chore: Address ROKS DA E2E walkthrough feedback #771
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -16,7 +16,8 @@ | |
| "terraform", | ||
| "ocp", | ||
| "cluster", | ||
| "red_hat_openshift", | ||
| "ROKS" | ||
arya-girish-k marked this conversation as resolved.
Show resolved
Hide resolved
|
||
| ], | ||
| "short_description": "Automates the deployment of Red Hat OpenShift container platform on IBM Cloud with optional integration of security and logging services.", | ||
| "long_description": "The Cloud automation for Red Hat OpenShift Container Platform on VPC enables a scalable and flexible cloud environment for containerized applications with seamless integration to other security and observability services. This architecture can be deployed independently while also serving as a foundational deployable architecture for other architectures like [Cloud automation for Red Hat OpenShift AI](https://cloud.ibm.com/catalog/7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3/architecture/deploy-arch-ibm-ocp-ai-ba708aed-bb8a-4ac0-83a7-53a066701db5-global) to deploy mission critical applications and AI-driven initiatives to market quickly and securely with a managed OpenShift service.\n\nℹ️ This Terraform-based automation is part of a broader suite of IBM-maintained Infrastructure as Code (IaC) assets, each following the naming pattern \"Cloud automation for *servicename*\" and focusing on single IBM Cloud service. These single-service deployable architectures can be used on their own to streamline and automate service deployments through an [IaC approach](https://cloud.ibm.com/docs/secure-enterprise?topic=secure-enterprise-understanding-projects), or assembled together into a broader [automated IaC stack](https://cloud.ibm.com/docs/secure-enterprise?topic=secure-enterprise-config-stack) to automate the deployment of an end-to-end solution architecture.", | ||
|
|
@@ -80,90 +81,133 @@ | |
| }, | ||
| "iam_permissions": [ | ||
| { | ||
| "role_crns": [ | ||
| "crn:v1:bluemix:public:iam::::role:Viewer" | ||
| ], | ||
| "service_name": "Resource group only", | ||
| "notes":"Viewer access is required in the resource group you want to provision in." | ||
| }, | ||
| { | ||
| "role_crns": [ | ||
| "crn:v1:bluemix:public:iam::::role:Administrator" | ||
| ], | ||
| "service_name": "All Account Management services", | ||
| "notes": "[Optional] Required for consuming Account Configuration deployable architecture which creates resource group." | ||
arya-girish-k marked this conversation as resolved.
Outdated
Show resolved
Hide resolved
|
||
| }, | ||
| { | ||
| "role_crns": [ | ||
| "crn:v1:bluemix:public:iam::::role:Administrator" | ||
| ], | ||
| "service_name": "All Identity and Access enabled services", | ||
| "notes": "[Optional] Required for consuming Account Configuration deployable architecture which creates resource group with account settings." | ||
arya-girish-k marked this conversation as resolved.
Outdated
Show resolved
Hide resolved
|
||
| }, | ||
| { | ||
| "role_crns": [ | ||
| "crn:v1:bluemix:public:iam::::role:Editor" | ||
| ], | ||
| "service_name": "iam-access-groups", | ||
| "notes": "[optional] Required for managing IAM access groups." | ||
arya-girish-k marked this conversation as resolved.
Outdated
Show resolved
Hide resolved
arya-girish-k marked this conversation as resolved.
Outdated
Show resolved
Hide resolved
|
||
| }, | ||
| { | ||
| "service_name": "iam-identity", | ||
| "role_crns": [ | ||
| "crn:v1:bluemix:public:iam::::role:Operator", | ||
| "crn:v1:bluemix:public:iam-identity::::serviceRole:UserApiKeyCreator" | ||
| ], | ||
| "notes": "Required to create the containers-kubernetes-key needed by the OpenShift cluster on IBM Cloud and for managing and operating resources within the IBM Cloud environment." | ||
| }, | ||
| { | ||
| "role_crns": [ | ||
| "crn:v1:bluemix:public:iam::::serviceRole:Manager", | ||
| "crn:v1:bluemix:public:iam::::role:Editor" | ||
| ], | ||
| "service_name": "hs-crypto", | ||
| "notes": "[Optional] Required if KMS encryption is enabled and Hyper Protect Crypto Service is used for encryption." | ||
arya-girish-k marked this conversation as resolved.
Outdated
Show resolved
Hide resolved
|
||
| }, | ||
| { | ||
| "role_crns": [ | ||
| "crn:v1:bluemix:public:iam::::serviceRole:Manager", | ||
| "crn:v1:bluemix:public:iam::::role:Editor" | ||
| ], | ||
| "service_name": "kms", | ||
arya-girish-k marked this conversation as resolved.
Show resolved
Hide resolved
|
||
| "notes": "[Optional] Required if KMS encryption is enabled and Key Protect Service is used for encryption." | ||
| }, | ||
| { | ||
| "role_crns": [ | ||
| "crn:v1:bluemix:public:iam::::serviceRole:Manager", | ||
| "crn:v1:bluemix:public:iam::::role:Editor" | ||
| ], | ||
| "service_name": "cloud-object-storage", | ||
| "notes": "[Optional] Required to edit data and manage the OpenShift cluster's internal registry storage bucket." | ||
arya-girish-k marked this conversation as resolved.
Outdated
Show resolved
Hide resolved
|
||
| }, | ||
| { | ||
| "service_name": "containers-kubernetes", | ||
| "role_crns": [ | ||
| "crn:v1:bluemix:public:iam::::serviceRole:Manager", | ||
| "crn:v1:bluemix:public:iam::::role:Administrator" | ||
| ], | ||
| "notes": "Required to reset API keys, create and edit the OpenShift cluster, and manage all related resources." | ||
arya-girish-k marked this conversation as resolved.
Outdated
Show resolved
Hide resolved
|
||
| }, | ||
| { | ||
| "service_name": "is.vpc", | ||
| "role_crns": [ | ||
| "crn:v1:bluemix:public:iam::::role:Editor" | ||
| ], | ||
| "notes": "[Optional] Required for creating Virtual Private Cloud(VPC)." | ||
arya-girish-k marked this conversation as resolved.
Outdated
Show resolved
Hide resolved
arya-girish-k marked this conversation as resolved.
Outdated
Show resolved
Hide resolved
|
||
| }, | ||
| { | ||
| "role_crns": [ | ||
| "crn:v1:bluemix:public:iam::::role:Administrator", | ||
| "crn:v1:bluemix:public:iam::::serviceRole:Manager" | ||
| ], | ||
| "service_name": "secrets-manager", | ||
| "notes": "[Optional] Required for creating a Secrets Manager instance. 'Manager' access is required to create new secret groups." | ||
arya-girish-k marked this conversation as resolved.
Outdated
Show resolved
Hide resolved
|
||
| }, | ||
| { | ||
| "role_crns": [ | ||
| "crn:v1:bluemix:public:iam::::serviceRole:Manager", | ||
| "crn:v1:bluemix:public:iam::::role:Administrator" | ||
| ], | ||
| "service_name": "sysdig-monitor", | ||
| "notes": "[Optional] Required for consuming Observability deployable architecture, which sets up Cloud Monitoring." | ||
arya-girish-k marked this conversation as resolved.
Outdated
Show resolved
Hide resolved
|
||
| }, | ||
| { | ||
| "role_crns": [ | ||
| "crn:v1:bluemix:public:iam::::serviceRole:Manager", | ||
| "crn:v1:bluemix:public:iam::::role:Editor" | ||
| ], | ||
| "service_name": "logs", | ||
| "notes": "[Optional] Required for consuming Observability DA, which sets up Cloud logs." | ||
| }, | ||
| { | ||
| "service_name": "logs-router", | ||
| "role_crns": [ | ||
| "crn:v1:bluemix:public:iam::::serviceRole:Manager" | ||
| ], | ||
| "notes": "[Optional] Required for consuming Observability deployable architecture, which sets up Logs Routing." | ||
arya-girish-k marked this conversation as resolved.
Outdated
Show resolved
Hide resolved
|
||
| }, | ||
| { | ||
| "service_name": "atracker", | ||
| "role_crns": [ | ||
| "crn:v1:bluemix:public:iam::::serviceRole:Writer", | ||
| "crn:v1:bluemix:public:iam::::role:Editor" | ||
| ], | ||
| "notes": "[Optional] Required for consuming Observability deployable architecture, which sets up Activity Tracker Event Routing." | ||
arya-girish-k marked this conversation as resolved.
Outdated
Show resolved
Hide resolved
|
||
| }, | ||
| { | ||
| "service_name": "metrics-router", | ||
| "role_crns": [ | ||
| "crn:v1:bluemix:public:iam::::role:Administrator" | ||
| ], | ||
| "notes": "[Optional] Required if metrics routing to cloud monitoring instance is enabled." | ||
arya-girish-k marked this conversation as resolved.
Outdated
Show resolved
Hide resolved
|
||
| }, | ||
| { | ||
| "role_crns": [ | ||
| "crn:v1:bluemix:public:iam::::serviceRole:Manager", | ||
| "crn:v1:bluemix:public:iam::::role:Administrator" | ||
| ], | ||
| "service_name": "event-notifications", | ||
| "notes": "[Optional] Required if you are creating an Event Notifications Instance" | ||
| } | ||
| ], | ||
| "architecture": { | ||
|
|
@@ -807,14 +851,14 @@ | |
| "dependencies": [ | ||
| { | ||
| "name": "deploy-arch-ibm-vpc", | ||
| "description": "Configure the VPC and subnets to deploy the OpenShift cluster.", | ||
| "id": "2af61763-f8ef-4527-a815-b92166f29bc8-global", | ||
| "version": "v7.24.0", | ||
| "flavors": [ | ||
| "fully-configurable" | ||
| ], | ||
| "catalog_id": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3", | ||
| "optional": false, | ||
| "on_by_default": true, | ||
| "input_mapping": [ | ||
| { | ||
|
|
@@ -850,7 +894,7 @@ | |
| }, | ||
| { | ||
| "name": "deploy-arch-ibm-account-infra-base", | ||
| "description": "Creates a set of resource groups and when \"with Account Settings\" variation is selected, it also applies baseline security and governance settings.", | ||
arya-girish-k marked this conversation as resolved.
Outdated
Show resolved
Hide resolved
|
||
| "catalog_id": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3", | ||
| "flavors": [ | ||
| "resource-group-only", | ||
|
|
@@ -875,7 +919,7 @@ | |
| }, | ||
| { | ||
| "name": "deploy-arch-ibm-kms", | ||
| "description": "Configure Key Protect to use your own managed encryption keys for Object Storage bucket.", | ||
|
||
| "id": "2cad4789-fa90-4886-9c9e-857081c273ee-global", | ||
| "version": "v5.1.4", | ||
| "flavors": [ | ||
|
|
@@ -907,7 +951,7 @@ | |
| }, | ||
| { | ||
| "name": "deploy-arch-ibm-cos", | ||
| "description": "Set up a Cloud Object Storage (COS) instance, where an object storage bucket will be created and used as the internal registry storage for OpenShift cluster.", | ||
arya-girish-k marked this conversation as resolved.
Outdated
Show resolved
Hide resolved
|
||
| "id": "68921490-2778-4930-ac6d-bae7be6cd958-global", | ||
| "version": "v9.0.2", | ||
| "flavors": [ | ||
|
|
@@ -935,7 +979,7 @@ | |
| }, | ||
| { | ||
| "name": "deploy-arch-ibm-observability", | ||
| "description": "Configure IBM Cloud Logs, Cloud Monitoring and Activity Tracker event routing for analysing logs and metrics generated by the OpenShift cluster.", | ||
arya-girish-k marked this conversation as resolved.
Outdated
Show resolved
Hide resolved
|
||
| "id": "a3137d28-79e0-479d-8a24-758ebd5a0eab-global", | ||
| "version": "v3.0.3", | ||
| "flavors": [ | ||
|
|
@@ -964,7 +1008,7 @@ | |
| }, | ||
| { | ||
| "name": "deploy-arch-ibm-secrets-manager", | ||
| "description": "Configure Secrets Manager instance for centrally managing Ingress subdomain certificates and other secrets for the cluster.", | ||
arya-girish-k marked this conversation as resolved.
Outdated
Show resolved
Hide resolved
|
||
| "id": "6d6ebc76-7bbd-42f5-8bc7-78f4fabd5944-global", | ||
| "version": "v2.4.0", | ||
| "flavors": [ | ||
|
|
@@ -1068,7 +1112,7 @@ | |
| "url": "https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-base-ocp-vpc/refs/heads/main/reference-architecture/deployable-architecture-ocp-cluster-qs.svg", | ||
| "type": "image/svg+xml" | ||
| }, | ||
| "description": "This QuickStart variation of deployable architecture enables deployment of a <b>Red Hat OpenShift cluster</b> within an IBM Cloud Virtual Private Cloud (VPC). It provisions the OpenShift cluster and its foundational VPC infrastructure with a limited set of essential options for rapid and streamlined setup. Additionally, the deployment creates an <b>Object Storage bucket</b> that serves as the internal container image registry for the OpenShift cluster. Thus, it helps ensure seamless storage integration.<br><br>Users can select from predefined cluster sizes — <b>mini (default), small, medium, and large.</b> Each size determines the number of availability zones, worker nodes per zone, and the <b>machine type</b> (worker node flavor). [Learn more](https://github.com/terraform-ibm-modules/terraform-ibm-base-ocp-vpc/blob/main/solutions/quickstart/DA_docs.md).<br><br>By default, the architecture provisions a <b>two-zone VPC</b>, forming the foundation for the OpenShift cluster. The cluster comprises a single worker pool distributed across these zones, with <b>two worker nodes per zone</b> in the mini configuration.<br><br>This streamlined architecture balances ease of use with flexibility, enabling rapid OpenShift cluster deployments with the infrastructure, integrated storage services, and right-sized compute resources of IBM Cloud." | ||
|
||
| } | ||
| ] | ||
| }, | ||
|
|
||
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading. Please reload this page.