78f4fabd5944-global", - "version": "v2.4.0", - "flavors": [ - "fully-configurable" - ], - "catalog_id": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3", - "optional": true, - "on_by_default": true, - "input_mapping": [ - { - "dependency_input": "prefix", - "version_input": "prefix", - "reference_version": true - }, - { - "dependency_input": "service_plan", - "version_input": "secrets_manager_service_plan", - "reference_version": true - }, - { - "dependency_input": "secrets_manager_endpoint_type", - "version_input": "secrets_manager_endpoint_type", - "reference_version": true - }, - { - "dependency_input": "existing_resource_group_name", - "version_input": "existing_resource_group_name", - "reference_version": true - }, - { - "dependency_output": "secrets_manager_crn", - "version_input": "existing_secrets_manager_instance_crn" - }, - { - "version_input": "enable_secrets_manager_integration", - "value": true - } - ] - } - ], - "dependency_version_2": true, - "terraform_version": "1.10.5" + ] } ] } diff --git a/reference-architecture/deployable-architecture-ocp-cluster-qs.svg b/reference-architecture/deployable-architecture-ocp-cluster-qs.svg new file mode 100644 index 00000000..fdbad4f2 --- /dev/null +++ b/reference-architecture/deployable-architecture-ocp-cluster-qs.svg @@ -0,0 +1,4 @@ + + + +
ACL
locked
IBM Cloud
Region
Resource GroupVPC
Worker node
Openshift
Zone 3
Zone 2
Zone 1
Subnet
Worker Node
Worker Pool
Registry Bucket
           Cloud Object Storage 
 \ No newline at end of file diff --git a/solutions/quickstart/DA_docs.md b/solutions/quickstart/DA_docs.md new file mode 100644 index 00000000..b310b658 --- /dev/null +++ b/solutions/quickstart/DA_docs.md @@ -0,0 +1,12 @@ +# Cluster Size Configuration + +This document describes the cluster size options and their configuration details. This table determines the number of availability zones, worker nodes per zone, and the machine type used for the OpenShift cluster. + +## Cluster Table + +| Size | Number of Worker Nodes per zone | Total Number of Worker Nodes | Zones | vCPU per Node | Memory per Node (GB) | Disk per Node (GB) | Worker Node Flavor Name | HA Level | Notes | +|--------------|------------------------|------------------------------|--------|----------------|------------------------|----------------------|--------------------------|---------------------|--------------------------------------------------------| +| Mini | 1 | 2 | 2 | 4 | 16 | 100 | bx2.4x16 | Moderate (Basic) | Smallest possible; basic HA across 2 zones | +| Small | 1 | 3 | 3 | 8 | 32 | 200 | bx2.8x32 | High | Entry-level production HA | +| Medium | 2 | 6 | 3 | 8 | 32 | 200 | bx2.8x32 | High | Moderate workloads, better HA | +| Large | 3 | 9 | 3 | 16 | 64 | 400 | bx2.16x64 | High | Large-scale, robust HA | diff --git a/solutions/quickstart/README.md b/solutions/quickstart/README.md new file mode 100644 index 00000000..805492c0 --- /dev/null +++ b/solutions/quickstart/README.md @@ -0,0 +1,3 @@ +# Cloud automation for Red Hat OpenShift Container Platform on VPC (QuickStart) + +:exclamation: **Important:** This solution is not intended to be called by other modules because it contains a provider configuration and is not compatible with the `for_each`, `count`, and `depends_on` arguments. For more information, see [Providers Within Modules](https://developer.hashicorp.com/terraform/language/modules/develop/providers). diff --git a/solutions/quickstart/catalogValidationValues.json.template b/solutions/quickstart/catalogValidationValues.json.template new file mode 100644 index 00000000..d8e67ee3 --- /dev/null +++ b/solutions/quickstart/catalogValidationValues.json.template @@ -0,0 +1,6 @@ +{ + "ibmcloud_api_key": $VALIDATION_APIKEY, + "prefix": $PREFIX, + "size": "mini", + "existing_resource_group_name": "Default" +} diff --git a/solutions/quickstart/main.tf b/solutions/quickstart/main.tf new file mode 100644 index 00000000..745cde88 --- /dev/null +++ b/solutions/quickstart/main.tf @@ -0,0 +1,148 @@ +####################################################################################################################### +# Resource Group +####################################################################################################################### +module "resource_group" { + source = "terraform-ibm-modules/resource-group/ibm" + version = "1.3.0" + existing_resource_group_name = var.existing_resource_group_name +} + +locals { + prefix = var.prefix != null ? trimspace(var.prefix) != "" ? "${var.prefix}-" : "" : "" + cluster_name = "${local.prefix}${var.cluster_name}" +} + +######################################################################################################################## +# VPC + Subnet + Public Gateway +######################################################################################################################## +locals { + octets = split(".", split("/", var.address_prefix)[0]) + mask = split("/", var.address_prefix)[1] + + subnets = { + for count in range(1, 4) : + "zone-${count}" => count <= local.selected.zones ? [ + { + name = "${local.prefix}subnet-${count}" + cidr = format( + "%d.%d.%d.0/%s", + tonumber(local.octets[0]), + tonumber(local.octets[1]) + (count - 1) * 10, + tonumber(local.octets[2]), + local.mask + ) + public_gateway = true + acl_name = "${var.prefix}-acl" + } + ] : [] + } + + public_gateway = { + for count in range(1, 4) : + "zone-${count}" => count <= local.selected.zones + } + + network_acl = { + name = "${local.prefix}acl" + add_ibm_cloud_internal_rules = true + add_vpc_connectivity_rules = true + prepend_ibm_rules = true + rules = [{ + name = "${local.prefix}inbound" + action = "allow" + source = "0.0.0.0/0" + destination = "0.0.0.0/0" + direction = "inbound" + }, + { + name = "${local.prefix}outbound" + action = "allow" + source = "0.0.0.0/0" + destination = "0.0.0.0/0" + direction = "outbound" + } + ] + } +} + +module "vpc" { + source = "terraform-ibm-modules/landing-zone-vpc/ibm" + version = "7.25.10" + resource_group_id = module.resource_group.resource_group_id + region = var.region + name = "vpc" + prefix = var.prefix + subnets = local.subnets + network_acls = [local.network_acl] + use_public_gateways = local.public_gateway +} + +locals { + size_config = { + mini = { + flavor = "bx2.4x16" + workers_per_zone = 1 + zones = 2 + + } + small = { + flavor = "bx2.8x32" + workers_per_zone = 1 + zones = 3 + } + medium = { + flavor = "bx2.8x32" + workers_per_zone = 2 + zones = 3 + } + large = { + flavor = "bx2.16x64" + workers_per_zone = 3 + zones = 3 + } + } + + selected = lookup(local.size_config, var.size, local.size_config[var.size]) + + # Build the vpc_subnets for default pool + cluster_vpc_subnets = { + default = [ + for i in range(local.selected.zones) : { + id = module.vpc.subnet_zone_list[i].id + cidr_block = module.vpc.subnet_zone_list[i].cidr + zone = module.vpc.subnet_zone_list[i].zone + } + ] + } + + worker_pools = [ + { + pool_name = "default" + machine_type = local.selected.flavor + operating_system = var.default_worker_pool_operating_system + workers_per_zone = local.selected.workers_per_zone + vpc_subnets = local.cluster_vpc_subnets["default"] + + } + ] +} + +######################################################################################################################## +# OCP VPC cluster (single zone) +######################################################################################################################## +module "ocp_base" { + source = "../.." + cluster_name = local.cluster_name + resource_group_id = module.resource_group.resource_group_id + region = var.region + ocp_version = var.ocp_version + ocp_entitlement = var.ocp_entitlement + vpc_id = module.vpc.vpc_id + vpc_subnets = local.cluster_vpc_subnets + worker_pools = local.worker_pools + disable_outbound_traffic_protection = var.disable_outbound_traffic_protection + access_tags = var.access_tags + disable_public_endpoint = var.disable_public_endpoint + use_private_endpoint = true + cluster_config_endpoint_type = "default" +} diff --git a/solutions/quickstart/outputs.tf b/solutions/quickstart/outputs.tf new file mode 100644 index 00000000..1bf93ced --- /dev/null +++ b/solutions/quickstart/outputs.tf @@ -0,0 +1,58 @@ +######################################################################################################################## +# Outputs +######################################################################################################################## + +output "cluster_name" { + value = module.ocp_base.cluster_name + description = "The name of the provisioned OpenShift cluster." +} + +output "cluster_id" { + value = module.ocp_base.cluster_id + description = "The unique identifier assigned to the provisioned OpenShift cluster." +} + +output "cluster_crn" { + description = "The Cloud Resource Name (CRN) of the provisioned OpenShift cluster." + value = module.ocp_base.cluster_crn +} + +output "vpc_name" { + description = "The name of the Virtual Private Cloud (VPC) in which the cluster is deployed." + value = module.vpc.vpc_name +} + +output "vpc_id" { + description = "The ID of the Virtual Private Cloud (VPC) in which the cluster is deployed." + value = module.ocp_base.vpc_id +} + +output "region" { + description = "The IBM Cloud region where the cluster is deployed." + value = module.ocp_base.region +} + +output "cos_crn" { + description = "The Cloud Resource Name (CRN) of the Object Storage instance associated with the cluster." + value = module.ocp_base.cos_crn +} + +output "resource_group_id" { + description = "The ID of the resource group where the cluster is deployed." + value = module.ocp_base.resource_group_id +} + +output "public_service_endpoint_url" { + description = "The public service endpoint URL for accessing the cluster over the internet." + value = module.ocp_base.public_service_endpoint_url +} + +output "master_url" { + description = "The API endpoint URL for the Kubernetes master node of the cluster." + value = module.ocp_base.master_url +} + +output "master_status" { + description = "The current status of the Kubernetes master node in the cluster." + value = module.ocp_base.master_status +} diff --git a/solutions/quickstart/provider.tf b/solutions/quickstart/provider.tf new file mode 100644 index 00000000..146dea97 --- /dev/null +++ b/solutions/quickstart/provider.tf @@ -0,0 +1,6 @@ +provider "ibm" { + ibmcloud_api_key = var.ibmcloud_api_key + region = var.region + visibility = var.provider_visibility + private_endpoint_type = (var.provider_visibility == "private" && var.region == "ca-mon") ? "vpe" : null +} diff --git a/solutions/quickstart/variables.tf b/solutions/quickstart/variables.tf new file mode 100644 index 00000000..558c4fca --- /dev/null +++ b/solutions/quickstart/variables.tf @@ -0,0 +1,104 @@ + +variable "ibmcloud_api_key" { + type = string + description = "The IBM Cloud API key." + sensitive = true +} + +variable "existing_resource_group_name" { + type = string + description = "The name of an existing resource group to provision the resources. If not provided the default resource group will be used." + default = null +} + +variable "provider_visibility" { + description = "Set the visibility value for the IBM terraform provider. [Learn more](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/guides/custom-service-endpoints)." + type = string + default = "private" + + validation { + condition = contains(["public", "private", "public-and-private"], var.provider_visibility) + error_message = "Invalid visibility option. Allowed values are 'public', 'private', or 'public-and-private'." + } +} + +variable "prefix" { + type = string + description = "The prefix to be added to all resources created by this solution. To skip using a prefix, set this value to null or an empty string. The prefix must begin with a lowercase letter and may contain only lowercase letters, digits, and hyphens '-'. It should not exceed 16 characters, must not end with a hyphen('-'), and cannot contain consecutive hyphens ('--'). Example: `prod-0205-ocpqs`. [Learn more](https://terraform-ibm-modules.github.io/documentation/#/prefix.md)." + nullable = true + validation { + condition = (var.prefix == null || var.prefix == "" ? true : + alltrue([ + can(regex("^[a-z][-a-z0-9]*[a-z0-9]$", var.prefix)), + length(regexall("--", var.prefix)) == 0 + ]) + ) + error_message = "Prefix must begin with a lowercase letter and may contain only lowercase letters, digits, and hyphens '-'. It must not end with a hyphen('-'), and cannot contain consecutive hyphens ('--')." + } + validation { + condition = var.prefix == null || var.prefix == "" ? true : length(var.prefix) <= 16 + error_message = "Prefix must not exceed 16 characters." + } +} + +variable "region" { + type = string + description = "Region in which all the resources will be deployed. [Learn More](https://terraform-ibm-modules.github.io/documentation/#/region)." + default = "us-south" +} + +variable "ocp_version" { + type = string + description = "Version of the OpenShift cluster to provision." + default = null +} + +variable "cluster_name" { + type = string + description = "The name of the new IBM Cloud OpenShift Cluster. If a `prefix` input variable is specified, it is added to this name in the `-value` format." + default = "openshift-qs" +} + + +variable "address_prefix" { + description = "The IP range that defines a certain location for the VPC. Use only with manual address prefixes." + type = string + default = "10.10.10.0/24" +} + +variable "ocp_entitlement" { + type = string + description = "Value that is applied to the entitlements for OCP cluster provisioning." + default = null +} + + +variable "default_worker_pool_operating_system" { + type = string + description = "The operating system installed on the worker nodes. [Learn more](https://cloud.ibm.com/docs/openshift?topic=openshift-vpc-flavors)." + default = "RHEL_9_64" +} + +variable "access_tags" { + type = list(string) + description = "A list of access tags to apply to the resources created by the module." + default = [] +} + +variable "size" { + type = string + description = "Defines the cluster size configuration. [Learn more](https://github.com/terraform-ibm-modules/terraform-ibm-base-ocp-vpc/blob/main/solutions/quickstart/DA_docs.md)." + default = "mini" +} + +variable "disable_public_endpoint" { + type = bool + description = "Disables the public endpoint, which allows internet access to the cluster, during creation only." + default = false +} + +variable "disable_outbound_traffic_protection" { + type = bool + description = "Whether to allow public outbound access from the cluster workers. This is only applicable for OCP 4.15 and later. [Learn more](https://cloud.ibm.com/docs/openshift?topic=openshift-sbd-allow-outbound)." + default = true +} diff --git a/solutions/quickstart/version.tf b/solutions/quickstart/version.tf new file mode 100644 index 00000000..deba0ac1 --- /dev/null +++ b/solutions/quickstart/version.tf @@ -0,0 +1,11 @@ +terraform { + required_version = ">=1.9.0" + + # Lock DA into an exact provider version - renovate automation will keep it updated + required_providers { + ibm = { + source = "IBM-Cloud/ibm" + version = "1.80.3" + } + } +} diff --git a/tests/other_test.go b/tests/other_test.go index 29f70bb9..7431e22f 100644 --- a/tests/other_test.go +++ b/tests/other_test.go @@ -10,7 +10,6 @@ import ( "github.com/terraform-ibm-modules/ibmcloud-terratest-wrapper/testschematic" ) -const resourceGroup = "geretain-test-base-ocp-vpc" const advancedExampleDir = "examples/advanced" const basicExampleDir = "examples/basic" const fscloudExampleDir = "examples/fscloud" diff --git a/tests/pr_test.go b/tests/pr_test.go index e547dd32..907aba76 100644 --- a/tests/pr_test.go +++ b/tests/pr_test.go @@ -23,6 +23,8 @@ import ( const fullyConfigurableTerraformDir = "solutions/fully-configurable" const customsgExampleDir = "examples/custom_sg" +const quickStartTerraformDir = "solutions/quickstart" +const resourceGroup = "geretain-test-base-ocp-vpc" // Define a struct with fields that match the structure of the YAML data const yamlLocation = "../common-dev-assets/common-go-assets/common-permanent-resources.yaml" @@ -83,6 +85,34 @@ func setupTerraform(t *testing.T, prefix, realTerraformDir string) *terraform.Op return existingTerraformOptions } +func setupQuickstartOptions(t *testing.T, prefix string) *testschematic.TestSchematicOptions { + apiKey := validateEnvVariable(t, "TF_VAR_ibmcloud_api_key") + region, err := testhelper.GetBestVpcRegion(apiKey, "../common-dev-assets/common-go-assets/cloudinfo-region-vpc-gen2-prefs.yaml", "eu-de") + require.NoError(t, err, "Failed to get best VPC region") + options := testschematic.TestSchematicOptionsDefault(&testschematic.TestSchematicOptions{ + Testing: t, + Prefix: prefix, + ResourceGroup: resourceGroup, + Region: region, + TarIncludePatterns: []string{ + "*.tf", + quickStartTerraformDir + "/*.tf", "scripts/*.sh", "kubeconfig/README.md", + }, + TemplateFolder: quickStartTerraformDir, + Tags: []string{"test-schematic"}, + DeleteWorkspaceOnFail: false, + WaitJobCompleteMinutes: 360, + }) + options.TerraformVars = []testschematic.TestSchematicTerraformVar{ + {Name: "ibmcloud_api_key", Value: options.RequiredEnvironmentVars["TF_VAR_ibmcloud_api_key"], DataType: "string", Secure: true}, + {Name: "prefix", Value: options.Prefix, DataType: "string"}, + {Name: "region", Value: region, DataType: "string"}, + {Name: "existing_resource_group_name", Value: resourceGroup, DataType: "string"}, + {Name: "size", Value: "mini", DataType: "string"}, + {Name: "ocp_entitlement", Value: "cloud_pak", DataType: "string"}, + } + return options +} func cleanupTerraform(t *testing.T, options *terraform.Options, prefix string) { if t.Failed() && strings.ToLower(os.Getenv("DO_NOT_DESTROY_ON_FAILURE")) == "true" { @@ -192,3 +222,25 @@ func TestRunCustomsgExample(t *testing.T) { assert.Nil(t, err, "This should not have errored") assert.NotNil(t, output, "Expected some output") } + +/******************************************************************* +* TESTS FOR THE TERRAFORM BASED QUICKSTART DEPLOYABLE ARCHITECTURE * +********************************************************************/ +func TestRunQuickstartSchematics(t *testing.T) { + t.Parallel() + + options := setupQuickstartOptions(t, "ocp-qs") + err := options.RunSchematicTest() + assert.Nil(t, err, "This should not have errored") +} + +// Upgrade test for the Quickstart DA +func TestRunQuickstartUpgradeSchematics(t *testing.T) { + t.Parallel() + + options := setupQuickstartOptions(t, "ocp-qs-upg") + err := options.RunSchematicUpgradeTest() + if !options.UpgradeTestSkipped { + assert.Nil(t, err, "This should not have errored") + } +} From d1a8cff0bc1ac3fa7bc719e757b8cef92d1a8c5b Mon Sep 17 00:00:00 2001 From: Aditya-ranjan-16 Date: Fri, 8 Aug 2025 13:05:17 +0530 Subject: [PATCH 17/40] fix --- .catalog-onboard-pipeline.yaml | 1 + ibm_catalog.json | 16 ++++++++++++++-- 2 files changed, 15 insertions(+), 2 deletions(-) diff --git a/.catalog-onboard-pipeline.yaml b/.catalog-onboard-pipeline.yaml index 90065326..46cb40d9 100644 --- a/.catalog-onboard-pipeline.yaml +++ b/.catalog-onboard-pipeline.yaml @@ -5,6 +5,7 @@ offerings: kind: solution catalog_id: 7df1e4ca-d54c-4fd0-82ce-3d13247308cd offering_id: 95fccffc-ae3b-42df-b6d9-80be5914d852 + include_git_submodules: true variations: - name: fully-configurable mark_ready: false diff --git a/ibm_catalog.json b/ibm_catalog.json index fddd937f..5029d571 100644 --- a/ibm_catalog.json +++ b/ibm_catalog.json @@ -1068,8 +1068,20 @@ "architecture": { "features": [ { - "title": " ", - "description": "Configures QuickStart deployment of a Red Hat OpenShift cluster within an IBM Cloud VPC with limited options." + "description": " ", + "title": "Enables rapid deployment of Red Hat OpenShift on IBM Cloud" + }, + { + "description": " ", + "title": "Leverages IBM Cloud Virtual Private Cloud (VPC) " + }, + { + "description": " ", + "title": "Reduces failure by using multizone regions" + }, + { + "description": " ", + "title": "Automatically provisions an OpenShift cluster within the VPC" } ], "diagrams": [ From 7a9f77c5e40342a059b0ef2825ee18d7651454b3 Mon Sep 17 00:00:00 2001 From: Aditya Ranjan <48973656+Aditya-ranjan-16@users.noreply.github.com> Date: Fri, 8 Aug 2025 13:13:52 +0530 Subject: [PATCH 18/40] Update ibm_catalog.json Co-authored-by: Shikha Maheshwari --- ibm_catalog.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ibm_catalog.json b/ibm_catalog.json index 5029d571..ed01ae2c 100644 --- a/ibm_catalog.json +++ b/ibm_catalog.json @@ -23,7 +23,7 @@ "OCP" ], "short_description": "Creates Red Hat OpenShift workload clusters on IBM Cloud within a secure VPC network, with optional integration of security and logging services", - "long_description": "The Red Hat OpenShift Container Platform on VPC landing zone provides the tools to deploy a Red Hat OpenShift Container Platform cluster within a single Virtual Private Cloud (VPC) network, enabling a scalable and flexible cloud environment for containerized applications with seamless integration to security and observability services. The VPC is implemented as a multi-zone, multi-subnet architecture, ensuring that your environment remains secure and highly available.", + "long_description": "The Red Hat OpenShift Container Platform on VPC landing zone provides the tools to deploy a Red Hat OpenShift Container Platform cluster within an IBM Cloud Virtual Private Cloud (VPC), enabling a scalable and flexible cloud environment for containerized applications with seamless integration to security and observability services. The VPC is implemented as a multi-zone, multi-subnet architecture, ensuring that your environment remains secure and highly available.", "offering_docs_url": "https://cloud.ibm.com/docs/secure-infrastructure-vpc?topic=secure-infrastructure-vpc-overview#overview-ocp", "offering_icon_url": "https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-landing-zone/main/.docs/images/deploy-arch-slz-ocp-lt.svg", "provider_name": "IBM", From 5e2bccad99f5113311f4836b643a8db39a832e2c Mon Sep 17 00:00:00 2001 From: Aditya-ranjan-16 Date: Fri, 8 Aug 2025 13:17:54 +0530 Subject: [PATCH 19/40] fix --- .catalog-onboard-pipeline.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.catalog-onboard-pipeline.yaml b/.catalog-onboard-pipeline.yaml index 46cb40d9..1cf16325 100644 --- a/.catalog-onboard-pipeline.yaml +++ b/.catalog-onboard-pipeline.yaml @@ -8,7 +8,7 @@ offerings: include_git_submodules: true variations: - name: fully-configurable - mark_ready: false + mark_ready: true install_type: fullstack pre_validation: "tests/scripts/pre-validation-deploy-cos-instance-and-vpc.sh" post_validation: "tests/scripts/post-validation-destroy-cos-instance-and-vpc.sh" From 33e710dce4dae178c6ab623cc96c7f0a04f7efe1 Mon Sep 17 00:00:00 2001 From: Aditya-ranjan-16 Date: Fri, 8 Aug 2025 13:55:13 +0530 Subject: [PATCH 20/40] catalog update --- ibm_catalog.json | 1 - 1 file changed, 1 deletion(-) diff --git a/ibm_catalog.json b/ibm_catalog.json index ed01ae2c..e1074699 100644 --- a/ibm_catalog.json +++ b/ibm_catalog.json @@ -69,7 +69,6 @@ "description": "Deploys the Kube Audit solution to monitor and log Kubernetes API server activity. It captures events such as user actions, configuration changes, and access attempts, helping meet security and compliance requirements through centralized [audit logging](https://cloud.ibm.com/docs/containers?topic=containers-health-audit#audit-api-server)." } ], - "support_details": "This product is in the community registry, as such support is handled through the originated repo. If you experience issues, please open an issue in the repository [here](https://github.com/terraform-ibm-modules/terraform-ibm-base-ocp-vpc/issues). Please note this product is not supported via the IBM Cloud Support Center.", "flavors": [ { "label": "[Experimental] Fully configurable", From 72ecdd9bf5caf3172d5d2b81252aa771a4ed0244 Mon Sep 17 00:00:00 2001 From: Aditya-ranjan-16 Date: Fri, 8 Aug 2025 15:06:42 +0530 Subject: [PATCH 21/40] fix --- .catalog-onboard-pipeline.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.catalog-onboard-pipeline.yaml b/.catalog-onboard-pipeline.yaml index 1cf16325..d8d05932 100644 --- a/.catalog-onboard-pipeline.yaml +++ b/.catalog-onboard-pipeline.yaml @@ -8,7 +8,7 @@ offerings: include_git_submodules: true variations: - name: fully-configurable - mark_ready: true + mark_ready: false install_type: fullstack pre_validation: "tests/scripts/pre-validation-deploy-cos-instance-and-vpc.sh" post_validation: "tests/scripts/post-validation-destroy-cos-instance-and-vpc.sh" @@ -17,5 +17,5 @@ offerings: region: us-south scope_resource_group_var_name: existing_resource_group_name - name: quickstart - mark_ready: true + mark_ready: false install_type: fullstack From eaeaa8d52af8b91afbabc26ed1b68e9fed4effe8 Mon Sep 17 00:00:00 2001 From: Aditya-ranjan-16 Date: Fri, 8 Aug 2025 16:02:43 +0530 Subject: [PATCH 22/40] fix --- ibm_catalog.json | 12 ++---------- 1 file changed, 2 insertions(+), 10 deletions(-) diff --git a/ibm_catalog.json b/ibm_catalog.json index e1074699..76d32a3f 100644 --- a/ibm_catalog.json +++ b/ibm_catalog.json @@ -1068,19 +1068,11 @@ "features": [ { "description": " ", - "title": "Enables rapid deployment of Red Hat OpenShift on IBM Cloud" + "title": "Configures OpenShift cluster with a single worker pool distributed across zones on a VPC based on the predefined configuration." }, { "description": " ", - "title": "Leverages IBM Cloud Virtual Private Cloud (VPC) " - }, - { - "description": " ", - "title": "Reduces failure by using multizone regions" - }, - { - "description": " ", - "title": "Automatically provisions an OpenShift cluster within the VPC" + "title": "Provides predefined cluster size configuration." } ], "diagrams": [ From df58fde86c42a49f865ea80395bf35683409ecc7 Mon Sep 17 00:00:00 2001 From: Aditya-ranjan-16 Date: Tue, 12 Aug 2025 17:26:53 +0530 Subject: [PATCH 23/40] fix --- ibm_catalog.json | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/ibm_catalog.json b/ibm_catalog.json index 76d9bae4..5872ffc1 100644 --- a/ibm_catalog.json +++ b/ibm_catalog.json @@ -177,11 +177,15 @@ "features": [ { "description": " ", - "title": "One VPC with three zone subnets" + "title": "One VPC with three zone subnets as a default" }, { "description": " ", - "title": "Configures OCP cluster with a single worker pool distributed across all three zones, with two worker nodes per zone " + "title": "Configures OpenShift cluster with a single worker pool distributed across all three zones, with two worker nodes per zone" + }, + { + "description": " ", + "title": "Follow IBM secure-by-default standards, but can be customised to fit your use case" } ], "diagrams": [ @@ -1068,7 +1072,11 @@ "features": [ { "description": " ", - "title": "Configures OpenShift cluster with a single worker pool distributed across zones on a VPC based on the predefined configuration." + "title": "One VPC with two zone subnets as a default" + }, + { + "description": " ", + "title": "Configures OpenShift cluster with a single worker pool distributed across zones on a predefined configuration." }, { "description": " ", From 09973828729512000f976d003cf54a078528c6d3 Mon Sep 17 00:00:00 2001 From: Aditya-ranjan-16 Date: Mon, 18 Aug 2025 17:52:17 +0530 Subject: [PATCH 24/40] fix --- ibm_catalog.json | 30 +++++++----------------------- 1 file changed, 7 insertions(+), 23 deletions(-) diff --git a/ibm_catalog.json b/ibm_catalog.json index 5872ffc1..97c2e34c 100644 --- a/ibm_catalog.json +++ b/ibm_catalog.json @@ -23,7 +23,7 @@ "OCP" ], "short_description": "Creates Red Hat OpenShift workload clusters on IBM Cloud within a secure VPC network, with optional integration of security and logging services", - "long_description": "The Red Hat OpenShift Container Platform on VPC landing zone provides the tools to deploy a Red Hat OpenShift Container Platform cluster within an IBM Cloud Virtual Private Cloud (VPC), enabling a scalable and flexible cloud environment for containerized applications with seamless integration to security and observability services. The VPC is implemented as a multi-zone, multi-subnet architecture, ensuring that your environment remains secure and highly available.", + "long_description": "This Deployable Architecture deploys a Red Hat OpenShift Container Platform cluster on Virtual Private Cloud (VPC), enabling a scalable and flexible cloud environment for containerized applications with seamless integration to security and observability services. The VPC is implemented as a multi-zone, multi-subnet architecture, ensuring that your environment remains secure and highly available.", "offering_docs_url": "https://cloud.ibm.com/docs/secure-infrastructure-vpc?topic=secure-infrastructure-vpc-overview#overview-ocp", "offering_icon_url": "https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-landing-zone/main/.docs/images/deploy-arch-slz-ocp-lt.svg", "provider_name": "IBM", @@ -33,11 +33,11 @@ "description": "Creates a [Red Hat OpenShift Cluster](https://cloud.ibm.com/docs/openshift) on IBM Cloud that helps businesses manage their containerized applications at scale with added enterprise features such as security, scalability, and automation." }, { - "description": "Configures worker pools in cluster through which you can group and manage [worker nodes](https://cloud.ibm.com/docs/openshift?topic=openshift-add-workers-vpc) of similar configurations, such as compute resources and availability zones.\n", + "description": "Configures worker pools in cluster through which you can group and manage [worker nodes](https://cloud.ibm.com/docs/openshift?topic=openshift-add-workers-vpc) of similar configurations, such as compute resources and availability zones.", "title": "Worker pools" }, { - "description": "Configures the [subnets](https://cloud.ibm.com/docs/openshift?topic=openshift-vpc-subnets&interface=ui#vpc_basics_subnets) for the cluster, and specifies the subnets to deploy the worker nodes in.\n", + "description": "Configures the [subnets](https://cloud.ibm.com/docs/openshift?topic=openshift-vpc-subnets&interface=ui#vpc_basics_subnets) for the cluster, and specifies the subnets to deploy the worker nodes in.", "title": "Subnets" }, { @@ -176,16 +176,8 @@ "architecture": { "features": [ { - "description": " ", - "title": "One VPC with three zone subnets as a default" - }, - { - "description": " ", - "title": "Configures OpenShift cluster with a single worker pool distributed across all three zones, with two worker nodes per zone" - }, - { - "description": " ", - "title": "Follow IBM secure-by-default standards, but can be customised to fit your use case" + "title": " ", + "description": "Configured to use IBM secure by default standards, but can be edited to fit your use case." } ], "diagrams": [ @@ -1071,16 +1063,8 @@ "architecture": { "features": [ { - "description": " ", - "title": "One VPC with two zone subnets as a default" - }, - { - "description": " ", - "title": "Configures OpenShift cluster with a single worker pool distributed across zones on a predefined configuration." - }, - { - "description": " ", - "title": "Provides predefined cluster size configuration." + "title": " ", + "description": "Configures QuickStart deployment of a Red Hat OpenShift cluster within an IBM Cloud VPC with limited options." } ], "diagrams": [ From c1cc3c0c00d3fa2bde204f28d91b434d0f5d45af Mon Sep 17 00:00:00 2001 From: Aditya-ranjan-16 Date: Tue, 19 Aug 2025 23:14:51 +0530 Subject: [PATCH 25/40] fix: addresed comments --- ibm_catalog.json | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/ibm_catalog.json b/ibm_catalog.json index 97c2e34c..a573e1f5 100644 --- a/ibm_catalog.json +++ b/ibm_catalog.json @@ -10,7 +10,8 @@ "target_terraform", "terraform", "reference_architecture", - "solution" + "solution", + "redhat" ], "keywords": [ "vpc", @@ -23,7 +24,7 @@ "OCP" ], "short_description": "Creates Red Hat OpenShift workload clusters on IBM Cloud within a secure VPC network, with optional integration of security and logging services", - "long_description": "This Deployable Architecture deploys a Red Hat OpenShift Container Platform cluster on Virtual Private Cloud (VPC), enabling a scalable and flexible cloud environment for containerized applications with seamless integration to security and observability services. The VPC is implemented as a multi-zone, multi-subnet architecture, ensuring that your environment remains secure and highly available.", + "long_description": "This solution enables the provisioning of Red Hat OpenShift clusters on IBM Cloud VPC using a range of configurations tailored to different needs — from sandbox experimentation to validated financial services deployments. Each variation offers a distinct balance of customization, integration with security and observability features, and readiness for production or evaluation use. Whether you're exploring OpenShift capabilities or deploying in regulated environments, these configurations help accelerate your cloud-native journey.", "offering_docs_url": "https://cloud.ibm.com/docs/secure-infrastructure-vpc?topic=secure-infrastructure-vpc-overview#overview-ocp", "offering_icon_url": "https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-landing-zone/main/.docs/images/deploy-arch-slz-ocp-lt.svg", "provider_name": "IBM", @@ -62,7 +63,7 @@ }, { "title": "Observability", - "description": "This solution can leverage Observability that supports configuring resources for logging, monitoring and activity tracker event routing (optional)." + "description": "You can optionally leverage Observability services for logging, monitoring and activity tracker event routing." }, { "title": "Kube Audit", @@ -1015,8 +1016,8 @@ "terraform_version": "1.10.5" }, { - "label": "[Experimental] QuickStart", - "name": "quickstart", + "label": "QuickStart", + "name": "quickstart-da", "index": 4, "install_type": "fullstack", "working_directory": "solutions/quickstart", From 393fdce5b78c80dcc7e416e04ca20b159eefdb29 Mon Sep 17 00:00:00 2001 From: Aditya-ranjan-16 Date: Wed, 20 Aug 2025 01:10:07 +0530 Subject: [PATCH 26/40] fix --- ibm_catalog.json | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/ibm_catalog.json b/ibm_catalog.json index a573e1f5..4975af49 100644 --- a/ibm_catalog.json +++ b/ibm_catalog.json @@ -23,7 +23,7 @@ "Red Hat OpenShift Container Platform", "OCP" ], - "short_description": "Creates Red Hat OpenShift workload clusters on IBM Cloud within a secure VPC network, with optional integration of security and logging services", + "short_description": "Deploys Red Hat OpenShift workload clusters on IBM Cloud within a secure VPC network, with optional integration of security and logging services", "long_description": "This solution enables the provisioning of Red Hat OpenShift clusters on IBM Cloud VPC using a range of configurations tailored to different needs — from sandbox experimentation to validated financial services deployments. Each variation offers a distinct balance of customization, integration with security and observability features, and readiness for production or evaluation use. Whether you're exploring OpenShift capabilities or deploying in regulated environments, these configurations help accelerate your cloud-native journey.", "offering_docs_url": "https://cloud.ibm.com/docs/secure-infrastructure-vpc?topic=secure-infrastructure-vpc-overview#overview-ocp", "offering_icon_url": "https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-landing-zone/main/.docs/images/deploy-arch-slz-ocp-lt.svg", @@ -51,7 +51,7 @@ }, { "title": "Object Storage", - "description": "Creates and configures an [Object Storage bucket](https://cloud.ibm.com/docs/openshift?topic=openshift-storage-cos-understand) which acts as OpenShift internal registry storage. You can provide an existing COS Instance or use the [Cloud automation for Object Storage](https://cloud.ibm.com/catalog/7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3/architecture/deploy-arch-ibm-cos-68921490-2778-4930-ac6d-bae7be6cd958-global) for creating a new instance." + "description": "Creates and configures an [Object Storage bucket](https://cloud.ibm.com/docs/openshift?topic=openshift-storage-cos-understand) which acts as OpenShift internal registry storage. You can provide an existing COS instance or use the [Cloud automation for Object Storage](https://cloud.ibm.com/catalog/7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3/architecture/deploy-arch-ibm-cos-68921490-2778-4930-ac6d-bae7be6cd958-global) for creating a new instance." }, { "title": "KMS Encryption", @@ -59,7 +59,7 @@ }, { "title": "Secrets Manager", - "description": "Optional integration with [Cloud automation for Secrets Manager](https://cloud.ibm.com/catalog/7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3/architecture/deploy-arch-ibm-secrets-manager-6d6ebc76-7bbd-42f5-8bc7-78f4fabd5944-global) for centrally managing Ingress subdomain certificates." + "description": "Optionally you can integrate with [Cloud automation for Secrets Manager](https://cloud.ibm.com/catalog/7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3/architecture/deploy-arch-ibm-secrets-manager-6d6ebc76-7bbd-42f5-8bc7-78f4fabd5944-global) for centrally managing Ingress subdomain certificates." }, { "title": "Observability", @@ -67,7 +67,7 @@ }, { "title": "Kube Audit", - "description": "Deploys the Kube Audit solution to monitor and log Kubernetes API server activity. It captures events such as user actions, configuration changes, and access attempts, helping meet security and compliance requirements through centralized [audit logging](https://cloud.ibm.com/docs/containers?topic=containers-health-audit#audit-api-server)." + "description": "You can deploy Kube Audit to monitor and log Kubernetes API server activity. It captures events such as user actions, configuration changes, and access attempts to meet security and compliance requirements through centralized [audit logging](https://cloud.ibm.com/docs/containers?topic=containers-health-audit#audit-api-server)." } ], "flavors": [ From fbf1e534be4524490328aa4fd0e2085cb60eea03 Mon Sep 17 00:00:00 2001 From: Aditya-ranjan-16 Date: Wed, 20 Aug 2025 10:35:24 +0530 Subject: [PATCH 27/40] fix --- ibm_catalog.json | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/ibm_catalog.json b/ibm_catalog.json index 4975af49..412f9cef 100644 --- a/ibm_catalog.json +++ b/ibm_catalog.json @@ -178,7 +178,11 @@ "features": [ { "title": " ", - "description": "Configured to use IBM secure by default standards, but can be edited to fit your use case." + "description": "Deploy Red Hat OpenShift Container Platform with fully configurable parameters and intelligently selected defaults. It can seamlessly integrate IBM Cloud services without requiring manual intervention." + }, + { + "title": " ", + "description": "Offers full control over architecture parameters, with well-chosen defaults that enable a functional OpenShift cluster and integrated IBM Cloud services without requiring manual adjustments. Ideal for users who want flexibility with a reliable starting point." } ], "diagrams": [ @@ -1017,7 +1021,7 @@ }, { "label": "QuickStart", - "name": "quickstart-da", + "name": "ocp-quickstart", "index": 4, "install_type": "fullstack", "working_directory": "solutions/quickstart", @@ -1065,7 +1069,11 @@ "features": [ { "title": " ", - "description": "Configures QuickStart deployment of a Red Hat OpenShift cluster within an IBM Cloud VPC with limited options." + "description": "Deploy Red Hat OpenShift Container Platform using a lightweight, experimental configuration that enables quick provisioning without the need to configure underlying infrastructure. This minimal setup is tailored for demonstration use cases." + }, + { + "title": " ", + "description": "A lightweight, experimental configuration for quickly provisioning an OpenShift cluster on IBM Cloud VPC. Ideal for users new to IBM Cloud or OpenShift who want to get started without configuring underlying infrastructure. Not certified, not upgradeable, and not intended for production use." } ], "diagrams": [ From c35b8b2348324e9e000f28e5a66b02bb8f411261 Mon Sep 17 00:00:00 2001 From: Aditya-ranjan-16 Date: Wed, 20 Aug 2025 11:30:11 +0530 Subject: [PATCH 28/40] fix --- ibm_catalog.json | 42 +++++++++++------------------------------- 1 file changed, 11 insertions(+), 31 deletions(-) diff --git a/ibm_catalog.json b/ibm_catalog.json index 412f9cef..7dcf76bc 100644 --- a/ibm_catalog.json +++ b/ibm_catalog.json @@ -23,51 +23,31 @@ "Red Hat OpenShift Container Platform", "OCP" ], - "short_description": "Deploys Red Hat OpenShift workload clusters on IBM Cloud within a secure VPC network, with optional integration of security and logging services", + "short_description": "Deploys an OpenShift topology on VPC with flexible configurations, QuickStart options for simplified setup, and advanced features for security and compliance.", "long_description": "This solution enables the provisioning of Red Hat OpenShift clusters on IBM Cloud VPC using a range of configurations tailored to different needs — from sandbox experimentation to validated financial services deployments. Each variation offers a distinct balance of customization, integration with security and observability features, and readiness for production or evaluation use. Whether you're exploring OpenShift capabilities or deploying in regulated environments, these configurations help accelerate your cloud-native journey.", "offering_docs_url": "https://cloud.ibm.com/docs/secure-infrastructure-vpc?topic=secure-infrastructure-vpc-overview#overview-ocp", "offering_icon_url": "https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-landing-zone/main/.docs/images/deploy-arch-slz-ocp-lt.svg", "provider_name": "IBM", "features": [ { - "title": "Red Hat OpenShift Cluster", - "description": "Creates a [Red Hat OpenShift Cluster](https://cloud.ibm.com/docs/openshift) on IBM Cloud that helps businesses manage their containerized applications at scale with added enterprise features such as security, scalability, and automation." + "title": "Configurable OpenShift Deployment Options", + "description": "Provides multiple configuration paths for provisioning [Red Hat OpenShift clusters](https://cloud.ibm.com/docs/openshift) on IBM Cloud VPC. Supports use cases ranging from quick experimentation to production-grade deployments in regulated environments. Capabilities vary by variation, with some offering simplified onboarding and others enabling advanced integrations and compliance alignment." }, { - "description": "Configures worker pools in cluster through which you can group and manage [worker nodes](https://cloud.ibm.com/docs/openshift?topic=openshift-add-workers-vpc) of similar configurations, such as compute resources and availability zones.", - "title": "Worker pools" + "title": "OpenShift Cluster with Scalable Access and Worker Management", + "description": "Deploys a Red Hat OpenShift cluster with Kubernetes-native orchestration and automated lifecycle management. All variations support [public and private access endpoints](https://cloud.ibm.com/docs/openshift?topic=openshift-access_cluster) and [worker pool](https://cloud.ibm.com/docs/openshift?topic=openshift-add-workers-vpc) configurations, enabling secure connectivity and scalable workload deployment." }, { - "description": "Configures the [subnets](https://cloud.ibm.com/docs/openshift?topic=openshift-vpc-subnets&interface=ui#vpc_basics_subnets) for the cluster, and specifies the subnets to deploy the worker nodes in.", - "title": "Subnets" + "title": "Infrastructure Setup", + "description": "Automatically provisions multi-zone VPCs, [subnets](https://cloud.ibm.com/docs/openshift?topic=openshift-vpc-subnets&interface=ui#vpc_basics_subnets), and networking components. QuickStart variations abstract this setup to minimize required IBM Cloud knowledge, while other configurations expose full control for advanced users." }, { - "title": "Access Endpoints", - "description": "Offers support for [private and public endpoints](https://cloud.ibm.com/docs/openshift?topic=openshift-access_cluster) to connect to the cluster. If the cluster is accessed only by applications running on IBM Cloud, the private endpoint can be enabled for enhanced security." + "title": "IBM Cloud Services Integrations", + "description": "Depending on the variation, clusters may include integrations with IBM Cloud services such as [Key Protect](https://cloud.ibm.com/docs/openshift?topic=openshift-encryption-setup&interface=ui), [Hyper Protect Crypto Services](https://cloud.ibm.com/catalog/services/hyper-protect-crypto-services), [Secrets Manager](https://cloud.ibm.com/catalog/7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3/architecture/deploy-arch-ibm-secrets-manager-6d6ebc76-7bbd-42f5-8bc7-78f4fabd5944-global), [Object Storage](https://cloud.ibm.com/docs/openshift?topic=openshift-storage-cos-understand), and Observability services." }, { - "title": "Ingress Controller", - "description": "Sets up the [ingress controller](https://cloud.ibm.com/docs/openshift?topic=openshift-ingress-configure) for the cluster, responsible for routing external traffic to the appropriate services within the cluster." - }, - { - "title": "Object Storage", - "description": "Creates and configures an [Object Storage bucket](https://cloud.ibm.com/docs/openshift?topic=openshift-storage-cos-understand) which acts as OpenShift internal registry storage. You can provide an existing COS instance or use the [Cloud automation for Object Storage](https://cloud.ibm.com/catalog/7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3/architecture/deploy-arch-ibm-cos-68921490-2778-4930-ac6d-bae7be6cd958-global) for creating a new instance." - }, - { - "title": "KMS Encryption", - "description": "Optionally you can enable key management services(KMS) [encryption](https://cloud.ibm.com/docs/openshift?topic=openshift-encryption-secrets) of the Kubernetes Secrets and Object Storage bucket using either a newly created key or an existing one." - }, - { - "title": "Secrets Manager", - "description": "Optionally you can integrate with [Cloud automation for Secrets Manager](https://cloud.ibm.com/catalog/7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3/architecture/deploy-arch-ibm-secrets-manager-6d6ebc76-7bbd-42f5-8bc7-78f4fabd5944-global) for centrally managing Ingress subdomain certificates." - }, - { - "title": "Observability", - "description": "You can optionally leverage Observability services for logging, monitoring and activity tracker event routing." - }, - { - "title": "Kube Audit", - "description": "You can deploy Kube Audit to monitor and log Kubernetes API server activity. It captures events such as user actions, configuration changes, and access attempts to meet security and compliance requirements through centralized [audit logging](https://cloud.ibm.com/docs/containers?topic=containers-health-audit#audit-api-server)." + "title": "Security and Compliance Alignment", + "description": "Advanced configurations include features such as [audit logging](https://cloud.ibm.com/docs/containers?topic=containers-health-audit#audit-api-server) and encryption key management, and may align with [IBM Cloud Framework for Financial Services](https://cloud.ibm.com/docs/framework-financial-services?topic=framework-financial-services-about) for production use in regulated environments." } ], "flavors": [ From 7f372d6b20be7d558d53d024b592e3050bb885e6 Mon Sep 17 00:00:00 2001 From: Aditya-ranjan-16 Date: Wed, 20 Aug 2025 11:58:50 +0530 Subject: [PATCH 29/40] fix index --- ibm_catalog.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ibm_catalog.json b/ibm_catalog.json index 7dcf76bc..4224aff2 100644 --- a/ibm_catalog.json +++ b/ibm_catalog.json @@ -53,7 +53,7 @@ "flavors": [ { "label": "[Experimental] Fully configurable", - "index":3, + "index":2, "name": "fully-configurable", "install_type": "fullstack", "working_directory": "solutions/fully-configurable", @@ -1002,7 +1002,7 @@ { "label": "QuickStart", "name": "ocp-quickstart", - "index": 4, + "index": 1, "install_type": "fullstack", "working_directory": "solutions/quickstart", "iam_permissions": [ From b3bcd526fb3d17a83564fd391f77ef8619f1cb6f Mon Sep 17 00:00:00 2001 From: Aditya-ranjan-16 Date: Wed, 20 Aug 2025 18:00:29 +0530 Subject: [PATCH 30/40] fix --- ibm_catalog.json | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/ibm_catalog.json b/ibm_catalog.json index 4224aff2..a7627c7f 100644 --- a/ibm_catalog.json +++ b/ibm_catalog.json @@ -158,11 +158,11 @@ "features": [ { "title": " ", - "description": "Deploy Red Hat OpenShift Container Platform with fully configurable parameters and intelligently selected defaults. It can seamlessly integrate IBM Cloud services without requiring manual intervention." + "description": "Ideal for users who want flexibility with a reliable starting point." }, { "title": " ", - "description": "Offers full control over architecture parameters, with well-chosen defaults that enable a functional OpenShift cluster and integrated IBM Cloud services without requiring manual adjustments. Ideal for users who want flexibility with a reliable starting point." + "description": "Offers full control over architecture parameters, with well-chosen defaults that enable a functional OpenShift cluster and integrated IBM Cloud services without requiring manual adjustments." } ], "diagrams": [ @@ -172,7 +172,7 @@ "url": "https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-base-ocp-vpc/refs/heads/main/reference-architecture/deployable-architecture-ocp-cluster.svg", "type": "image/svg+xml" }, - "description": "This architecture supports creation of Red Hat OpenShift cluster within a Virtual Private Cloud (VPC). The architecture can be deployed independently or serve as a foundational building block for other solutions, such as [Cloud automation for Red Hat OpenShift AI](https://cloud.ibm.com/catalog/7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3/architecture/deploy-arch-ibm-ocp-ai-ba708aed-bb8a-4ac0-83a7-53a066701db5-global)

You can create a fully-configured VPC by selecting the [Cloud automation for VPC](https://cloud.ibm.com/catalog/7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3/architecture/deploy-arch-ibm-vpc-2af61763-f8ef-4527-a815-b92166f29bc8-global) dependency or you can use an existing VPC if any. The VPC can be provisioned either in a single-zone or multi-zone configuration, depending on your availability requirements. By default, the VPC addon provisions a three-zone VPC, forming the foundation for your OpenShift cluster. This cluster includes a single worker pool distributed across all three zones, with two worker nodes per zone. If you need additional worker pools, you can easily configure them using the additional_worker_pools variable.

A Cloud Object Storage (COS) instance is required for this topology. Within this instance, an Object Storage bucket will be created, which serves as the internal registry storage for the OpenShift cluster. The [Cloud automation for Object Storage](https://cloud.ibm.com/catalog/7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3/architecture/deploy-arch-ibm-cos-68921490-2778-4930-ac6d-bae7be6cd958-global) architecture supports the creation of COS instance. Additionally, the storage bucket can be encrypted using Key Management Services(KMS) to enhance security.

For logging and monitoring needs, you can enable Observability for your cluster, providing advanced monitoring, logging, and operational insights into the performance and health of your deployment.

Secrets Manager Integration can also be enabled using [Cloud automation for Secrets Manager](https://cloud.ibm.com/catalog/7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3/architecture/dep[…]bm-secrets-manager-6d6ebc76-7bbd-42f5-8bc7-78f4fabd5944-global) for centrally managing Ingress subdomain certificates, ensuring secure management of sensitive credentials.

This architecture provides a robust and secure foundation for deploying and managing your Red Hat OpenShift cluster, enabling seamless integration, enhanced security, and comprehensive monitoring for your cloud-native applications." + "description": "This architecture supports creation of Red Hat OpenShift cluster within a Virtual Private Cloud (VPC). The architecture can be deployed independently or serve as a foundational building block for other solutions, such as [Cloud automation for Red Hat OpenShift AI](https://cloud.ibm.com/catalog/7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3/architecture/deploy-arch-ibm-ocp-ai-ba708aed-bb8a-4ac0-83a7-53a066701db5-global).

You can create a fully-configured VPC by selecting the [Cloud automation for VPC](https://cloud.ibm.com/catalog/7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3/architecture/deploy-arch-ibm-vpc-2af61763-f8ef-4527-a815-b92166f29bc8-global) dependency or you can use an existing VPC if any. The VPC can be provisioned either in a single-zone or multi-zone configuration, depending on your availability requirements. By default, the VPC addon provisions a three-zone VPC, forming the foundation for your OpenShift cluster. This cluster includes a single worker pool distributed across all three zones, with two worker nodes per zone. If you need additional worker pools, you can easily configure them using the additional_worker_pools variable.

A Cloud Object Storage (COS) instance is required for this topology. Within this instance, an Object Storage bucket will be created, which serves as the internal registry storage for the OpenShift cluster. The [Cloud automation for Object Storage](https://cloud.ibm.com/catalog/7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3/architecture/deploy-arch-ibm-cos-68921490-2778-4930-ac6d-bae7be6cd958-global) architecture supports the creation of COS instance. Additionally, the storage bucket can be encrypted using Key Management Services(KMS) to enhance security.

For logging and monitoring needs, you can enable Observability for your cluster, providing advanced monitoring, logging, and operational insights into the performance and health of your deployment.

Secrets Manager Integration can also be enabled using [Cloud automation for Secrets Manager](https://cloud.ibm.com/catalog/7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3/architecture/dep[…]bm-secrets-manager-6d6ebc76-7bbd-42f5-8bc7-78f4fabd5944-global) for centrally managing Ingress subdomain certificates, ensuring secure management of sensitive credentials.

This architecture provides a robust and secure foundation for deploying and managing your Red Hat OpenShift cluster, enabling seamless integration, enhanced security, and comprehensive monitoring for your cloud-native applications." } ] }, @@ -1049,11 +1049,11 @@ "features": [ { "title": " ", - "description": "Deploy Red Hat OpenShift Container Platform using a lightweight, experimental configuration that enables quick provisioning without the need to configure underlying infrastructure. This minimal setup is tailored for demonstration use cases." + "description": "Ideal for users new to IBM Cloud or OpenShift who want to get started without configuring underlying infrastructure." }, { "title": " ", - "description": "A lightweight, experimental configuration for quickly provisioning an OpenShift cluster on IBM Cloud VPC. Ideal for users new to IBM Cloud or OpenShift who want to get started without configuring underlying infrastructure. Not certified, not upgradeable, and not intended for production use." + "description": "A lightweight, experimental configuration for quickly provisioning an OpenShift cluster on IBM Cloud VPC. Not certified, not upgradeable, and not intended for production use." } ], "diagrams": [ From 6ec37ebd4fd8dc73cf8f3fa08aa37a0dd3367fd3 Mon Sep 17 00:00:00 2001 From: Aditya-ranjan-16 Date: Thu, 21 Aug 2025 16:56:56 +0530 Subject: [PATCH 31/40] fix name --- ibm_catalog.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ibm_catalog.json b/ibm_catalog.json index 2fc86401..0ac67b27 100644 --- a/ibm_catalog.json +++ b/ibm_catalog.json @@ -2,7 +2,7 @@ "products": [ { "name": "deploy-arch-ibm-slz-ocp", - "label": "Red Hat OpenShift Container Platform on VPC landing zone", + "label": "Landing zone for containerized applications with Red Hat Openshift", "product_kind": "solution", "tags": [ "compute", @@ -49,7 +49,7 @@ }, { "title": "Security and Compliance Alignment", - "description": "Advanced configurations include features such as [audit logging](https://cloud.ibm.com/docs/containers?topic=containers-health-audit#audit-api-server) and encryption key management, and may align with [IBM Cloud Framework for Financial Services](https://cloud.ibm.com/docs/framework-financial-services?topic=framework-financial-services-about) for production use in regulated environments." + "description": "Advanced configurations include features such as [audit logging](https://cloud.ibm.com/docs/containers?topic=containers-health-audit#audit-api-server) and encryption key management, and may align with [IBM Cloud Framework for Financial Services](https://cloud.ibm.com/docs/framework-financial-services?topic=framework-financial-services-about) for production use in regulated environments." } ], "flavors": [ From 82e598acbbe3191790dbace1871309f0da980281 Mon Sep 17 00:00:00 2001 From: Aditya-ranjan-16 Date: Thu, 21 Aug 2025 20:49:39 +0530 Subject: [PATCH 32/40] fix --- ibm_catalog.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ibm_catalog.json b/ibm_catalog.json index 0ac67b27..c3f32f11 100644 --- a/ibm_catalog.json +++ b/ibm_catalog.json @@ -1106,7 +1106,7 @@ "diagrams": [ { "diagram": { - "caption": "Red Hat OpenShift cluster topology - Quickstart", + "caption": "Red Hat OpenShift cluster topology - QuickStart", "url": "https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-base-ocp-vpc/refs/heads/main/reference-architecture/deployable-architecture-ocp-cluster-qs.svg", "type": "image/svg+xml" }, From 723aa8ef3fed692065d3d1412cd98fb01b74054b Mon Sep 17 00:00:00 2001 From: Aditya-ranjan-16 Date: Thu, 21 Aug 2025 21:16:53 +0530 Subject: [PATCH 33/40] fix --- ibm_catalog.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ibm_catalog.json b/ibm_catalog.json index c3f32f11..f10d76e1 100644 --- a/ibm_catalog.json +++ b/ibm_catalog.json @@ -2,7 +2,7 @@ "products": [ { "name": "deploy-arch-ibm-slz-ocp", - "label": "Landing zone for containerized applications with Red Hat Openshift", + "label": "Landing zone for containerized applications with Red Hat OpenShift", "product_kind": "solution", "tags": [ "compute", From 458f733afb417f25f533f59bf4ed43d6ce907768 Mon Sep 17 00:00:00 2001 From: Aditya-ranjan-16 Date: Fri, 5 Sep 2025 13:24:23 +0530 Subject: [PATCH 34/40] updates --- .catalog-onboard-pipeline.yaml | 1 - ibm_catalog.json | 16 ++++++++-------- .../deployable-architecture-ocp-cluster-qs.svg | 0 .../deployable-architecture-ocp-cluster.svg | 0 4 files changed, 8 insertions(+), 9 deletions(-) rename {reference-architecture => reference-architectures}/deployable-architecture-ocp-cluster-qs.svg (100%) rename {reference-architecture => reference-architectures}/deployable-architecture-ocp-cluster.svg (100%) diff --git a/.catalog-onboard-pipeline.yaml b/.catalog-onboard-pipeline.yaml index 37912a5b..88083113 100644 --- a/.catalog-onboard-pipeline.yaml +++ b/.catalog-onboard-pipeline.yaml @@ -5,7 +5,6 @@ offerings: kind: solution catalog_id: 7df1e4ca-d54c-4fd0-82ce-3d13247308cd offering_id: 95fccffc-ae3b-42df-b6d9-80be5914d852 - include_git_submodules: true variations: - name: fully-configurable mark_ready: false diff --git a/ibm_catalog.json b/ibm_catalog.json index a938bfd2..df140909 100644 --- a/ibm_catalog.json +++ b/ibm_catalog.json @@ -54,11 +54,12 @@ ], "flavors": [ { - "label": "[Experimental] Fully configurable", - "index":2, + "label": "Standard - Integrated setup with configurable services", + "index": 2, "name": "fully-configurable", "install_type": "fullstack", "working_directory": "solutions/fully-configurable", + "release_notes_url": "https://cloud.ibm.com/docs/secure-infrastructure-vpc?topic=secure-infrastructure-vpc-secure-infrastructure-vpc-relnotes", "compliance": { "authority": "scc-v3", "profiles": [ @@ -214,12 +215,10 @@ { "diagram": { "caption": "Red Hat OpenShift cluster topology - Fully configurable", - "url": "https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-base-ocp-vpc/refs/heads/main/reference-architecture/deployable-architecture-ocp-cluster.svg", + "url": "https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-base-ocp-vpc/refs/heads/main/reference-architectures/deployable-architecture-ocp-cluster.svg", "type": "image/svg+xml" }, - "description": "This architecture supports creation of Red Hat OpenShift cluster within a Virtual Private Cloud (VPC).

You can create a fully-configured VPC by selecting the [Cloud automation for VPC](https://cloud.ibm.com/catalog/7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3/architecture/deploy-arch-ibm-vpc-2af61763-f8ef-4527-a815-b92166f29bc8-global) dependency or you can use an existing VPC if any. The VPC can be provisioned either in a single-zone or multi-zone configuration, depending on your availability requirements. By default, the VPC addon provisions a three-zone VPC, forming the foundation for your OpenShift cluster. This cluster includes a single worker pool distributed across all three zones, with two worker nodes per zone. If you need additional worker pools, you can easily configure them using the additional_worker_pools variable.

A Cloud Object Storage (COS) instance is required for this topology. Within this instance, an Object Storage bucket will be created, which serves as the internal registry storage for the OpenShift cluster. The [Cloud automation for Object Storage](https://cloud.ibm.com/catalog/7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3/architecture/deploy-arch-ibm-cos-68921490-2778-4930-ac6d-bae7be6cd958-global) architecture supports the creation of COS instance. Additionally, Key Management Services(KMS) is used to encrypt the cluster and the boot volumes used by the cluster to enhance security.

For logging and monitoring needs, you can enable Observability for your cluster. [Cloud automation for Observability](https://cloud.ibm.com/catalog/7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3/architecture/deploy-arch-ibm-observability-a3137d28-79e0-479d-8a24-758ebd5a0eab-global) provides advanced monitoring, logging, and operational insights into the performance and health of your deployment.

Secrets Manager Integration can also be enabled using [Cloud automation for Secrets Manager](https://cloud.ibm.com/catalog/7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3/architecture/deploy-arch-ibm-secrets-manager-6d6ebc76-7bbd-42f5-8bc7-78f4fabd5944-global) for centrally managing Ingress subdomain certificates, ensuring secure management of sensitive credentials.

This architecture provides a robust and secure foundation for deploying and managing your Red Hat OpenShift cluster, enabling seamless integration, enhanced security, and comprehensive monitoring for your cloud-native applications." - } ] }, @@ -870,7 +869,7 @@ "hidden": true }, { - "key":"enable_kube_audit" + "key": "enable_kube_audit" }, { "key": "audit_deployment_name" @@ -1103,11 +1102,12 @@ "terraform_version": "1.10.5" }, { - "label": "QuickStart", + "label": "QuickStart - Basic and simple", "name": "ocp-quickstart", "index": 1, "install_type": "fullstack", "working_directory": "solutions/quickstart", + "release_notes_url": "https://cloud.ibm.com/docs/secure-infrastructure-vpc?topic=secure-infrastructure-vpc-secure-infrastructure-vpc-relnotes", "compliance": { "authority": "scc-v3", "profiles": [ @@ -1172,7 +1172,7 @@ { "diagram": { "caption": "Red Hat OpenShift cluster topology - QuickStart", - "url": "https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-base-ocp-vpc/refs/heads/main/reference-architecture/deployable-architecture-ocp-cluster-qs.svg", + "url": "https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-base-ocp-vpc/refs/heads/main/reference-architectures/deployable-architecture-ocp-cluster-qs.svg", "type": "image/svg+xml" }, "description": "This deployable architecture enables deployment of a Red Hat OpenShift cluster within an IBM Cloud Virtual Private Cloud (VPC). It provisions the OpenShift cluster and its foundational VPC infrastructure with a limited set of essential options for rapid and streamlined setup. Additionally, the deployment creates an Object Storage bucket that serves as the internal container image registry for the OpenShift cluster. Thus, it helps ensure seamless storage integration.

Users can select from predefined cluster sizes — mini (default), small, medium, and large. Each size determines the number of availability zones, worker nodes per zone, and the machine type (worker node flavor). [Learn more](https://github.com/terraform-ibm-modules/terraform-ibm-base-ocp-vpc/blob/main/solutions/quickstart/DA_docs.md).

By default, the architecture provisions a two-zone VPC, forming the foundation for the OpenShift cluster. The cluster comprises a single worker pool distributed across these zones, with two worker nodes per zone in the mini configuration.

This streamlined architecture balances ease of use with flexibility, enabling rapid OpenShift cluster deployments with the infrastructure, integrated storage services, and right-sized compute resources of IBM Cloud." diff --git a/reference-architecture/deployable-architecture-ocp-cluster-qs.svg b/reference-architectures/deployable-architecture-ocp-cluster-qs.svg similarity index 100% rename from reference-architecture/deployable-architecture-ocp-cluster-qs.svg rename to reference-architectures/deployable-architecture-ocp-cluster-qs.svg diff --git a/reference-architecture/deployable-architecture-ocp-cluster.svg b/reference-architectures/deployable-architecture-ocp-cluster.svg similarity index 100% rename from reference-architecture/deployable-architecture-ocp-cluster.svg rename to reference-architectures/deployable-architecture-ocp-cluster.svg From 094d26b9ae8ab72cc5ecdcb31c0b69aae4b65ef7 Mon Sep 17 00:00:00 2001 From: Aditya-ranjan-16 Date: Fri, 5 Sep 2025 14:14:11 +0530 Subject: [PATCH 35/40] fix icon --- ibm_catalog.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ibm_catalog.json b/ibm_catalog.json index df140909..d43769bf 100644 --- a/ibm_catalog.json +++ b/ibm_catalog.json @@ -28,7 +28,7 @@ "short_description": "Deploys an OpenShift topology on VPC with flexible configurations, QuickStart options for simplified setup, and advanced features for security and compliance.", "long_description": "This solution enables the provisioning of Red Hat OpenShift clusters on IBM Cloud VPC using a range of configurations tailored to different needs — from sandbox experimentation to validated financial services deployments. Each variation offers a distinct balance of customization, integration with security and observability features, and readiness for production or evaluation use. Whether you're exploring OpenShift capabilities or deploying in regulated environments, these configurations help accelerate your cloud-native journey.", "offering_docs_url": "https://cloud.ibm.com/docs/secure-infrastructure-vpc?topic=secure-infrastructure-vpc-overview#overview-ocp", - "offering_icon_url": "https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-landing-zone/main/.docs/images/deploy-arch-slz-ocp-lt.svg", + "offering_icon_url": "https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-base-ocp-vpc/main/images/ocp_icon.svg", "provider_name": "IBM", "features": [ { From 08dedcf3e8866f347f928df372c7327a406a1957 Mon Sep 17 00:00:00 2001 From: Aditya-ranjan-16 Date: Fri, 5 Sep 2025 15:05:47 +0530 Subject: [PATCH 36/40] fix --- ibm_catalog.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/ibm_catalog.json b/ibm_catalog.json index d43769bf..5af26b31 100644 --- a/ibm_catalog.json +++ b/ibm_catalog.json @@ -120,7 +120,7 @@ "crn:v1:bluemix:public:iam::::role:Editor" ], "service_name": "kms", - "notes": "[Optional] [Optional] Required if Key Protect is used for encryption." + "notes": "[Optional] Required if Key Protect is used for encryption." }, { "role_crns": [ @@ -214,7 +214,7 @@ "diagrams": [ { "diagram": { - "caption": "Red Hat OpenShift cluster topology - Fully configurable", + "caption": "Red Hat OpenShift cluster topology - Standard (Integrated setup with configurable services)", "url": "https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-base-ocp-vpc/refs/heads/main/reference-architectures/deployable-architecture-ocp-cluster.svg", "type": "image/svg+xml" }, @@ -1171,7 +1171,7 @@ "diagrams": [ { "diagram": { - "caption": "Red Hat OpenShift cluster topology - QuickStart", + "caption": "Red Hat OpenShift cluster topology - QuickStart (Basic and simple)", "url": "https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-base-ocp-vpc/refs/heads/main/reference-architectures/deployable-architecture-ocp-cluster-qs.svg", "type": "image/svg+xml" }, From 229f51fbc77df5ec51e433695caa65d8691f214f Mon Sep 17 00:00:00 2001 From: Aditya-ranjan-16 Date: Wed, 10 Sep 2025 00:32:05 +0530 Subject: [PATCH 37/40] updates --- ibm_catalog.json | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/ibm_catalog.json b/ibm_catalog.json index 3e6b7171..b88379cb 100644 --- a/ibm_catalog.json +++ b/ibm_catalog.json @@ -2,7 +2,7 @@ "products": [ { "name": "deploy-arch-ibm-slz-ocp", - "label": "Landing zone for containerized applications with Red Hat OpenShift", + "label": "Landing zone for containerized applications with OpenShift", "product_kind": "solution", "tags": [ "compute", @@ -25,7 +25,7 @@ "redhat", "ROKS" ], - "short_description": "Deploys an OpenShift topology on VPC with flexible configurations, QuickStart options for simplified setup, and advanced features for security and compliance.", + "short_description": "Deploys an OpenShift topology on VPC with flexible configurations, QuickStart options for simplified setup, and advanced features for security and compliance", "long_description": "This solution enables the provisioning of Red Hat OpenShift clusters on IBM Cloud VPC using a range of configurations tailored to different needs — from sandbox experimentation to validated financial services deployments. Each variation offers a distinct balance of customization, integration with security and observability features, and readiness for production or evaluation use. Whether you're exploring OpenShift capabilities or deploying in regulated environments, these configurations help accelerate your cloud-native journey.", "offering_docs_url": "https://cloud.ibm.com/docs/secure-infrastructure-vpc?topic=secure-infrastructure-vpc-overview#overview-ocp", "offering_icon_url": "https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-base-ocp-vpc/main/images/ocp_icon.svg", @@ -50,6 +50,18 @@ { "title": "Security and Compliance Alignment", "description": "Advanced configurations include features such as [audit logging](https://cloud.ibm.com/docs/containers?topic=containers-health-audit#audit-api-server) and encryption key management, and may align with [IBM Cloud Framework for Financial Services](https://cloud.ibm.com/docs/framework-financial-services?topic=framework-financial-services-about) for production use in regulated environments." + }, + { + "title": "Sets up logging for the OCP instance.", + "description": "Optionally, you can deploy Cloud automation for Cloud Logs to route, alert, and visualize platform logs that are generated by your OCP instance [Learn more](https://cloud.ibm.com/catalog/7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3/architecture/deploy-arch-ibm-cloud-logs-63d8ae58-fbf3-41ce-b844-0fb5b85882ab-global)." + }, + { + "title": "Sets up monitoring operational metrics for the OCP instance", + "description": "Optionally, you can deploy Cloud automation for Cloud Monitoring to measure how users and applications interact with your OCP instance [Learn more](https://cloud.ibm.com/catalog/7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3/architecture/deploy-arch-ibm-cloud-monitoring-73debdbf-894f-4c14-81c7-5ece3a70b67d-global)." + }, + { + "title": "Sets up activity tracking for the OCP instance", + "description": "Optionally, you can deploy Cloud automation for Activity Tracker Event Routing to route and securely store auditing events that are related to your OCP instance [Learn more](https://cloud.ibm.com/catalog/7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3/architecture/deploy-arch-ibm-activity-tracker-918453c3-4f97-4583-8c4a-83ef12fc7916-global)." } ], "flavors": [ From d8b2ef8eda1c2bbce21ef563ae57890da73ab55c Mon Sep 17 00:00:00 2001 From: Aditya-ranjan-16 Date: Wed, 10 Sep 2025 12:29:49 +0530 Subject: [PATCH 38/40] fix --- ibm_catalog.json | 3 --- 1 file changed, 3 deletions(-) diff --git a/ibm_catalog.json b/ibm_catalog.json index cc9e5009..5663d1a0 100644 --- a/ibm_catalog.json +++ b/ibm_catalog.json @@ -680,9 +680,6 @@ { "key": "use_private_endpoint" }, - { - "key": "disable_public_endpoint" - }, { "key": "cluster_config_endpoint_type", "options": [ From f9a2c46ec420550da6b5ca6b8549e11ecb3b5270 Mon Sep 17 00:00:00 2001 From: Shikha Maheshwari Date: Wed, 10 Sep 2025 15:23:22 +0530 Subject: [PATCH 39/40] updated tags --- ibm_catalog.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/ibm_catalog.json b/ibm_catalog.json index 5663d1a0..840916e4 100644 --- a/ibm_catalog.json +++ b/ibm_catalog.json @@ -5,13 +5,13 @@ "label": "Landing zone for containerized applications with OpenShift", "product_kind": "solution", "tags": [ - "compute", "ibm_created", "target_terraform", "terraform", - "reference_architecture", "solution", - "redhat" + "compute", + "reference_architecture", + "converged_infra" ], "keywords": [ "vpc", From 6a0a2afe683fb23d6e69e99b8fb7b037b05f04e9 Mon Sep 17 00:00:00 2001 From: Shikha Maheshwari Date: Wed, 10 Sep 2025 15:33:02 +0530 Subject: [PATCH 40/40] updated features desc --- ibm_catalog.json | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/ibm_catalog.json b/ibm_catalog.json index 840916e4..302e819f 100644 --- a/ibm_catalog.json +++ b/ibm_catalog.json @@ -32,7 +32,7 @@ "provider_name": "IBM", "features": [ { - "title": "Configurable OpenShift Deployment Options", + "title": "Configurable OpenShift deployment options", "description": "Provides multiple configuration paths for provisioning [Red Hat OpenShift clusters](https://cloud.ibm.com/docs/openshift) on IBM Cloud VPC. Supports use cases ranging from quick experimentation to production-grade deployments in regulated environments. Capabilities vary by variation, with some offering simplified onboarding and others enabling advanced integrations and compliance alignment." }, { @@ -52,16 +52,16 @@ "description": "Advanced configurations include features such as [audit logging](https://cloud.ibm.com/docs/containers?topic=containers-health-audit#audit-api-server) and encryption key management, and may align with [IBM Cloud Framework for Financial Services](https://cloud.ibm.com/docs/framework-financial-services?topic=framework-financial-services-about) for production use in regulated environments." }, { - "title": "Sets up logging for the OCP instance.", - "description": "Optionally, you can deploy Cloud automation for Cloud Logs to route, alert, and visualize platform logs that are generated by your OCP instance [Learn more](https://cloud.ibm.com/catalog/7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3/architecture/deploy-arch-ibm-cloud-logs-63d8ae58-fbf3-41ce-b844-0fb5b85882ab-global)." + "title": "Sets up logging for the OpenShift cluster", + "description": "Optionally, you can deploy [Cloud automation for Cloud Logs](https://cloud.ibm.com/catalog/7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3/architecture/deploy-arch-ibm-cloud-logs-63d8ae58-fbf3-41ce-b844-0fb5b85882ab-global) to route, alert, and visualize platform logs that are generated by your OpenShift cluster." }, { - "title": "Sets up monitoring operational metrics for the OCP instance", - "description": "Optionally, you can deploy Cloud automation for Cloud Monitoring to measure how users and applications interact with your OCP instance [Learn more](https://cloud.ibm.com/catalog/7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3/architecture/deploy-arch-ibm-cloud-monitoring-73debdbf-894f-4c14-81c7-5ece3a70b67d-global)." + "title": "Sets up monitoring operational metrics for the OpenShift cluster", + "description": "Optionally, you can deploy [Cloud automation for Cloud Monitoring](https://cloud.ibm.com/catalog/7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3/architecture/deploy-arch-ibm-cloud-monitoring-73debdbf-894f-4c14-81c7-5ece3a70b67d-global) to measure how users and applications interact with your OpenShift cluster." }, { - "title": "Sets up activity tracking for the OCP instance", - "description": "Optionally, you can deploy Cloud automation for Activity Tracker Event Routing to route and securely store auditing events that are related to your OCP instance [Learn more](https://cloud.ibm.com/catalog/7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3/architecture/deploy-arch-ibm-activity-tracker-918453c3-4f97-4583-8c4a-83ef12fc7916-global)." + "title": "Sets up activity tracking for the OpenShift cluster", + "description": "Optionally, you can deploy [Cloud automation for Activity Tracker Event Routing](https://cloud.ibm.com/catalog/7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3/architecture/deploy-arch-ibm-activity-tracker-918453c3-4f97-4583-8c4a-83ef12fc7916-global) to route and securely store auditing events that are related to your OpenShift cluster." } ], "flavors": [