From 41071baab566604207eb841057ddab5c59a06db8 Mon Sep 17 00:00:00 2001 From: Arya Girish K Date: Wed, 13 Aug 2025 16:01:39 +0530 Subject: [PATCH 1/7] Add SCC Profile --- .catalog-onboard-pipeline.yaml | 4 ++++ ibm_catalog.json | 9 +++++++++ 2 files changed, 13 insertions(+) diff --git a/.catalog-onboard-pipeline.yaml b/.catalog-onboard-pipeline.yaml index 3110933e..c6150d24 100644 --- a/.catalog-onboard-pipeline.yaml +++ b/.catalog-onboard-pipeline.yaml @@ -18,3 +18,7 @@ offerings: - name: quickstart mark_ready: true install_type: fullstack + scc: + instance_id: 1c7d5f78-9262-44c3-b779-b28fe4d88c37 + region: us-south + scope_resource_group_var_name: existing_resource_group_name diff --git a/ibm_catalog.json b/ibm_catalog.json index 74bf74db..1a4d52a4 100644 --- a/ibm_catalog.json +++ b/ibm_catalog.json @@ -1014,6 +1014,15 @@ "index": 1, "install_type": "fullstack", "working_directory": "solutions/quickstart", + "compliance": { + "authority": "scc-v3", + "profiles": [ + { + "profile_name": "CIS IBM Cloud Foundations Benchmark v1.1.0", + "profile_version": "1.1.0" + } + ] + }, "iam_permissions": [ { "service_name": "containers-kubernetes", From 9d33f08aec758806fa96e0859cd46d7ce06a4d4d Mon Sep 17 00:00:00 2001 From: Arya Girish K Date: Tue, 19 Aug 2025 13:43:43 +0530 Subject: [PATCH 2/7] Testing --- ibm_catalog.json | 945 ----------------------------------------------- 1 file changed, 945 deletions(-) diff --git a/ibm_catalog.json b/ibm_catalog.json index 1a4d52a4..9cf056c8 100644 --- a/ibm_catalog.json +++ b/ibm_catalog.json @@ -63,951 +63,6 @@ ], "support_details": "This product is in the community registry, as such support is handled through the originated repo. If you experience issues, please open an issue in the repository [here](https://github.com/terraform-ibm-modules/terraform-ibm-base-ocp-vpc/issues). Please note this product is not supported via the IBM Cloud Support Center.", "flavors": [ - { - "label": "Fully configurable", - "name": "fully-configurable", - "index": 2, - "install_type": "fullstack", - "working_directory": "solutions/fully-configurable", - "compliance": { - "authority": "scc-v3", - "profiles": [ - { - "profile_name": "IBM Cloud Framework for Financial Services", - "profile_version": "1.7.0" - } - ] - }, - "iam_permissions": [ - { - "service_name": "containers-kubernetes", - "role_crns": [ - "crn:v1:bluemix:public:iam::::serviceRole:Manager", - "crn:v1:bluemix:public:iam::::role:Editor" - ], - "notes": "Required to create and edit OpenShift cluster and the related resources." - }, - { - "service_name": "iam-identity", - "role_crns": [ - "crn:v1:bluemix:public:iam::::role:Administrator", - "crn:v1:bluemix:public:iam-identity::::serviceRole:UserApiKeyCreator" - ], - "notes": "Required to create the containers-kubernetes-key needed by the OpenShift cluster on IBM Cloud." - }, - { - "service_name": "is.vpc", - "role_crns": [ - "crn:v1:bluemix:public:iam::::role:Administrator" - ], - "notes": "Required for creating Virtual Private Cloud(VPC)." - }, - { - "service_name": "cloud-object-storage", - "role_crns": [ - "crn:v1:bluemix:public:iam::::serviceRole:Manager", - "crn:v1:bluemix:public:iam::::role:Editor" - ], - "notes": "Required to create Cloud Object Storage (COS) Instance." - }, - { - "service_name": "hs-crypto", - "role_crns": [ - "crn:v1:bluemix:public:iam::::serviceRole:Manager", - "crn:v1:bluemix:public:iam::::role:Editor" - ], - "notes": "[Optional] Required if KMS encryption is enabled and IBM Hyper Protect Crypto Services is used to encrypt the Kubernetes Secrets and Object Storage bucket." - }, - { - "service_name": "kms", - "role_crns": [ - "crn:v1:bluemix:public:iam::::serviceRole:Manager", - "crn:v1:bluemix:public:iam::::role:Editor" - ], - "notes": "[Optional] Required if KMS encryption is enabled and Key protect is used for encryption of Kubernetes Secrets and Object Storage bucket." - }, - { - "service_name": "sysdig-monitor", - "role_crns": [ - "crn:v1:bluemix:public:iam::::serviceRole:Manager", - "crn:v1:bluemix:public:iam::::role:Editor" - ], - "notes": "[Optional] Required if you are consuming Observability deployable architecture which sets up Cloud monitoring." - }, - { - "service_name": "logs", - "role_crns": [ - "crn:v1:bluemix:public:iam::::serviceRole:Manager", - "crn:v1:bluemix:public:iam::::role:Editor" - ], - "notes": "[Optional] Required if you are consuming Observability deployable architecture which sets up Cloud logs." - }, - { - "service_name": "logs-router", - "role_crns": [ - "crn:v1:bluemix:public:iam::::serviceRole:Manager" - ], - "notes": "[Optional] Required if you are consuming Observability deployable architecture which sets up Logs Routing." - }, - { - "service_name": "atracker", - "role_crns": [ - "crn:v1:bluemix:public:iam::::serviceRole:Writer", - "crn:v1:bluemix:public:iam::::role:Editor" - ], - "notes": "[Optional] Required if you are consuming Observability deployable architecture which sets up Activity Tracker Event Routing." - }, - { - "service_name": "secrets-manager", - "role_crns": [ - "crn:v1:bluemix:public:iam::::role:Administrator", - "crn:v1:bluemix:public:iam::::serviceRole:Manager" - ], - "notes": "[Optional] Required for creating an Secrets Manager instance. 'Manager' access required to create new secret groups." - } - ], - "architecture": { - "features": [ - { - "title": " ", - "description": "Configured to use IBM secure by default standards, but can be edited to fit your use case." - } - ], - "diagrams": [ - { - "diagram": { - "caption": "Red Hat OpenShift cluster topology", - "url": "https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-base-ocp-vpc/refs/heads/main/reference-architecture/deployable-architecture-ocp-cluster.svg", - "type": "image/svg+xml" - }, - "description": "This architecture supports creation of Red Hat OpenShift cluster within a Virtual Private Cloud (VPC).

You can create a fully-configured VPC by selecting the [Cloud automation for VPC](https://cloud.ibm.com/catalog/7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3/architecture/deploy-arch-ibm-vpc-2af61763-f8ef-4527-a815-b92166f29bc8-global) dependency or you can use an existing VPC if any. The VPC can be provisioned either in a single-zone or multi-zone configuration, depending on your availability requirements. By default, the VPC addon provisions a three-zone VPC, forming the foundation for your OpenShift cluster. This cluster includes a single worker pool distributed across all three zones, with two worker nodes per zone. If you need additional worker pools, you can easily configure them using the additional_worker_pools variable.

A Cloud Object Storage (COS) instance is required for this topology. Within this instance, an Object Storage bucket will be created, which serves as the internal registry storage for the OpenShift cluster. The [Cloud automation for Object Storage](https://cloud.ibm.com/catalog/7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3/architecture/deploy-arch-ibm-cos-68921490-2778-4930-ac6d-bae7be6cd958-global) architecture supports the creation of COS instance. Additionally, the storage bucket can be encrypted using Key Management Services(KMS) to enhance security.

For logging and monitoring needs, you can enable Observability for your cluster. [Cloud automation for Observability](https://cloud.ibm.com/catalog/7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3/architecture/deploy-arch-ibm-observability-a3137d28-79e0-479d-8a24-758ebd5a0eab-global) provides advanced monitoring, logging, and operational insights into the performance and health of your deployment.

Secrets Manager Integration can also be enabled using [Cloud automation for Secrets Manager](https://cloud.ibm.com/catalog/7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3/architecture/dep[…]bm-secrets-manager-6d6ebc76-7bbd-42f5-8bc7-78f4fabd5944-global) for centrally managing Ingress subdomain certificates, ensuring secure management of sensitive credentials.

This architecture provides a robust and secure foundation for deploying and managing your Red Hat OpenShift cluster, enabling seamless integration, enhanced security, and comprehensive monitoring for your cloud-native applications." - } - ] - }, - "configuration": [ - { - "key": "ibmcloud_api_key" - }, - { - "key": "prefix", - "required": true - }, - { - "key": "cluster_name", - "required": true - }, - { - "key": "ocp_version", - "required": true, - "default_value": "4.18", - "options": [ - { - "displayname": "4.18", - "value": "4.18" - }, - { - "displayname": "4.17", - "value": "4.17" - }, - { - "displayname": "4.16", - "value": "4.16" - }, - { - "displayname": "4.15", - "value": "4.15" - }, - { - "displayname": "4.14", - "value": "4.14" - } - ] - }, - { - "key": "default_worker_pool_machine_type", - "required": true, - "options": [ - { - "displayname": "bx2.16x64", - "value": "bx2.16x64" - }, - { - "displayname": "bx2.32x128", - "value": "bx2.32x128" - }, - { - "displayname": "bx2.48x192", - "value": "bx2.48x192" - }, - { - "displayname": "bx2.8x32", - "value": "bx2.8x32" - }, - { - "displayname": "bx3d.128x640", - "value": "bx3d.128x640" - }, - { - "displayname": "bx3d.16x80", - "value": "bx3d.16x80" - }, - { - "displayname": "bx3d.24x120", - "value": "bx3d.24x120" - }, - { - "displayname": "bx3d.32x160", - "value": "bx3d.32x160" - }, - { - "displayname": "bx3d.48x240", - "value": "bx3d.48x240" - }, - { - "displayname": "bx3d.64x320", - "value": "bx3d.64x320" - }, - { - "displayname": "bx3d.8x40", - "value": "bx3d.8x40" - }, - { - "displayname": "bx3d.96x480", - "value": "bx3d.96x480" - }, - { - "displayname": "cx2.16x32", - "value": "cx2.16x32" - }, - { - "displayname": "cx2.32x64", - "value": "cx2.32x64" - }, - { - "displayname": "cx2.48x96", - "value": "cx2.48x96" - }, - { - "displayname": "cx3d.128x320", - "value": "cx3d.128x320" - }, - { - "displayname": "cx3d.16x40", - "value": "cx3d.16x40" - }, - { - "displayname": "cx3d.24x60", - "value": "cx3d.24x60" - }, - { - "displayname": "cx3d.32x80", - "value": "cx3d.32x80" - }, - { - "displayname": "cx3d.48x120", - "value": "cx3d.48x120" - }, - { - "displayname": "cx3d.64x160", - "value": "cx3d.64x160" - }, - { - "displayname": "cx3d.96x240", - "value": "cx3d.96x240" - }, - { - "displayname": "mx2.128x1024", - "value": "mx2.128x1024" - }, - { - "displayname": "mx2.16x128", - "value": "mx2.16x128" - }, - { - "displayname": "mx2.32x256", - "value": "mx2.32x256" - }, - { - "displayname": "mx2.48x384", - "value": "mx2.48x384" - }, - { - "displayname": "mx2.64x512", - "value": "mx2.64x512" - }, - { - "displayname": "mx2.8x64", - "value": "mx2.8x64" - }, - { - "displayname": "mx3d.128x1280", - "value": "mx3d.128x1280" - }, - { - "displayname": "mx3d.24x240", - "value": "mx3d.24x240" - }, - { - "displayname": "mx3d.32x320", - "value": "mx3d.32x320" - }, - { - "displayname": "mx3d.48x480", - "value": "mx3d.48x480" - }, - { - "displayname": "mx3d.64x640", - "value": "mx3d.64x640" - }, - { - "displayname": "mx3d.96x960", - "value": "mx3d.96x960" - }, - { - "displayname": "bx2d.metal.96x384 (Only available in Toronto (ca-tor))", - "value": "bx2d.metal.96x384" - }, - { - "displayname": "cx2d.metal.96x192 (Only available in Toronto (ca-tor)) ", - "value": "cx2d.metal.96x192" - }, - { - "displayname": "mx2d.metal.96x768 (Only available in Toronto (ca-tor))) ", - "value": "mx2d.metal.96x768" - }, - { - "displayname": "mx2.16x128.2000gb (Not available in Sao Paulo (br-sao), Montreal (ca-mon), Madrid (eu-es), Osaka (jp-osa))", - "value": "mx2.16x128.2000gb" - }, - { - "displayname": "ox2.128x1024 (Not available in Sao Paulo (br-sao), Montreal (ca-mon))", - "value": "ox2.128x1024" - }, - { - "displayname": "ox2.16x128 (Not available in Sao Paulo (br-sao), Montreal (ca-mon))", - "value": "ox2.16x128" - }, - { - "displayname": "ox2.32x256 (Not available in Sao Paulo (br-sao), Montreal (ca-mon))", - "value": "ox2.32x256" - }, - { - "displayname": "ox2.64x512 (Not available in Sao Paulo (br-sao), Montreal (ca-mon))", - "value": "ox2.64x512" - }, - { - "displayname": "ox2.8x64 (Not available in Sao Paulo (br-sao), Montreal (ca-mon))", - "value": "ox2.8x64" - }, - { - "displayname": "ox2.96x768 (Not available in Sao Paulo (br-sao), Montreal (ca-mon))", - "value": "ox2.96x768" - } - ] - }, - { - "key": "default_worker_pool_workers_per_zone", - "required": true - }, - { - "key": "default_worker_pool_operating_system", - "required": true, - "options": [ - { - "displayname": "RHEL 9", - "value": "RHEL_9_64" - }, - { - "displayname": "Red Hat CoreOS", - "value": "RHCOS" - }, - { - "displayname": "RHEL 8", - "value": "REDHAT_8_64" - } - ] - }, - { - "key": "existing_vpc_crn", - "required": true - }, - { - "key": "region", - "required": true, - "type": "string", - "custom_config": { - "config_constraints": { - "generationType": "2" - }, - "grouping": "deployment", - "original_grouping": "deployment", - "type": "vpc_region" - }, - "description": "Region in which all the resources will be deployed. [Learn More](https://terraform-ibm-modules.github.io/documentation/#/region).", - "virtual": true, - "default_value": "us-south" - }, - { - "key": "existing_cos_instance_crn", - "required": true - }, - { - "key": "disable_public_endpoint", - "required": true - }, - { - "key": "enable_platform_metrics", - "type": "string", - "default_value": "true", - "description": "When set to `true`, the IBM Cloud Monitoring instance will be configured to collect platform metrics from the provided region. ⚠️ You can configure 1 instance only of the IBM Cloud Monitoring service per region to collect platform metrics in that location. Check with the account or service administrator if another monitoring instance has already been configured. You may not have permissions to see all monitoring instances in the region. [Learn more](https://cloud.ibm.com/docs/monitoring?topic=monitoring-platform_metrics_enabling).", - "required": true, - "virtual": true, - "options": [ - { - "displayname": "true", - "value": "true" - }, - { - "displayname": "false", - "value": "false" - } - ] - }, - { - "key": "logs_routing_tenant_regions", - "type": "list(string)", - "default_value": "[]", - "description": "To manage platform logs that are generated by IBM Cloud services in a region of IBM Cloud, you must create a tenant in each region that you operate. Pass a list of regions to create a tenant in. For example: [\"us-south\", \"us-east\"]. [Learn more](https://cloud.ibm.com/docs/logs-router?topic=logs-router-about-platform-logs).", - "required": true, - "virtual": true, - "custom_config": { - "grouping": "deployment", - "original_grouping": "deployment", - "config_constraints": { - "type": "string" - } - } - }, - { - "key": "existing_resource_group_name", - "display_name": "resource_group", - "custom_config": { - "type": "resource_group", - "grouping": "deployment", - "original_grouping": "deployment", - "config_constraints": { - "identifier": "rg_name" - } - } - }, - { - "key": "cluster_resource_tags", - "custom_config": { - "type": "array", - "grouping": "deployment", - "original_grouping": "deployment", - "config_constraints": { - "type": "string" - } - } - }, - { - "key": "access_tags", - "custom_config": { - "type": "array", - "grouping": "deployment", - "original_grouping": "deployment", - "config_constraints": { - "type": "string" - } - } - }, - { - "key": "ocp_entitlement" - }, - { - "key": "cluster_ready_when", - "options": [ - { - "displayname": "Normal", - "value": "Normal" - }, - { - "displayname": "IngressReady", - "value": "IngressReady" - }, - { - "displayname": "OneWorkerNodeReady", - "value": "OneWorkerNodeReady" - }, - { - "displayname": "MasterNodeReady", - "value": "MasterNodeReady" - } - ] - }, - { - "key": "enable_ocp_console" - }, - { - "key": "addons" - }, - { - "key": "manage_all_addons" - }, - { - "key": "additional_worker_pools", - "type": "array", - "custom_config": { - "type": "textarea", - "grouping": "deployment", - "original_grouping": "deployment" - } - }, - { - "key": "worker_pools_taints", - "type": "array", - "custom_config": { - "type": "textarea", - "grouping": "deployment", - "original_grouping": "deployment" - } - }, - { - "key": "ignore_worker_pool_size_changes" - }, - { - "key": "allow_default_worker_pool_replacement" - }, - { - "key": "default_worker_pool_labels" - }, - { - "key": "enable_autoscaling_for_default_pool" - }, - { - "key": "default_pool_minimum_number_of_nodes" - }, - { - "key": "default_pool_maximum_number_of_nodes" - }, - { - "key": "additional_security_group_ids" - }, - { - "key": "existing_subnet_ids" - }, - { - "key": "use_private_endpoint" - }, - { - "key": "cluster_config_endpoint_type", - "options": [ - { - "displayname": "default", - "value": "default" - }, - { - "displayname": "private", - "value": "private" - }, - { - "displayname": "vpe", - "value": "vpe" - }, - { - "displayname": "link", - "value": "link" - } - ] - }, - { - "key": "disable_outbound_traffic_protection" - }, - { - "key": "verify_worker_network_readiness" - }, - { - "key": "pod_subnet_cidr" - }, - { - "key": "service_subnet_cidr" - }, - { - "key": "custom_security_group_ids" - }, - { - "key": "attach_ibm_managed_security_group" - }, - { - "key": "additional_lb_security_group_ids" - }, - { - "key": "number_of_lbs" - }, - { - "key": "additional_vpe_security_group_ids" - }, - { - "key": "ibmcloud_kms_api_key" - }, - { - "key": "kms_encryption_enabled_cluster" - }, - { - "key": "existing_kms_instance_crn" - }, - { - "key": "existing_cluster_kms_key_crn" - }, - { - "key": "kms_endpoint_type", - "options": [ - { - "displayname": "Public", - "value": "public" - }, - { - "displayname": "Private", - "value": "private" - } - ], - "hidden": true - }, - { - "key": "cluster_kms_key_name" - }, - { - "key": "cluster_kms_key_ring_name" - }, - { - "key": "kms_encryption_enabled_boot_volume" - }, - { - "key": "existing_boot_volume_kms_key_crn" - }, - { - "key": "boot_volume_kms_key_name" - }, - { - "key": "boot_volume_kms_key_ring_name" - }, - { - "key": "cbr_rules", - "display_name": "openshift_cluster_cbr_rules", - "type": "array", - "custom_config": { - "type": "textarea", - "grouping": "deployment", - "original_grouping": "deployment" - } - }, - { - "key": "enable_secrets_manager_integration" - }, - { - "key": "existing_secrets_manager_instance_crn" - }, - { - "key": "secrets_manager_secret_group_id" - }, - { - "key": "secrets_manager_endpoint_type", - "hidden": true - }, - { - "key": "secrets_manager_service_plan", - "required": true, - "virtual": true, - "type": "string", - "options": [ - { - "displayname": "Standard", - "value": "standard" - }, - { - "displayname": "Trial", - "value": "trial" - } - ], - "default_value": "__NOT_SET__", - "description": "The pricing plan to use when provisioning a Secrets Manager instance. Possible values: `standard`, `trial`. You can create only one Trial instance of Secrets Manager per account. Before you can create a new Trial instance, you must delete the existing Trial instance and its reclamation. [Learn more](https://cloud.ibm.com/docs/secrets-manager?topic=secrets-manager-create-instance&interface=ui#upgrade-instance-standard)." - }, - { - "key": "skip_ocp_secrets_manager_iam_auth_policy" - }, - { - "key": "subnets", - "type": "object", - "default_value": "{\n zone-1 = [\n {\n name = \"subnet-a\"\n cidr = \"10.10.10.0/24\"\n public_gateway = true\n acl_name = \"vpc-acl\"\n no_addr_prefix = false\n }\n ],\n zone-2 = [\n {\n name = \"subnet-b\"\n cidr = \"10.20.10.0/24\"\n public_gateway = false\n acl_name = \"vpc-acl\"\n no_addr_prefix = false\n }\n ],\n zone-3 = [\n {\n name = \"subnet-c\"\n cidr = \"10.30.10.0/24\"\n public_gateway = false\n acl_name = \"vpc-acl\"\n no_addr_prefix = false\n }\n ]\n }", - "description": "List of subnets for the vpc. For each item in each array, a subnet will be created. Items can be either CIDR blocks or total ipv4 addressess. Public gateways will be enabled only in zones where a gateway has been created. [Learn more](https://github.com/terraform-ibm-modules/terraform-ibm-landing-zone-vpc/blob/main/solutions/fully-configurable/DA-types.md#subnets-).", - "required": false, - "virtual": true - }, - { - "key": "network_acls", - "type": "list(object)", - "default_value": "[\n {\n name = \"vpc-acl\"\n add_ibm_cloud_internal_rules = true\n add_vpc_connectivity_rules = true\n prepend_ibm_rules = true\n rules = [\n {\n name = \"allow-all-443-inbound\"\n action = \"allow\"\n direction = \"inbound\"\n tcp = {\n port_min = 443\n port_max = 443\n }\n destination = \"0.0.0.0/0\"\n source = \"0.0.0.0/0\"\n },\n {\n name = \"allow-all-80-inbound\"\n action = \"allow\"\n direction = \"inbound\"\n tcp = {\n port_min = 80\n port_max = 80\n source_port_min = 80\n source_port_max = 80\n }\n destination = \"0.0.0.0/0\"\n source = \"0.0.0.0/0\"\n },\n {\n name = \"allow-all-ingress-inbound\"\n action = \"allow\"\n direction = \"inbound\"\n tcp = {\n source_port_min = 30000\n source_port_max = 32767\n }\n destination = \"0.0.0.0/0\"\n source = \"0.0.0.0/0\"\n },\n {\n name = \"allow-all-443-outbound\"\n action = \"allow\"\n direction = \"outbound\"\n tcp = {\n source_port_min = 443\n source_port_max = 443\n }\n destination = \"0.0.0.0/0\"\n source = \"0.0.0.0/0\"\n },\n {\n name = \"allow-all-80-outbound\"\n action = \"allow\"\n direction = \"outbound\"\n tcp = {\n source_port_min = 80\n source_port_max = 80\n port_min = 80\n port_max = 80\n }\n destination = \"0.0.0.0/0\"\n source = \"0.0.0.0/0\"\n },\n {\n name = \"allow-all-ingress-outbound\"\n action = \"allow\"\n direction = \"outbound\"\n tcp = {\n port_min = 30000\n port_max = 32767\n }\n destination = \"0.0.0.0/0\"\n source = \"0.0.0.0/0\"\n }\n ]\n }\n]", - "description": "The list of ACLs to create. Provide at least one rule for each ACL. [Learn more](https://github.com/terraform-ibm-modules/terraform-ibm-landing-zone-vpc/blob/main/solutions/fully-configurable/DA-types.md#network-acls-).", - "required": false, - "virtual": true, - "custom_config": { - "type": "textarea", - "grouping": "deployment", - "original_grouping": "deployment" - } - }, - { - "key": "provider_visibility", - "options": [ - { - "displayname": "private", - "value": "private" - }, - { - "displayname": "public", - "value": "public" - }, - { - "displayname": "public-and-private", - "value": "public-and-private" - } - ], - "hidden": true - }, - { - "key": "enable_kube_audit" - }, - { - "key": "audit_deployment_name" - }, - { - "key": "audit_log_policy", - "options": [ - { - "displayname": "Default", - "value": "default" - }, - { - "displayname": "Write Request Bodies", - "value": "WriteRequestBodies" - } - ] - }, - { - "key": "audit_namespace" - }, - { - "key": "audit_webhook_listener_image" - }, - { - "key": "audit_webhook_listener_image_tag_digest" - } - ], - "dependencies": [ - { - "name": "deploy-arch-ibm-vpc", - "description": "Configure the VPC instance and subnets where the OpenShift cluster will be deployed. ", - "id": "2af61763-f8ef-4527-a815-b92166f29bc8-global", - "version": "v7.24.0", - "flavors": [ - "fully-configurable" - ], - "catalog_id": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3", - "optional": true, - "on_by_default": true, - "input_mapping": [ - { - "dependency_input": "prefix", - "version_input": "prefix", - "reference_version": true - }, - { - "dependency_input": "existing_resource_group_name", - "version_input": "existing_resource_group_name", - "reference_version": true - }, - { - "dependency_input": "region", - "version_input": "region", - "reference_version": true - }, - { - "dependency_output": "vpc_crn", - "version_input": "existing_vpc_crn" - }, - { - "dependency_input": "subnets", - "version_input": "subnets", - "reference_version": true - }, - { - "dependency_input": "network_acls", - "version_input": "network_acls", - "reference_version": true - } - ] - }, - { - "name": "deploy-arch-ibm-account-infra-base", - "description": "Cloud automation for Account Configuration organizes your IBM Cloud account with a ready-made set of resource groups by default and, when you enable the \"with Account Settings\" option, it also applies baseline security and governance settings. ", - "catalog_id": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3", - "flavors": [ - "resource-group-only", - "resource-groups-with-account-settings" - ], - "default_flavor": "resource-group-only", - "id": "63641cec-6093-4b4f-b7b0-98d2f4185cd6-global", - "input_mapping": [ - { - "dependency_output": "workload_resource_group_name", - "version_input": "existing_resource_group_name" - }, - { - "dependency_input": "prefix", - "version_input": "prefix", - "reference_version": true - } - ], - "optional": true, - "on_by_default": false, - "version": "v3.0.7" - }, - { - "name": "deploy-arch-ibm-kms", - "description": "Enable Cloud Automation for Key Protect when you want services to use your own managed encryption keys. If disabled, it will fall back on IBM Cloud's default service-managed encryption. ", - "id": "2cad4789-fa90-4886-9c9e-857081c273ee-global", - "version": "v5.1.4", - "flavors": [ - "fully-configurable" - ], - "catalog_id": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3", - "optional": true, - "on_by_default": true, - "input_mapping": [ - { - "version_input": "kms_encryption_enabled_cluster", - "value": true - }, - { - "dependency_output": "kms_instance_crn", - "version_input": "existing_kms_instance_crn" - }, - { - "dependency_input": "existing_resource_group_name", - "version_input": "existing_resource_group_name", - "reference_version": true - }, - { - "dependency_input": "prefix", - "version_input": "prefix", - "reference_version": true - } - ] - }, - { - "name": "deploy-arch-ibm-cos", - "description": "Set up a Cloud Object Storage (COS) instance, where an object storage bucket will be created and used as the internal registry storage for OpenShift cluster. ", - "id": "68921490-2778-4930-ac6d-bae7be6cd958-global", - "version": "v9.0.2", - "flavors": [ - "instance" - ], - "catalog_id": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3", - "optional": true, - "on_by_default": true, - "input_mapping": [ - { - "dependency_output": "cos_instance_crn", - "version_input": "existing_cos_instance_crn" - }, - { - "dependency_input": "prefix", - "version_input": "prefix", - "reference_version": true - }, - { - "dependency_input": "existing_resource_group_name", - "version_input": "existing_resource_group_name", - "reference_version": true - } - ] - }, - { - "name": "deploy-arch-ibm-observability", - "description": "Configure IBM Cloud Logs, Cloud Monitoring and Activity Tracker event routing for analysing logs and metrics generated by the OpenShift cluster. ", - "id": "a3137d28-79e0-479d-8a24-758ebd5a0eab-global", - "version": "v3.0.3", - "flavors": [ - "instances" - ], - "catalog_id": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3", - "optional": true, - "on_by_default": true, - "input_mapping": [ - { - "dependency_input": "prefix", - "version_input": "prefix", - "reference_version": true - }, - { - "dependency_input": "enable_platform_metrics", - "version_input": "enable_platform_metrics", - "reference_version": true - }, - { - "dependency_input": "logs_routing_tenant_regions", - "version_input": "logs_routing_tenant_regions", - "reference_version": true - } - ] - }, - { - "name": "deploy-arch-ibm-secrets-manager", - "description": "Configure Secrets Manager instance for centrally managing Ingress subdomain certificates and other secrets. ", - "id": "6d6ebc76-7bbd-42f5-8bc7-78f4fabd5944-global", - "version": "v2.4.0", - "flavors": [ - "fully-configurable" - ], - "catalog_id": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3", - "optional": true, - "on_by_default": true, - "input_mapping": [ - { - "dependency_input": "prefix", - "version_input": "prefix", - "reference_version": true - }, - { - "dependency_input": "service_plan", - "version_input": "secrets_manager_service_plan", - "reference_version": true - }, - { - "dependency_input": "secrets_manager_endpoint_type", - "version_input": "secrets_manager_endpoint_type", - "reference_version": true - }, - { - "dependency_input": "existing_resource_group_name", - "version_input": "existing_resource_group_name", - "reference_version": true - }, - { - "dependency_output": "secrets_manager_crn", - "version_input": "existing_secrets_manager_instance_crn" - }, - { - "version_input": "enable_secrets_manager_integration", - "value": true - } - ] - } - ], - "dependency_version_2": true, - "terraform_version": "1.10.5" - }, { "label": "QuickStart", "name": "quickstart", From 4a186797b5650e10c9e69447fb99a5526cf2e345 Mon Sep 17 00:00:00 2001 From: Arya Girish K Date: Tue, 19 Aug 2025 16:53:31 +0530 Subject: [PATCH 3/7] Testing --- .catalog-onboard-pipeline.yaml | 9 --------- 1 file changed, 9 deletions(-) diff --git a/.catalog-onboard-pipeline.yaml b/.catalog-onboard-pipeline.yaml index c6150d24..b24fb3f4 100644 --- a/.catalog-onboard-pipeline.yaml +++ b/.catalog-onboard-pipeline.yaml @@ -6,15 +6,6 @@ offerings: catalog_id: f64499c8-eb50-4985-bf91-29f9e605a433 offering_id: 1728a4fd-f561-4cf9-82ef-2b1eeb5da1a8 variations: - - name: fully-configurable - mark_ready: true - install_type: fullstack - pre_validation: "tests/scripts/pre-validation-deploy-cos-instance-and-vpc.sh" - post_validation: "tests/scripts/post-validation-destroy-cos-instance-and-vpc.sh" - scc: - instance_id: 1c7d5f78-9262-44c3-b779-b28fe4d88c37 - region: us-south - scope_resource_group_var_name: existing_resource_group_name - name: quickstart mark_ready: true install_type: fullstack From 370ba4a7db54e46762bac3cfc738d1dfbe36c404 Mon Sep 17 00:00:00 2001 From: Arya Girish K Date: Fri, 29 Aug 2025 16:27:37 +0530 Subject: [PATCH 4/7] add SCC profile in Quickstart OCP DA --- .catalog-onboard-pipeline.yaml | 9 + ibm_catalog.json | 998 ++++++++++++++++++++++++++++++++- 2 files changed, 1003 insertions(+), 4 deletions(-) diff --git a/.catalog-onboard-pipeline.yaml b/.catalog-onboard-pipeline.yaml index b24fb3f4..c6150d24 100644 --- a/.catalog-onboard-pipeline.yaml +++ b/.catalog-onboard-pipeline.yaml @@ -6,6 +6,15 @@ offerings: catalog_id: f64499c8-eb50-4985-bf91-29f9e605a433 offering_id: 1728a4fd-f561-4cf9-82ef-2b1eeb5da1a8 variations: + - name: fully-configurable + mark_ready: true + install_type: fullstack + pre_validation: "tests/scripts/pre-validation-deploy-cos-instance-and-vpc.sh" + post_validation: "tests/scripts/post-validation-destroy-cos-instance-and-vpc.sh" + scc: + instance_id: 1c7d5f78-9262-44c3-b779-b28fe4d88c37 + region: us-south + scope_resource_group_var_name: existing_resource_group_name - name: quickstart mark_ready: true install_type: fullstack diff --git a/ibm_catalog.json b/ibm_catalog.json index 9cf056c8..ca63a724 100644 --- a/ibm_catalog.json +++ b/ibm_catalog.json @@ -16,7 +16,9 @@ "terraform", "ocp", "cluster", - "red_hat_openshift" + "red_hat_openshift", + "redhat", + "ROKS" ], "short_description": "Automates the deployment of Red Hat OpenShift container platform on IBM Cloud with optional integration of security and logging services.", "long_description": "The Cloud automation for Red Hat OpenShift Container Platform on VPC enables a scalable and flexible cloud environment for containerized applications with seamless integration to other security and observability services. This architecture can be deployed independently while also serving as a foundational deployable architecture for other architectures like [Cloud automation for Red Hat OpenShift AI](https://cloud.ibm.com/catalog/7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3/architecture/deploy-arch-ibm-ocp-ai-ba708aed-bb8a-4ac0-83a7-53a066701db5-global) to deploy mission critical applications and AI-driven initiatives to market quickly and securely with a managed OpenShift service.\n\nℹ️ This Terraform-based automation is part of a broader suite of IBM-maintained Infrastructure as Code (IaC) assets, each following the naming pattern \"Cloud automation for *servicename*\" and focusing on single IBM Cloud service. These single-service deployable architectures can be used on their own to streamline and automate service deployments through an [IaC approach](https://cloud.ibm.com/docs/secure-enterprise?topic=secure-enterprise-understanding-projects), or assembled together into a broader [automated IaC stack](https://cloud.ibm.com/docs/secure-enterprise?topic=secure-enterprise-config-stack) to automate the deployment of an end-to-end solution architecture.", @@ -46,7 +48,7 @@ }, { "title": "KMS Encryption", - "description": "Optionally you can enable key management services(KMS) [encryption](https://cloud.ibm.com/docs/openshift?topic=openshift-encryption-secrets) of the Kubernetes Secrets and Object Storage bucket using either a newly created key or an existing one." + "description": "Optionally you can enable key management services(KMS) [encryption](https://cloud.ibm.com/docs/openshift?topic=openshift-encryption-setup&interface=ui) to encrypt the OpenShift cluster and its boot volumes. You can use either a newly created encryption key or an existing one." }, { "title": "Secrets Manager", @@ -63,6 +65,994 @@ ], "support_details": "This product is in the community registry, as such support is handled through the originated repo. If you experience issues, please open an issue in the repository [here](https://github.com/terraform-ibm-modules/terraform-ibm-base-ocp-vpc/issues). Please note this product is not supported via the IBM Cloud Support Center.", "flavors": [ + { + "label": "Fully configurable", + "name": "fully-configurable", + "index": 2, + "install_type": "fullstack", + "working_directory": "solutions/fully-configurable", + "compliance": { + "authority": "scc-v3", + "profiles": [ + { + "profile_name": "IBM Cloud Framework for Financial Services", + "profile_version": "1.7.0" + } + ] + }, + "iam_permissions": [ + { + "role_crns": [ + "crn:v1:bluemix:public:iam::::role:Viewer" + ], + "service_name": "Resource group only", + "notes":"Viewer access is required in the resource group you want to provision in." + }, + { + "role_crns": [ + "crn:v1:bluemix:public:iam::::role:Administrator" + ], + "service_name": "All Account Management services", + "notes": "[Optional] Required to create new resource groups when enabling the Account Configuration integration." + }, + { + "role_crns": [ + "crn:v1:bluemix:public:iam::::role:Administrator" + ], + "service_name": "All Identity and Access enabled services", + "notes": "[Optional] Required to create new resource groups with account settings when enabling the Account Configuration integration." + }, + { + "role_crns": [ + "crn:v1:bluemix:public:iam::::role:Editor" + ], + "service_name": "iam-access-groups", + "notes": "[Optional] Required for managing IAM access groups." + }, + { + "service_name": "iam-identity", + "role_crns": [ + "crn:v1:bluemix:public:iam::::role:Operator", + "crn:v1:bluemix:public:iam-identity::::serviceRole:UserApiKeyCreator" + ], + "notes": "Required to create the containers-kubernetes-key for the OpenShift cluster." + }, + { + "role_crns": [ + "crn:v1:bluemix:public:iam::::serviceRole:Manager", + "crn:v1:bluemix:public:iam::::role:Editor" + ], + "service_name": "hs-crypto", + "notes": "[Optional] Required if Hyper Protect Crypto Service is used for encryption." + }, + { + "role_crns": [ + "crn:v1:bluemix:public:iam::::serviceRole:Manager", + "crn:v1:bluemix:public:iam::::role:Editor" + ], + "service_name": "kms", + "notes": "[Optional] [Optional] Required if Key Protect is used for encryption." + }, + { + "role_crns": [ + "crn:v1:bluemix:public:iam::::serviceRole:Manager", + "crn:v1:bluemix:public:iam::::role:Editor" + ], + "service_name": "cloud-object-storage", + "notes": "Required to manage Object storage bucket for the cluster internal registry." + }, + { + "service_name": "containers-kubernetes", + "role_crns": [ + "crn:v1:bluemix:public:iam::::serviceRole:Manager", + "crn:v1:bluemix:public:iam::::role:Administrator" + ], + "notes": "Required to create and manage the Openshift cluster." + }, + { + "service_name": "is.vpc", + "role_crns": [ + "crn:v1:bluemix:public:iam::::role:Editor" + ], + "notes": "Required to create VPC." + }, + { + "role_crns": [ + "crn:v1:bluemix:public:iam::::role:Administrator", + "crn:v1:bluemix:public:iam::::serviceRole:Manager" + ], + "service_name": "secrets-manager", + "notes": "[Optional] Required when enabling the Secrets Manager integration." + }, + { + "role_crns": [ + "crn:v1:bluemix:public:iam::::serviceRole:Manager", + "crn:v1:bluemix:public:iam::::role:Administrator" + ], + "service_name": "sysdig-monitor", + "notes": "[Optional] Required to create an instance of Cloud Monitoring." + }, + { + "role_crns": [ + "crn:v1:bluemix:public:iam::::serviceRole:Manager", + "crn:v1:bluemix:public:iam::::role:Editor" + ], + "service_name": "logs", + "notes": "[Optional] Required to create an instance of Cloud logs." + }, + { + "service_name": "logs-router", + "role_crns": [ + "crn:v1:bluemix:public:iam::::serviceRole:Manager" + ], + "notes": "[Optional] Required to create an instance of Logs Routing." + }, + { + "service_name": "atracker", + "role_crns": [ + "crn:v1:bluemix:public:iam::::serviceRole:Writer", + "crn:v1:bluemix:public:iam::::role:Editor" + ], + "notes": "[Optional] Required when enabling the Activity Tracker Event Routing." + }, + { + "service_name": "metrics-router", + "role_crns": [ + "crn:v1:bluemix:public:iam::::role:Administrator" + ], + "notes": "[Optional] Required to enable metrics routing to the Cloud Monitoring." + }, + { + "role_crns": [ + "crn:v1:bluemix:public:iam::::serviceRole:Manager", + "crn:v1:bluemix:public:iam::::role:Administrator" + ], + "service_name": "event-notifications", + "notes": "[Optional] Required when enabling the Event Notifications integration." + } + ], + "architecture": { + "features": [ + { + "title": " ", + "description": "Configured to use IBM secure by default standards, but can be edited to fit your use case." + } + ], + "diagrams": [ + { + "diagram": { + "caption": "Red Hat OpenShift cluster topology", + "url": "https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-base-ocp-vpc/refs/heads/main/reference-architecture/deployable-architecture-ocp-cluster.svg", + "type": "image/svg+xml" + }, + "description": "This architecture supports creation of Red Hat OpenShift cluster within a Virtual Private Cloud (VPC).

You can create a fully-configured VPC by selecting the [Cloud automation for VPC](https://cloud.ibm.com/catalog/7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3/architecture/deploy-arch-ibm-vpc-2af61763-f8ef-4527-a815-b92166f29bc8-global) dependency or you can use an existing VPC if any. The VPC can be provisioned either in a single-zone or multi-zone configuration, depending on your availability requirements. By default, the VPC addon provisions a three-zone VPC, forming the foundation for your OpenShift cluster. This cluster includes a single worker pool distributed across all three zones, with two worker nodes per zone. If you need additional worker pools, you can easily configure them using the additional_worker_pools variable.

A Cloud Object Storage (COS) instance is required for this topology. Within this instance, an Object Storage bucket will be created, which serves as the internal registry storage for the OpenShift cluster. The [Cloud automation for Object Storage](https://cloud.ibm.com/catalog/7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3/architecture/deploy-arch-ibm-cos-68921490-2778-4930-ac6d-bae7be6cd958-global) architecture supports the creation of COS instance. Additionally, Key Management Services(KMS) is used to encrypt the cluster and the boot volumes used by the cluster to enhance security.

For logging and monitoring needs, you can enable Observability for your cluster. [Cloud automation for Observability](https://cloud.ibm.com/catalog/7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3/architecture/deploy-arch-ibm-observability-a3137d28-79e0-479d-8a24-758ebd5a0eab-global) provides advanced monitoring, logging, and operational insights into the performance and health of your deployment.

Secrets Manager Integration can also be enabled using [Cloud automation for Secrets Manager](https://cloud.ibm.com/catalog/7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3/architecture/deploy-arch-ibm-secrets-manager-6d6ebc76-7bbd-42f5-8bc7-78f4fabd5944-global) for centrally managing Ingress subdomain certificates, ensuring secure management of sensitive credentials.

This architecture provides a robust and secure foundation for deploying and managing your Red Hat OpenShift cluster, enabling seamless integration, enhanced security, and comprehensive monitoring for your cloud-native applications." + } + ] + }, + "configuration": [ + { + "key": "ibmcloud_api_key" + }, + { + "key": "prefix", + "required": true + }, + { + "key": "cluster_name", + "required": true + }, + { + "key": "ocp_version", + "required": true, + "default_value": "4.18", + "options": [ + { + "displayname": "4.18", + "value": "4.18" + }, + { + "displayname": "4.17", + "value": "4.17" + }, + { + "displayname": "4.16", + "value": "4.16" + }, + { + "displayname": "4.15", + "value": "4.15" + }, + { + "displayname": "4.14", + "value": "4.14" + } + ] + }, + { + "key": "default_worker_pool_machine_type", + "required": true, + "options": [ + { + "displayname": "bx2.16x64", + "value": "bx2.16x64" + }, + { + "displayname": "bx2.32x128", + "value": "bx2.32x128" + }, + { + "displayname": "bx2.48x192", + "value": "bx2.48x192" + }, + { + "displayname": "bx2.8x32", + "value": "bx2.8x32" + }, + { + "displayname": "bx3d.128x640", + "value": "bx3d.128x640" + }, + { + "displayname": "bx3d.16x80", + "value": "bx3d.16x80" + }, + { + "displayname": "bx3d.24x120", + "value": "bx3d.24x120" + }, + { + "displayname": "bx3d.32x160", + "value": "bx3d.32x160" + }, + { + "displayname": "bx3d.48x240", + "value": "bx3d.48x240" + }, + { + "displayname": "bx3d.64x320", + "value": "bx3d.64x320" + }, + { + "displayname": "bx3d.8x40", + "value": "bx3d.8x40" + }, + { + "displayname": "bx3d.96x480", + "value": "bx3d.96x480" + }, + { + "displayname": "cx2.16x32", + "value": "cx2.16x32" + }, + { + "displayname": "cx2.32x64", + "value": "cx2.32x64" + }, + { + "displayname": "cx2.48x96", + "value": "cx2.48x96" + }, + { + "displayname": "cx3d.128x320", + "value": "cx3d.128x320" + }, + { + "displayname": "cx3d.16x40", + "value": "cx3d.16x40" + }, + { + "displayname": "cx3d.24x60", + "value": "cx3d.24x60" + }, + { + "displayname": "cx3d.32x80", + "value": "cx3d.32x80" + }, + { + "displayname": "cx3d.48x120", + "value": "cx3d.48x120" + }, + { + "displayname": "cx3d.64x160", + "value": "cx3d.64x160" + }, + { + "displayname": "cx3d.96x240", + "value": "cx3d.96x240" + }, + { + "displayname": "mx2.128x1024", + "value": "mx2.128x1024" + }, + { + "displayname": "mx2.16x128", + "value": "mx2.16x128" + }, + { + "displayname": "mx2.32x256", + "value": "mx2.32x256" + }, + { + "displayname": "mx2.48x384", + "value": "mx2.48x384" + }, + { + "displayname": "mx2.64x512", + "value": "mx2.64x512" + }, + { + "displayname": "mx2.8x64", + "value": "mx2.8x64" + }, + { + "displayname": "mx3d.128x1280", + "value": "mx3d.128x1280" + }, + { + "displayname": "mx3d.24x240", + "value": "mx3d.24x240" + }, + { + "displayname": "mx3d.32x320", + "value": "mx3d.32x320" + }, + { + "displayname": "mx3d.48x480", + "value": "mx3d.48x480" + }, + { + "displayname": "mx3d.64x640", + "value": "mx3d.64x640" + }, + { + "displayname": "mx3d.96x960", + "value": "mx3d.96x960" + }, + { + "displayname": "bx2d.metal.96x384 (Only available in Toronto (ca-tor))", + "value": "bx2d.metal.96x384" + }, + { + "displayname": "cx2d.metal.96x192 (Only available in Toronto (ca-tor)) ", + "value": "cx2d.metal.96x192" + }, + { + "displayname": "mx2d.metal.96x768 (Only available in Toronto (ca-tor))) ", + "value": "mx2d.metal.96x768" + }, + { + "displayname": "mx2.16x128.2000gb (Not available in Sao Paulo (br-sao), Montreal (ca-mon), Madrid (eu-es), Osaka (jp-osa))", + "value": "mx2.16x128.2000gb" + }, + { + "displayname": "ox2.128x1024 (Not available in Sao Paulo (br-sao), Montreal (ca-mon))", + "value": "ox2.128x1024" + }, + { + "displayname": "ox2.16x128 (Not available in Sao Paulo (br-sao), Montreal (ca-mon))", + "value": "ox2.16x128" + }, + { + "displayname": "ox2.32x256 (Not available in Sao Paulo (br-sao), Montreal (ca-mon))", + "value": "ox2.32x256" + }, + { + "displayname": "ox2.64x512 (Not available in Sao Paulo (br-sao), Montreal (ca-mon))", + "value": "ox2.64x512" + }, + { + "displayname": "ox2.8x64 (Not available in Sao Paulo (br-sao), Montreal (ca-mon))", + "value": "ox2.8x64" + }, + { + "displayname": "ox2.96x768 (Not available in Sao Paulo (br-sao), Montreal (ca-mon))", + "value": "ox2.96x768" + } + ] + }, + { + "key": "default_worker_pool_workers_per_zone", + "required": true + }, + { + "key": "default_worker_pool_operating_system", + "required": true, + "options": [ + { + "displayname": "RHEL 9", + "value": "RHEL_9_64" + }, + { + "displayname": "Red Hat CoreOS", + "value": "RHCOS" + }, + { + "displayname": "RHEL 8", + "value": "REDHAT_8_64" + } + ] + }, + { + "key": "existing_vpc_crn", + "required": true + }, + { + "key": "region", + "required": true, + "type": "string", + "custom_config": { + "config_constraints": { + "generationType": "2" + }, + "grouping": "deployment", + "original_grouping": "deployment", + "type": "vpc_region" + }, + "description": "Region in which all the resources will be deployed. [Learn More](https://terraform-ibm-modules.github.io/documentation/#/region).", + "virtual": true, + "default_value": "us-south" + }, + { + "key": "existing_cos_instance_crn", + "required": true + }, + { + "key": "disable_public_endpoint", + "required": true + }, + { + "key": "enable_platform_metrics", + "type": "string", + "default_value": "true", + "description": "When set to `true`, the IBM Cloud Monitoring instance will be configured to collect platform metrics from the provided region. ⚠️ You can configure 1 instance only of the IBM Cloud Monitoring service per region to collect platform metrics in that location. Check with the account or service administrator if another monitoring instance has already been configured. You may not have permissions to see all monitoring instances in the region. [Learn more](https://cloud.ibm.com/docs/monitoring?topic=monitoring-platform_metrics_enabling).", + "required": true, + "virtual": true, + "options": [ + { + "displayname": "true", + "value": "true" + }, + { + "displayname": "false", + "value": "false" + } + ] + }, + { + "key": "logs_routing_tenant_regions", + "type": "list(string)", + "default_value": "[]", + "description": "To manage platform logs that are generated by IBM Cloud services in a region of IBM Cloud, you must create a tenant in each region that you operate. Pass a list of regions to create a tenant in. For example: [\"us-south\", \"us-east\"]. [Learn more](https://cloud.ibm.com/docs/logs-router?topic=logs-router-about-platform-logs).", + "required": true, + "virtual": true, + "custom_config": { + "grouping": "deployment", + "original_grouping": "deployment", + "config_constraints": { + "type": "string" + } + } + }, + { + "key": "existing_resource_group_name", + "display_name": "resource_group", + "custom_config": { + "type": "resource_group", + "grouping": "deployment", + "original_grouping": "deployment", + "config_constraints": { + "identifier": "rg_name" + } + } + }, + { + "key": "cluster_resource_tags", + "custom_config": { + "type": "array", + "grouping": "deployment", + "original_grouping": "deployment", + "config_constraints": { + "type": "string" + } + } + }, + { + "key": "access_tags", + "custom_config": { + "type": "array", + "grouping": "deployment", + "original_grouping": "deployment", + "config_constraints": { + "type": "string" + } + } + }, + { + "key": "ocp_entitlement" + }, + { + "key": "cluster_ready_when", + "options": [ + { + "displayname": "Normal", + "value": "Normal" + }, + { + "displayname": "IngressReady", + "value": "IngressReady" + }, + { + "displayname": "OneWorkerNodeReady", + "value": "OneWorkerNodeReady" + }, + { + "displayname": "MasterNodeReady", + "value": "MasterNodeReady" + } + ] + }, + { + "key": "enable_ocp_console" + }, + { + "key": "addons" + }, + { + "key": "manage_all_addons" + }, + { + "key": "additional_worker_pools", + "type": "array", + "custom_config": { + "type": "textarea", + "grouping": "deployment", + "original_grouping": "deployment" + } + }, + { + "key": "worker_pools_taints", + "type": "array", + "custom_config": { + "type": "textarea", + "grouping": "deployment", + "original_grouping": "deployment" + } + }, + { + "key": "ignore_worker_pool_size_changes" + }, + { + "key": "allow_default_worker_pool_replacement" + }, + { + "key": "default_worker_pool_labels" + }, + { + "key": "enable_autoscaling_for_default_pool" + }, + { + "key": "default_pool_minimum_number_of_nodes" + }, + { + "key": "default_pool_maximum_number_of_nodes" + }, + { + "key": "additional_security_group_ids" + }, + { + "key": "existing_subnet_ids" + }, + { + "key": "use_private_endpoint" + }, + { + "key": "cluster_config_endpoint_type", + "options": [ + { + "displayname": "default", + "value": "default" + }, + { + "displayname": "private", + "value": "private" + }, + { + "displayname": "vpe", + "value": "vpe" + }, + { + "displayname": "link", + "value": "link" + } + ] + }, + { + "key": "disable_outbound_traffic_protection" + }, + { + "key": "verify_worker_network_readiness" + }, + { + "key": "pod_subnet_cidr" + }, + { + "key": "service_subnet_cidr" + }, + { + "key": "custom_security_group_ids" + }, + { + "key": "attach_ibm_managed_security_group" + }, + { + "key": "additional_lb_security_group_ids" + }, + { + "key": "number_of_lbs" + }, + { + "key": "additional_vpe_security_group_ids" + }, + { + "key": "ibmcloud_kms_api_key" + }, + { + "key": "kms_encryption_enabled_cluster" + }, + { + "key": "existing_kms_instance_crn" + }, + { + "key": "existing_cluster_kms_key_crn" + }, + { + "key": "kms_endpoint_type", + "options": [ + { + "displayname": "Public", + "value": "public" + }, + { + "displayname": "Private", + "value": "private" + } + ], + "hidden": true + }, + { + "key": "cluster_kms_key_name" + }, + { + "key": "cluster_kms_key_ring_name" + }, + { + "key": "kms_encryption_enabled_boot_volume" + }, + { + "key": "existing_boot_volume_kms_key_crn" + }, + { + "key": "boot_volume_kms_key_name" + }, + { + "key": "boot_volume_kms_key_ring_name" + }, + { + "key": "cbr_rules", + "display_name": "openshift_cluster_cbr_rules", + "type": "array", + "custom_config": { + "type": "textarea", + "grouping": "deployment", + "original_grouping": "deployment" + } + }, + { + "key": "enable_secrets_manager_integration" + }, + { + "key": "existing_secrets_manager_instance_crn" + }, + { + "key": "secrets_manager_secret_group_id" + }, + { + "key": "secrets_manager_endpoint_type", + "hidden": true + }, + { + "key": "secrets_manager_service_plan", + "required": true, + "virtual": true, + "type": "string", + "options": [ + { + "displayname": "Standard", + "value": "standard" + }, + { + "displayname": "Trial", + "value": "trial" + } + ], + "default_value": "__NOT_SET__", + "description": "The pricing plan to use when provisioning a Secrets Manager instance. Possible values: `standard`, `trial`. You can create only one Trial instance of Secrets Manager per account. Before you can create a new Trial instance, you must delete the existing Trial instance and its reclamation. [Learn more](https://cloud.ibm.com/docs/secrets-manager?topic=secrets-manager-create-instance&interface=ui#upgrade-instance-standard)." + }, + { + "key": "skip_ocp_secrets_manager_iam_auth_policy" + }, + { + "key": "subnets", + "type": "object", + "default_value": "{\n zone-1 = [\n {\n name = \"subnet-a\"\n cidr = \"10.10.10.0/24\"\n public_gateway = true\n acl_name = \"vpc-acl\"\n no_addr_prefix = false\n }\n ],\n zone-2 = [\n {\n name = \"subnet-b\"\n cidr = \"10.20.10.0/24\"\n public_gateway = false\n acl_name = \"vpc-acl\"\n no_addr_prefix = false\n }\n ],\n zone-3 = [\n {\n name = \"subnet-c\"\n cidr = \"10.30.10.0/24\"\n public_gateway = false\n acl_name = \"vpc-acl\"\n no_addr_prefix = false\n }\n ]\n }", + "description": "List of subnets for the vpc. For each item in each array, a subnet will be created. Items can be either CIDR blocks or total ipv4 addressess. Public gateways will be enabled only in zones where a gateway has been created. [Learn more](https://github.com/terraform-ibm-modules/terraform-ibm-landing-zone-vpc/blob/main/solutions/fully-configurable/DA-types.md#subnets-).", + "required": false, + "virtual": true + }, + { + "key": "network_acls", + "type": "list(object)", + "default_value": "[\n {\n name = \"vpc-acl\"\n add_ibm_cloud_internal_rules = true\n add_vpc_connectivity_rules = true\n prepend_ibm_rules = true\n rules = [\n {\n name = \"allow-all-443-inbound\"\n action = \"allow\"\n direction = \"inbound\"\n tcp = {\n port_min = 443\n port_max = 443\n }\n destination = \"0.0.0.0/0\"\n source = \"0.0.0.0/0\"\n },\n {\n name = \"allow-all-80-inbound\"\n action = \"allow\"\n direction = \"inbound\"\n tcp = {\n port_min = 80\n port_max = 80\n source_port_min = 80\n source_port_max = 80\n }\n destination = \"0.0.0.0/0\"\n source = \"0.0.0.0/0\"\n },\n {\n name = \"allow-all-ingress-inbound\"\n action = \"allow\"\n direction = \"inbound\"\n tcp = {\n source_port_min = 30000\n source_port_max = 32767\n }\n destination = \"0.0.0.0/0\"\n source = \"0.0.0.0/0\"\n },\n {\n name = \"allow-all-443-outbound\"\n action = \"allow\"\n direction = \"outbound\"\n tcp = {\n source_port_min = 443\n source_port_max = 443\n }\n destination = \"0.0.0.0/0\"\n source = \"0.0.0.0/0\"\n },\n {\n name = \"allow-all-80-outbound\"\n action = \"allow\"\n direction = \"outbound\"\n tcp = {\n source_port_min = 80\n source_port_max = 80\n port_min = 80\n port_max = 80\n }\n destination = \"0.0.0.0/0\"\n source = \"0.0.0.0/0\"\n },\n {\n name = \"allow-all-ingress-outbound\"\n action = \"allow\"\n direction = \"outbound\"\n tcp = {\n port_min = 30000\n port_max = 32767\n }\n destination = \"0.0.0.0/0\"\n source = \"0.0.0.0/0\"\n }\n ]\n }\n]", + "description": "The list of ACLs to create. Provide at least one rule for each ACL. [Learn more](https://github.com/terraform-ibm-modules/terraform-ibm-landing-zone-vpc/blob/main/solutions/fully-configurable/DA-types.md#network-acls-).", + "required": false, + "virtual": true, + "custom_config": { + "type": "textarea", + "grouping": "deployment", + "original_grouping": "deployment" + } + }, + { + "key": "provider_visibility", + "options": [ + { + "displayname": "private", + "value": "private" + }, + { + "displayname": "public", + "value": "public" + }, + { + "displayname": "public-and-private", + "value": "public-and-private" + } + ], + "hidden": true + }, + { + "key": "enable_kube_audit" + }, + { + "key": "audit_deployment_name" + }, + { + "key": "audit_log_policy", + "options": [ + { + "displayname": "Default", + "value": "default" + }, + { + "displayname": "Write Request Bodies", + "value": "WriteRequestBodies" + } + ] + }, + { + "key": "audit_namespace" + }, + { + "key": "audit_webhook_listener_image" + }, + { + "key": "audit_webhook_listener_image_tag_digest" + } + ], + "dependencies": [ + { + "name": "deploy-arch-ibm-vpc", + "description": "Configure the VPC and subnets to deploy the OpenShift cluster.", + "id": "2af61763-f8ef-4527-a815-b92166f29bc8-global", + "version": "v7.24.0", + "flavors": [ + "fully-configurable" + ], + "catalog_id": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3", + "optional": false, + "on_by_default": true, + "input_mapping": [ + { + "dependency_input": "prefix", + "version_input": "prefix", + "reference_version": true + }, + { + "dependency_input": "existing_resource_group_name", + "version_input": "existing_resource_group_name", + "reference_version": true + }, + { + "dependency_input": "region", + "version_input": "region", + "reference_version": true + }, + { + "dependency_output": "vpc_crn", + "version_input": "existing_vpc_crn" + }, + { + "dependency_input": "subnets", + "version_input": "subnets", + "reference_version": true + }, + { + "dependency_input": "network_acls", + "version_input": "network_acls", + "reference_version": true + } + ] + }, + { + "name": "deploy-arch-ibm-account-infra-base", + "description": "Organize your IBM Cloud account with preconfigured resource groups. If not selected, the default resource group is used. Optionally, expand to apply recommended security controls via \"with Account Settings\" variation.", + "catalog_id": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3", + "flavors": [ + "resource-group-only", + "resource-groups-with-account-settings" + ], + "default_flavor": "resource-group-only", + "id": "63641cec-6093-4b4f-b7b0-98d2f4185cd6-global", + "input_mapping": [ + { + "dependency_output": "workload_resource_group_name", + "version_input": "existing_resource_group_name" + }, + { + "dependency_input": "prefix", + "version_input": "prefix", + "reference_version": true + } + ], + "optional": true, + "on_by_default": false, + "version": "v3.0.7" + }, + { + "name": "deploy-arch-ibm-kms", + "description": "Enables managed encryption with your own keys via IBM Cloud Key Protect. If disabled, services will default to IBM-managed encryption.", + "id": "2cad4789-fa90-4886-9c9e-857081c273ee-global", + "version": "v5.1.4", + "flavors": [ + "fully-configurable" + ], + "catalog_id": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3", + "optional": true, + "on_by_default": true, + "input_mapping": [ + { + "version_input": "kms_encryption_enabled_cluster", + "value": true + }, + { + "dependency_output": "kms_instance_crn", + "version_input": "existing_kms_instance_crn" + }, + { + "dependency_input": "existing_resource_group_name", + "version_input": "existing_resource_group_name", + "reference_version": true + }, + { + "dependency_input": "prefix", + "version_input": "prefix", + "reference_version": true + } + ] + }, + { + "name": "deploy-arch-ibm-cos", + "description": "Sets up a Cloud Object Storage (COS) instance and bucket to serve as the internal registry storage for your OpenShift cluster.", + "id": "68921490-2778-4930-ac6d-bae7be6cd958-global", + "version": "v9.0.2", + "flavors": [ + "instance" + ], + "catalog_id": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3", + "optional": true, + "on_by_default": true, + "input_mapping": [ + { + "dependency_output": "cos_instance_crn", + "version_input": "existing_cos_instance_crn" + }, + { + "dependency_input": "prefix", + "version_input": "prefix", + "reference_version": true + }, + { + "dependency_input": "existing_resource_group_name", + "version_input": "existing_resource_group_name", + "reference_version": true + } + ] + }, + { + "name": "deploy-arch-ibm-observability", + "description": "Sets up IBM Cloud Logs, Monitoring, and Activity Tracker routing to analyze metrics and logs from your OpenShift cluster.", + "id": "a3137d28-79e0-479d-8a24-758ebd5a0eab-global", + "version": "v3.0.3", + "flavors": [ + "instances" + ], + "catalog_id": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3", + "optional": true, + "on_by_default": true, + "input_mapping": [ + { + "dependency_input": "prefix", + "version_input": "prefix", + "reference_version": true + }, + { + "dependency_input": "enable_platform_metrics", + "version_input": "enable_platform_metrics", + "reference_version": true + }, + { + "dependency_input": "logs_routing_tenant_regions", + "version_input": "logs_routing_tenant_regions", + "reference_version": true + } + ] + }, + { + "name": "deploy-arch-ibm-secrets-manager", + "description": "Provisions a Secrets Manager instance to centrally manage Ingress subdomain certificates and other sensitive credentials.", + "id": "6d6ebc76-7bbd-42f5-8bc7-78f4fabd5944-global", + "version": "v2.4.0", + "flavors": [ + "fully-configurable" + ], + "catalog_id": "7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3", + "optional": true, + "on_by_default": true, + "input_mapping": [ + { + "dependency_input": "prefix", + "version_input": "prefix", + "reference_version": true + }, + { + "dependency_input": "service_plan", + "version_input": "secrets_manager_service_plan", + "reference_version": true + }, + { + "dependency_input": "secrets_manager_endpoint_type", + "version_input": "secrets_manager_endpoint_type", + "reference_version": true + }, + { + "dependency_input": "existing_resource_group_name", + "version_input": "existing_resource_group_name", + "reference_version": true + }, + { + "dependency_output": "secrets_manager_crn", + "version_input": "existing_secrets_manager_instance_crn" + }, + { + "version_input": "enable_secrets_manager_integration", + "value": true + } + ] + } + ], + "dependency_version_2": true, + "terraform_version": "1.10.5" + }, { "label": "QuickStart", "name": "quickstart", @@ -132,7 +1122,7 @@ "url": "https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-base-ocp-vpc/refs/heads/main/reference-architecture/deployable-architecture-ocp-cluster-qs.svg", "type": "image/svg+xml" }, - "description": "This QuickStart variation of deployable architecture enables deployment of a Red Hat OpenShift cluster within an IBM Cloud Virtual Private Cloud (VPC). It provisions the OpenShift cluster and its foundational VPC infrastructure with a limited set of essential options for rapid and streamlined setup. Additionally, the deployment creates an Object Storage bucket that serves as the internal container image registry for the OpenShift cluster. Thus, it helps ensure seamless storage integration.

Users can select from predefined cluster sizes — mini (default), small, medium, and large. Each size determining the number of availability zones, worker nodes per zone, and the machine type (worker node flavor). [Learn more](https://github.com/terraform-ibm-modules/terraform-ibm-base-ocp-vpc/blob/main/solutions/quickstart/DA_docs.md).

By default, the architecture provisions a two-zone VPC, forming the foundation for the OpenShift cluster. The cluster comprises a single worker pool distributed across these zones, with two worker nodes per zone in the mini configuration.

This streamlined architecture balances ease of use with flexibility, enabling rapid OpenShift cluster deployments with the infrastructure, integrated storage services, and right-sized compute resources of IBM Cloud." + "description": "This deployable architecture enables deployment of a Red Hat OpenShift cluster within an IBM Cloud Virtual Private Cloud (VPC). It provisions the OpenShift cluster and its foundational VPC infrastructure with a limited set of essential options for rapid and streamlined setup. Additionally, the deployment creates an Object Storage bucket that serves as the internal container image registry for the OpenShift cluster. Thus, it helps ensure seamless storage integration.

Users can select from predefined cluster sizes — mini (default), small, medium, and large. Each size determines the number of availability zones, worker nodes per zone, and the machine type (worker node flavor). [Learn more](https://github.com/terraform-ibm-modules/terraform-ibm-base-ocp-vpc/blob/main/solutions/quickstart/DA_docs.md).

By default, the architecture provisions a two-zone VPC, forming the foundation for the OpenShift cluster. The cluster comprises a single worker pool distributed across these zones, with two worker nodes per zone in the mini configuration.

This streamlined architecture balances ease of use with flexibility, enabling rapid OpenShift cluster deployments with the infrastructure, integrated storage services, and right-sized compute resources of IBM Cloud." } ] }, @@ -286,4 +1276,4 @@ ] } ] -} +} \ No newline at end of file From dd6ac9d1c8c6ef67da4faa36f0fcfb8406cf5314 Mon Sep 17 00:00:00 2001 From: Arya Girish K Date: Fri, 29 Aug 2025 18:15:06 +0530 Subject: [PATCH 5/7] Update catalog --- ibm_catalog.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ibm_catalog.json b/ibm_catalog.json index ca63a724..63452bfd 100644 --- a/ibm_catalog.json +++ b/ibm_catalog.json @@ -1276,4 +1276,4 @@ ] } ] -} \ No newline at end of file +} From b1c27c574702eaa99746d46b5a2a6ba962a011d4 Mon Sep 17 00:00:00 2001 From: Aayush-Abhyarthi Date: Mon, 1 Sep 2025 13:36:59 +0530 Subject: [PATCH 6/7] fix: pre-commit --- common-dev-assets | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/common-dev-assets b/common-dev-assets index 2ba5cc2c..abf631a1 160000 --- a/common-dev-assets +++ b/common-dev-assets @@ -1 +1 @@ -Subproject commit 2ba5cc2c867361e8bcf34bd95f7359cc03d82b25 +Subproject commit abf631a16a48a308e609896937e1eed16b4aae4e From ea24d89517da5a284e93364ceff315004f70b217 Mon Sep 17 00:00:00 2001 From: Aayush-Abhyarthi Date: Mon, 1 Sep 2025 13:48:35 +0530 Subject: [PATCH 7/7] fix: pre-commit --- ibm_catalog.json | 24 ++++++++++++----------- modules/kube-audit/README.md | 2 +- modules/kube-audit/scripts/set_webhook.sh | 4 ++-- modules/kube-audit/variables.tf | 2 +- solutions/fully-configurable/variables.tf | 2 +- 5 files changed, 18 insertions(+), 16 deletions(-) diff --git a/ibm_catalog.json b/ibm_catalog.json index 63452bfd..022ca9c8 100644 --- a/ibm_catalog.json +++ b/ibm_catalog.json @@ -86,7 +86,7 @@ "crn:v1:bluemix:public:iam::::role:Viewer" ], "service_name": "Resource group only", - "notes":"Viewer access is required in the resource group you want to provision in." + "notes": "Viewer access is required in the resource group you want to provision in." }, { "role_crns": [ @@ -785,7 +785,7 @@ "key": "subnets", "type": "object", "default_value": "{\n zone-1 = [\n {\n name = \"subnet-a\"\n cidr = \"10.10.10.0/24\"\n public_gateway = true\n acl_name = \"vpc-acl\"\n no_addr_prefix = false\n }\n ],\n zone-2 = [\n {\n name = \"subnet-b\"\n cidr = \"10.20.10.0/24\"\n public_gateway = false\n acl_name = \"vpc-acl\"\n no_addr_prefix = false\n }\n ],\n zone-3 = [\n {\n name = \"subnet-c\"\n cidr = \"10.30.10.0/24\"\n public_gateway = false\n acl_name = \"vpc-acl\"\n no_addr_prefix = false\n }\n ]\n }", - "description": "List of subnets for the vpc. For each item in each array, a subnet will be created. Items can be either CIDR blocks or total ipv4 addressess. Public gateways will be enabled only in zones where a gateway has been created. [Learn more](https://github.com/terraform-ibm-modules/terraform-ibm-landing-zone-vpc/blob/main/solutions/fully-configurable/DA-types.md#subnets-).", + "description": "List of subnets for the vpc. For each item in each array, a subnet will be created. Items can be either CIDR blocks or total ipv4 addresses. Public gateways will be enabled only in zones where a gateway has been created. [Learn more](https://github.com/terraform-ibm-modules/terraform-ibm-landing-zone-vpc/blob/main/solutions/fully-configurable/DA-types.md#subnets-).", "required": false, "virtual": true }, @@ -1093,19 +1093,19 @@ "notes": "Required for creating Virtual Private Cloud (VPC)." }, { - "service_name": "cloud-object-storage", - "role_crns": [ - "crn:v1:bluemix:public:iam::::serviceRole:Manager", - "crn:v1:bluemix:public:iam::::role:Editor" - ], - "notes": "Required for creating the OpenShift cluster's internal registry storage bucket." + "service_name": "cloud-object-storage", + "role_crns": [ + "crn:v1:bluemix:public:iam::::serviceRole:Manager", + "crn:v1:bluemix:public:iam::::role:Editor" + ], + "notes": "Required for creating the OpenShift cluster's internal registry storage bucket." }, { "role_crns": [ "crn:v1:bluemix:public:iam::::role:Viewer" ], "service_name": "Resource group only", - "notes":"Viewer access is required in the resource group you want to provision in." + "notes": "Viewer access is required in the resource group you want to provision in." } ], "architecture": { @@ -1255,7 +1255,7 @@ }, { "key": "access_tags", - "hidden":true, + "hidden": true, "custom_config": { "type": "array", "grouping": "deployment", @@ -1271,7 +1271,9 @@ { "key": "disable_outbound_traffic_protection" } - ] + ], + "dependency_version_2": true, + "terraform_version": "1.10.5" } ] } diff --git a/modules/kube-audit/README.md b/modules/kube-audit/README.md index da3dbc4d..0cc061f3 100644 --- a/modules/kube-audit/README.md +++ b/modules/kube-audit/README.md @@ -80,7 +80,7 @@ No modules. | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| [audit\_deployment\_name](#input\_audit\_deployment\_name) | The name of log collection deployement and service. | `string` | `"ibmcloud-kube-audit"` | no | +| [audit\_deployment\_name](#input\_audit\_deployment\_name) | The name of log collection deployment and service. | `string` | `"ibmcloud-kube-audit"` | no | | [audit\_log\_policy](#input\_audit\_log\_policy) | Specify the amount of information that is logged to the API server audit logs by choosing the audit log policy profile to use. Supported values are `default` and `WriteRequestBodies`. | `string` | `"default"` | no | | [audit\_namespace](#input\_audit\_namespace) | The name of the namespace where log collection service and a deployment will be created. | `string` | `"ibm-kube-audit"` | no | | [audit\_webhook\_listener\_image](#input\_audit\_webhook\_listener\_image) | The audit webhook listener image reference in the format of `[registry-url]/[namespace]/[image]`.The sub-module uses the `icr.io/ibm/ibmcloud-kube-audit-to-ibm-cloud-logs` image to forward logs to IBM Cloud Logs. This image is for demonstration purposes only. For a production solution, configure and maintain your own log forwarding image. | `string` | `"icr.io/ibm/ibmcloud-kube-audit-to-ibm-cloud-logs"` | no | diff --git a/modules/kube-audit/scripts/set_webhook.sh b/modules/kube-audit/scripts/set_webhook.sh index c65cccb4..483567ae 100755 --- a/modules/kube-audit/scripts/set_webhook.sh +++ b/modules/kube-audit/scripts/set_webhook.sh @@ -20,7 +20,7 @@ get_cloud_endpoint() { get_cloud_endpoint -# This is a workaround function added to retrive a new token, this can be removed once this issue(https://github.com/IBM-Cloud/terraform-provider-ibm/issues/6107) is fixed. +# This is a workaround function added to retrieve a new token, this can be removed once this issue(https://github.com/IBM-Cloud/terraform-provider-ibm/issues/6107) is fixed. fetch_token() { if [ "$IBMCLOUD_IAM_API_ENDPOINT" = "iam.cloud.ibm.com" ]; then if [ "$PRIVATE_ENV" = true ]; then @@ -38,7 +38,7 @@ fetch_token() { fetch_token -# This is a workaround function added to retrive the CA cert, this can be removed once this issue(https://github.com/IBM-Cloud/terraform-provider-ibm/issues/6068) is fixed. +# This is a workaround function added to retrieve the CA cert, this can be removed once this issue(https://github.com/IBM-Cloud/terraform-provider-ibm/issues/6068) is fixed. get_ca_cert() { if [ "$IBMCLOUD_CS_API_ENDPOINT" = "containers.cloud.ibm.com" ]; then if [ "$PRIVATE_ENV" = true ]; then diff --git a/modules/kube-audit/variables.tf b/modules/kube-audit/variables.tf index a9e5a7f1..d8f71300 100644 --- a/modules/kube-audit/variables.tf +++ b/modules/kube-audit/variables.tf @@ -81,7 +81,7 @@ variable "audit_namespace" { variable "audit_deployment_name" { type = string - description = "The name of log collection deployement and service." + description = "The name of log collection deployment and service." default = "ibmcloud-kube-audit" } diff --git a/solutions/fully-configurable/variables.tf b/solutions/fully-configurable/variables.tf index cc91c826..68f9e80b 100644 --- a/solutions/fully-configurable/variables.tf +++ b/solutions/fully-configurable/variables.tf @@ -586,7 +586,7 @@ variable "audit_namespace" { variable "audit_deployment_name" { type = string - description = "The name of log collection deployement and service." + description = "The name of log collection deployment and service." default = "ibmcloud-kube-audit" }