From 83ae92e2b74b5aaf077253fdca8697c9cfd2b10d Mon Sep 17 00:00:00 2001 From: Md Anam Raihan Date: Wed, 15 Oct 2025 15:17:21 +0530 Subject: [PATCH 01/18] fix: extract out worker_pool logic --- main.tf | 134 ++++--------------------------- modules/worker-pool/README.md | 0 modules/worker-pool/main.tf | 112 ++++++++++++++++++++++++++ modules/worker-pool/outputs.tf | 4 + modules/worker-pool/variables.tf | 76 ++++++++++++++++++ modules/worker-pool/version.tf | 10 +++ outputs.tf | 2 +- 7 files changed, 219 insertions(+), 119 deletions(-) create mode 100644 modules/worker-pool/README.md create mode 100644 modules/worker-pool/main.tf create mode 100644 modules/worker-pool/outputs.tf create mode 100644 modules/worker-pool/variables.tf create mode 100644 modules/worker-pool/version.tf diff --git a/main.tf b/main.tf index d89fc561..636e97fd 100644 --- a/main.tf +++ b/main.tf @@ -7,9 +7,6 @@ locals { # ibm_container_vpc_cluster automatically names default pool "default" (See https://github.com/IBM-Cloud/terraform-provider-ibm/issues/2849) default_pool = element([for pool in var.worker_pools : pool if pool.pool_name == "default"], 0) - # all_standalone_pools are the pools managed by a 'standalone' ibm_container_vpc_worker_pool resource - all_standalone_pools = [for pool in var.worker_pools : pool if !var.ignore_worker_pool_size_changes] - all_standalone_autoscaling_pools = [for pool in var.worker_pools : pool if var.ignore_worker_pool_size_changes] default_ocp_version = "${data.ibm_container_cluster_versions.cluster_versions.default_openshift_version}_openshift" ocp_version = var.ocp_version == null || var.ocp_version == "default" ? local.default_ocp_version : "${var.ocp_version}_openshift" @@ -321,114 +318,15 @@ data "ibm_container_cluster_config" "cluster_config" { endpoint_type = var.cluster_config_endpoint_type != "default" ? var.cluster_config_endpoint_type : null # null value represents default } -############################################################################## -# Worker Pools -############################################################################## - -locals { - additional_pool_names = var.ignore_worker_pool_size_changes ? [for pool in local.all_standalone_autoscaling_pools : pool.pool_name] : [for pool in local.all_standalone_pools : pool.pool_name] - pool_names = toset(flatten([["default"], local.additional_pool_names])) -} - -data "ibm_container_vpc_worker_pool" "all_pools" { - depends_on = [ibm_container_vpc_worker_pool.autoscaling_pool, ibm_container_vpc_worker_pool.pool] - for_each = local.pool_names - cluster = local.cluster_id - worker_pool_name = each.value -} - -resource "ibm_container_vpc_worker_pool" "pool" { - for_each = { for pool in local.all_standalone_pools : pool.pool_name => pool } - vpc_id = var.vpc_id - resource_group_id = var.resource_group_id - cluster = local.cluster_id - worker_pool_name = each.value.pool_name - flavor = each.value.machine_type - operating_system = each.value.operating_system - worker_count = each.value.workers_per_zone - secondary_storage = each.value.secondary_storage - entitlement = var.ocp_entitlement - labels = each.value.labels - crk = each.value.boot_volume_encryption_kms_config == null ? null : each.value.boot_volume_encryption_kms_config.crk - kms_instance_id = each.value.boot_volume_encryption_kms_config == null ? null : each.value.boot_volume_encryption_kms_config.kms_instance_id - kms_account_id = each.value.boot_volume_encryption_kms_config == null ? null : each.value.boot_volume_encryption_kms_config.kms_account_id - - security_groups = each.value.additional_security_group_ids - - dynamic "zones" { - for_each = each.value.subnet_prefix != null ? var.vpc_subnets[each.value.subnet_prefix] : each.value.vpc_subnets - content { - subnet_id = zones.value.id - name = zones.value.zone - } - } - - # Apply taints to worker pools i.e. all_standalone_pools - dynamic "taints" { - for_each = var.worker_pools_taints == null ? [] : concat(var.worker_pools_taints["all"], lookup(var.worker_pools_taints, each.value["pool_name"], [])) - content { - effect = taints.value.effect - key = taints.value.key - value = taints.value.value - } - } - - timeouts { - # Extend create and delete timeout to 2h - delete = "2h" - create = "2h" - } - - # The default workerpool has to be imported as it will already exist on cluster create - import_on_create = each.value.pool_name == "default" ? var.allow_default_worker_pool_replacement ? null : true : null - orphan_on_delete = each.value.pool_name == "default" ? var.allow_default_worker_pool_replacement ? null : true : null -} - -# copy of the pool resource above which ignores changes to the worker pool for use in autoscaling scenarios -resource "ibm_container_vpc_worker_pool" "autoscaling_pool" { - for_each = { for pool in local.all_standalone_autoscaling_pools : pool.pool_name => pool } - vpc_id = var.vpc_id - resource_group_id = var.resource_group_id - cluster = local.cluster_id - worker_pool_name = each.value.pool_name - flavor = each.value.machine_type - operating_system = each.value.operating_system - worker_count = each.value.workers_per_zone - secondary_storage = each.value.secondary_storage - entitlement = var.ocp_entitlement - labels = each.value.labels - crk = each.value.boot_volume_encryption_kms_config == null ? null : each.value.boot_volume_encryption_kms_config.crk - kms_instance_id = each.value.boot_volume_encryption_kms_config == null ? null : each.value.boot_volume_encryption_kms_config.kms_instance_id - kms_account_id = each.value.boot_volume_encryption_kms_config == null ? null : each.value.boot_volume_encryption_kms_config.kms_account_id - - security_groups = each.value.additional_security_group_ids - - lifecycle { - ignore_changes = [worker_count] - } - - dynamic "zones" { - for_each = each.value.subnet_prefix != null ? var.vpc_subnets[each.value.subnet_prefix] : each.value.vpc_subnets - content { - subnet_id = zones.value.id - name = zones.value.zone - } - } - - # Apply taints to worker pools i.e. all_standalone_pools - - dynamic "taints" { - for_each = var.worker_pools_taints == null ? [] : concat(var.worker_pools_taints["all"], lookup(var.worker_pools_taints, each.value["pool_name"], [])) - content { - effect = taints.value.effect - key = taints.value.key - value = taints.value.value - } - } - - # The default workerpool has to be imported as it will already exist on cluster create - import_on_create = each.value.pool_name == "default" ? var.allow_default_worker_pool_replacement ? null : true : null - orphan_on_delete = each.value.pool_name == "default" ? var.allow_default_worker_pool_replacement ? null : true : null +module "worker_pools" { + source = "./modules/worker-pool" + vpc_id = var.vpc_id + resource_group_id = var.resource_group_id + cluster_id = local.cluster_id + vpc_subnets = var.vpc_subnets + worker_pools = var.worker_pools + ignore_worker_pool_size_changes = var.ignore_worker_pool_size_changes + allow_default_worker_pool_replacement = var.allow_default_worker_pool_replacement } ############################################################################## @@ -460,7 +358,7 @@ resource "null_resource" "confirm_network_healthy" { # Worker pool creation can start before the 'ibm_container_vpc_cluster' completes since there is no explicit # depends_on in 'ibm_container_vpc_worker_pool', just an implicit depends_on on the cluster ID. Cluster ID can exist before # 'ibm_container_vpc_cluster' completes, so hence need to add explicit depends on against 'ibm_container_vpc_cluster' here. - depends_on = [ibm_container_vpc_cluster.cluster, ibm_container_vpc_cluster.autoscaling_cluster, ibm_container_vpc_worker_pool.pool, ibm_container_vpc_worker_pool.autoscaling_pool] + depends_on = [ibm_container_vpc_cluster.cluster, ibm_container_vpc_cluster.autoscaling_cluster, module.worker_pools] provisioner "local-exec" { command = "${path.module}/scripts/confirm_network_healthy.sh" @@ -514,7 +412,7 @@ resource "ibm_container_addons" "addons" { # Worker pool creation can start before the 'ibm_container_vpc_cluster' completes since there is no explicit # depends_on in 'ibm_container_vpc_worker_pool', just an implicit depends_on on the cluster ID. Cluster ID can exist before # 'ibm_container_vpc_cluster' completes, so hence need to add explicit depends on against 'ibm_container_vpc_cluster' here. - depends_on = [ibm_container_vpc_cluster.cluster, ibm_container_vpc_cluster.autoscaling_cluster, ibm_container_vpc_worker_pool.pool, ibm_container_vpc_worker_pool.autoscaling_pool, null_resource.confirm_network_healthy] + depends_on = [ibm_container_vpc_cluster.cluster, ibm_container_vpc_cluster.autoscaling_cluster, module.worker_pools, null_resource.confirm_network_healthy] cluster = local.cluster_id resource_group_id = var.resource_group_id @@ -587,7 +485,7 @@ resource "kubernetes_config_map_v1_data" "set_autoscaling" { ############################################################################## data "ibm_is_lbs" "all_lbs" { - depends_on = [ibm_container_vpc_cluster.cluster, ibm_container_vpc_worker_pool.pool, ibm_container_vpc_worker_pool.autoscaling_pool, null_resource.confirm_network_healthy] + depends_on = [ibm_container_vpc_cluster.cluster, module.worker_pools, null_resource.confirm_network_healthy] count = length(var.additional_lb_security_group_ids) > 0 ? 1 : 0 } @@ -623,19 +521,19 @@ locals { data "ibm_is_virtual_endpoint_gateway" "master_vpe" { count = length(var.additional_vpe_security_group_ids["master"]) - depends_on = [ibm_container_vpc_cluster.cluster, ibm_container_vpc_worker_pool.pool, ibm_container_vpc_worker_pool.autoscaling_pool, null_resource.confirm_network_healthy] + depends_on = [ibm_container_vpc_cluster.cluster, module.worker_pools, null_resource.confirm_network_healthy] name = local.vpes_to_attach_to_sg["master"] } data "ibm_is_virtual_endpoint_gateway" "api_vpe" { count = length(var.additional_vpe_security_group_ids["api"]) - depends_on = [ibm_container_vpc_cluster.cluster, ibm_container_vpc_worker_pool.pool, ibm_container_vpc_worker_pool.autoscaling_pool, null_resource.confirm_network_healthy] + depends_on = [ibm_container_vpc_cluster.cluster, module.worker_pools, null_resource.confirm_network_healthy] name = local.vpes_to_attach_to_sg["api"] } data "ibm_is_virtual_endpoint_gateway" "registry_vpe" { count = length(var.additional_vpe_security_group_ids["registry"]) - depends_on = [ibm_container_vpc_cluster.cluster, ibm_container_vpc_worker_pool.pool, ibm_container_vpc_worker_pool.autoscaling_pool, null_resource.confirm_network_healthy] + depends_on = [ibm_container_vpc_cluster.cluster, module.worker_pools, null_resource.confirm_network_healthy] name = local.vpes_to_attach_to_sg["registry"] } @@ -727,7 +625,7 @@ module "existing_secrets_manager_instance_parser" { resource "ibm_iam_authorization_policy" "ocp_secrets_manager_iam_auth_policy" { count = var.enable_secrets_manager_integration && !var.skip_ocp_secrets_manager_iam_auth_policy ? 1 : 0 - depends_on = [ibm_container_vpc_cluster.cluster, ibm_container_vpc_cluster.autoscaling_cluster, ibm_container_vpc_worker_pool.pool, ibm_container_vpc_worker_pool.autoscaling_pool] + depends_on = [ibm_container_vpc_cluster.cluster, ibm_container_vpc_cluster.autoscaling_cluster, module.worker_pools] source_service_name = "containers-kubernetes" source_resource_instance_id = local.cluster_id target_service_name = "secrets-manager" diff --git a/modules/worker-pool/README.md b/modules/worker-pool/README.md new file mode 100644 index 00000000..e69de29b diff --git a/modules/worker-pool/main.tf b/modules/worker-pool/main.tf new file mode 100644 index 00000000..f92f0fdc --- /dev/null +++ b/modules/worker-pool/main.tf @@ -0,0 +1,112 @@ +############################################################################## +# Worker Pools +############################################################################## + +locals { + # all_standalone_pools are the pools managed by a 'standalone' ibm_container_vpc_worker_pool resource + all_standalone_pools = [for pool in var.worker_pools : pool if !var.ignore_worker_pool_size_changes] + all_standalone_autoscaling_pools = [for pool in var.worker_pools : pool if var.ignore_worker_pool_size_changes] + additional_pool_names = var.ignore_worker_pool_size_changes ? [for pool in local.all_standalone_autoscaling_pools : pool.pool_name] : [for pool in local.all_standalone_pools : pool.pool_name] + pool_names = toset(flatten([["default"], local.additional_pool_names])) +} + +data "ibm_container_vpc_worker_pool" "all_pools" { + depends_on = [ibm_container_vpc_worker_pool.autoscaling_pool, ibm_container_vpc_worker_pool.pool] + for_each = local.pool_names + cluster = var.cluster_id + worker_pool_name = each.value +} + +resource "ibm_container_vpc_worker_pool" "pool" { + for_each = { for pool in local.all_standalone_pools : pool.pool_name => pool } + vpc_id = var.vpc_id + resource_group_id = var.resource_group_id + cluster = var.cluster_id + worker_pool_name = each.value.pool_name + flavor = each.value.machine_type + operating_system = each.value.operating_system + worker_count = each.value.workers_per_zone + secondary_storage = each.value.secondary_storage + entitlement = var.ocp_entitlement + labels = each.value.labels + crk = each.value.boot_volume_encryption_kms_config == null ? null : each.value.boot_volume_encryption_kms_config.crk + kms_instance_id = each.value.boot_volume_encryption_kms_config == null ? null : each.value.boot_volume_encryption_kms_config.kms_instance_id + kms_account_id = each.value.boot_volume_encryption_kms_config == null ? null : each.value.boot_volume_encryption_kms_config.kms_account_id + + security_groups = each.value.additional_security_group_ids + + dynamic "zones" { + for_each = each.value.subnet_prefix != null ? var.vpc_subnets[each.value.subnet_prefix] : each.value.vpc_subnets + content { + subnet_id = zones.value.id + name = zones.value.zone + } + } + + # Apply taints to worker pools i.e. all_standalone_pools + dynamic "taints" { + for_each = var.worker_pools_taints == null ? [] : concat(var.worker_pools_taints["all"], lookup(var.worker_pools_taints, each.value["pool_name"], [])) + content { + effect = taints.value.effect + key = taints.value.key + value = taints.value.value + } + } + + timeouts { + # Extend create and delete timeout to 2h + delete = "2h" + create = "2h" + } + + # The default workerpool has to be imported as it will already exist on cluster create + import_on_create = each.value.pool_name == "default" ? var.allow_default_worker_pool_replacement ? null : true : null + orphan_on_delete = each.value.pool_name == "default" ? var.allow_default_worker_pool_replacement ? null : true : null +} + +# copy of the pool resource above which ignores changes to the worker pool for use in autoscaling scenarios +resource "ibm_container_vpc_worker_pool" "autoscaling_pool" { + for_each = { for pool in local.all_standalone_autoscaling_pools : pool.pool_name => pool } + vpc_id = var.vpc_id + resource_group_id = var.resource_group_id + cluster = var.cluster_id + worker_pool_name = each.value.pool_name + flavor = each.value.machine_type + operating_system = each.value.operating_system + worker_count = each.value.workers_per_zone + secondary_storage = each.value.secondary_storage + entitlement = var.ocp_entitlement + labels = each.value.labels + crk = each.value.boot_volume_encryption_kms_config == null ? null : each.value.boot_volume_encryption_kms_config.crk + kms_instance_id = each.value.boot_volume_encryption_kms_config == null ? null : each.value.boot_volume_encryption_kms_config.kms_instance_id + kms_account_id = each.value.boot_volume_encryption_kms_config == null ? null : each.value.boot_volume_encryption_kms_config.kms_account_id + + security_groups = each.value.additional_security_group_ids + + lifecycle { + ignore_changes = [worker_count] + } + + dynamic "zones" { + for_each = each.value.subnet_prefix != null ? var.vpc_subnets[each.value.subnet_prefix] : each.value.vpc_subnets + content { + subnet_id = zones.value.id + name = zones.value.zone + } + } + + # Apply taints to worker pools i.e. all_standalone_pools + + dynamic "taints" { + for_each = var.worker_pools_taints == null ? [] : concat(var.worker_pools_taints["all"], lookup(var.worker_pools_taints, each.value["pool_name"], [])) + content { + effect = taints.value.effect + key = taints.value.key + value = taints.value.value + } + } + + # The default workerpool has to be imported as it will already exist on cluster create + import_on_create = each.value.pool_name == "default" ? var.allow_default_worker_pool_replacement ? null : true : null + orphan_on_delete = each.value.pool_name == "default" ? var.allow_default_worker_pool_replacement ? null : true : null +} diff --git a/modules/worker-pool/outputs.tf b/modules/worker-pool/outputs.tf new file mode 100644 index 00000000..e096c2f0 --- /dev/null +++ b/modules/worker-pool/outputs.tf @@ -0,0 +1,4 @@ +output "workerpools" { + description = "Worker pools created" + value = data.ibm_container_vpc_worker_pool.all_pools +} diff --git a/modules/worker-pool/variables.tf b/modules/worker-pool/variables.tf new file mode 100644 index 00000000..722cfe4e --- /dev/null +++ b/modules/worker-pool/variables.tf @@ -0,0 +1,76 @@ + +variable "worker_pools" { + type = list(object({ + subnet_prefix = optional(string) + vpc_subnets = optional(list(object({ + id = string + zone = string + cidr_block = string + }))) + pool_name = string + machine_type = string + workers_per_zone = number + resource_group_id = optional(string) + operating_system = string + labels = optional(map(string)) + minSize = optional(number) + secondary_storage = optional(string) + maxSize = optional(number) + enableAutoscaling = optional(bool) + boot_volume_encryption_kms_config = optional(object({ + crk = string + kms_instance_id = string + kms_account_id = optional(string) + })) + additional_security_group_ids = optional(list(string)) + })) + description = "List of worker pools" +} + +variable "ignore_worker_pool_size_changes" { + type = bool + description = "Enable if using worker autoscaling. Stops Terraform managing worker count" + default = false +} + +variable "worker_pools_taints" { + type = map(list(object({ key = string, value = string, effect = string }))) + description = "Optional, Map of lists containing node taints by node-pool name" + default = null +} + +variable "ocp_entitlement" { + type = string + description = "Value that is applied to the entitlements for OCP cluster provisioning" + default = null +} + +variable "vpc_subnets" { + type = map(list(object({ + id = string + zone = string + cidr_block = string + }))) + description = "Metadata that describes the VPC's subnets. Obtain this information from the VPC where this cluster is created." +} + +variable "allow_default_worker_pool_replacement" { + type = bool + description = "(Advanced users) Set to true to allow the module to recreate a default worker pool. If you wish to make any change to the default worker pool which requires the re-creation of the default pool follow these [steps](https://github.com/terraform-ibm-modules/terraform-ibm-base-ocp-vpc?tab=readme-ov-file#important-considerations-for-terraform-and-default-worker-pool)." + default = false + nullable = false +} + +variable "cluster_id" { + type = string + description = "value" +} + +variable "resource_group_id" { + type = string + description = "The ID of an existing IBM Cloud resource group where the cluster is grouped." +} + +variable "vpc_id" { + type = string +} diff --git a/modules/worker-pool/version.tf b/modules/worker-pool/version.tf new file mode 100644 index 00000000..d073da59 --- /dev/null +++ b/modules/worker-pool/version.tf @@ -0,0 +1,10 @@ +terraform { + required_version = ">= 1.9.0" + required_providers { + # Use "greater than or equal to" range in modules + ibm = { + source = "ibm-cloud/ibm" + version = ">= 1.78.2, < 2.0.0" + } + } +} diff --git a/outputs.tf b/outputs.tf index 5e8853ec..9e3598da 100644 --- a/outputs.tf +++ b/outputs.tf @@ -22,7 +22,7 @@ output "cluster_crn" { output "workerpools" { description = "Worker pools created" - value = data.ibm_container_vpc_worker_pool.all_pools + value = module.worker_pools.workerpools } output "ocp_version" { From 5d69d8907b3790facea7f9d37e866737e6ba50d5 Mon Sep 17 00:00:00 2001 From: Md Anam Raihan Date: Wed, 15 Oct 2025 10:46:37 +0000 Subject: [PATCH 02/18] resolve pc --- README.md | 5 ++--- modules/worker-pool/variables.tf | 5 +++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index e4dcf821..2bd798d9 100644 --- a/README.md +++ b/README.md @@ -27,6 +27,7 @@ Optionally, the module supports advanced security group management for the worke * [Submodules](./modules) * [fscloud](./modules/fscloud) * [kube-audit](./modules/kube-audit) + * [worker-pool](./modules/worker-pool) * [Examples](./examples) * [2 MZR clusters in same VPC example](./examples/multiple_mzr_clusters) * [Advanced example (mzr, auto-scale, kms, taints)](./examples/advanced) @@ -295,6 +296,7 @@ Optionally, you need the following permissions to attach Access Management tags | [cbr\_rule](#module\_cbr\_rule) | terraform-ibm-modules/cbr/ibm//modules/cbr-rule-module | 1.33.4 | | [cos\_instance](#module\_cos\_instance) | terraform-ibm-modules/cos/ibm | 10.4.0 | | [existing\_secrets\_manager\_instance\_parser](#module\_existing\_secrets\_manager\_instance\_parser) | terraform-ibm-modules/common-utilities/ibm//modules/crn-parser | 1.2.0 | +| [worker\_pools](#module\_worker\_pools) | ./modules/worker-pool | n/a | ### Resources @@ -307,8 +309,6 @@ Optionally, you need the following permissions to attach Access Management tags | [ibm_container_vpc_cluster.autoscaling_cluster_with_upgrade](https://registry.terraform.io/providers/ibm-cloud/ibm/latest/docs/resources/container_vpc_cluster) | resource | | [ibm_container_vpc_cluster.cluster](https://registry.terraform.io/providers/ibm-cloud/ibm/latest/docs/resources/container_vpc_cluster) | resource | | [ibm_container_vpc_cluster.cluster_with_upgrade](https://registry.terraform.io/providers/ibm-cloud/ibm/latest/docs/resources/container_vpc_cluster) | resource | -| [ibm_container_vpc_worker_pool.autoscaling_pool](https://registry.terraform.io/providers/ibm-cloud/ibm/latest/docs/resources/container_vpc_worker_pool) | resource | -| [ibm_container_vpc_worker_pool.pool](https://registry.terraform.io/providers/ibm-cloud/ibm/latest/docs/resources/container_vpc_worker_pool) | resource | | [ibm_iam_authorization_policy.ocp_secrets_manager_iam_auth_policy](https://registry.terraform.io/providers/ibm-cloud/ibm/latest/docs/resources/iam_authorization_policy) | resource | | [ibm_resource_tag.cluster_access_tag](https://registry.terraform.io/providers/ibm-cloud/ibm/latest/docs/resources/resource_tag) | resource | | [ibm_resource_tag.cos_access_tag](https://registry.terraform.io/providers/ibm-cloud/ibm/latest/docs/resources/resource_tag) | resource | @@ -321,7 +321,6 @@ Optionally, you need the following permissions to attach Access Management tags | [ibm_container_addons.existing_addons](https://registry.terraform.io/providers/ibm-cloud/ibm/latest/docs/data-sources/container_addons) | data source | | [ibm_container_cluster_config.cluster_config](https://registry.terraform.io/providers/ibm-cloud/ibm/latest/docs/data-sources/container_cluster_config) | data source | | [ibm_container_cluster_versions.cluster_versions](https://registry.terraform.io/providers/ibm-cloud/ibm/latest/docs/data-sources/container_cluster_versions) | data source | -| [ibm_container_vpc_worker_pool.all_pools](https://registry.terraform.io/providers/ibm-cloud/ibm/latest/docs/data-sources/container_vpc_worker_pool) | data source | | [ibm_is_lbs.all_lbs](https://registry.terraform.io/providers/ibm-cloud/ibm/latest/docs/data-sources/is_lbs) | data source | | [ibm_is_virtual_endpoint_gateway.api_vpe](https://registry.terraform.io/providers/ibm-cloud/ibm/latest/docs/data-sources/is_virtual_endpoint_gateway) | data source | | [ibm_is_virtual_endpoint_gateway.master_vpe](https://registry.terraform.io/providers/ibm-cloud/ibm/latest/docs/data-sources/is_virtual_endpoint_gateway) | data source | diff --git a/modules/worker-pool/variables.tf b/modules/worker-pool/variables.tf index 722cfe4e..50663a2f 100644 --- a/modules/worker-pool/variables.tf +++ b/modules/worker-pool/variables.tf @@ -63,7 +63,7 @@ variable "allow_default_worker_pool_replacement" { variable "cluster_id" { type = string - description = "value" + description = "ID of the existing openshift cluster." } variable "resource_group_id" { @@ -72,5 +72,6 @@ variable "resource_group_id" { } variable "vpc_id" { - type = string + type = string + description = "ID of the VPC instance where this cluster is provisioned." } From 1cc30274d13291dbd856c8d6be31e9295d0260e9 Mon Sep 17 00:00:00 2001 From: Md Anam Raihan Date: Thu, 16 Oct 2025 15:40:10 +0530 Subject: [PATCH 03/18] update pr_test --- tests/pr_test.go | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/tests/pr_test.go b/tests/pr_test.go index f9d0f8a1..c1854017 100644 --- a/tests/pr_test.go +++ b/tests/pr_test.go @@ -99,6 +99,7 @@ func setupQuickstartOptions(t *testing.T, prefix string) *testschematic.TestSche TarIncludePatterns: []string{ "*.tf", quickStartTerraformDir + "/*.tf", "scripts/*.sh", "kubeconfig/README.md", + "modules/worker-pool/*.tf", }, TemplateFolder: quickStartTerraformDir, Tags: []string{"test-schematic"}, @@ -139,7 +140,7 @@ func TestRunFullyConfigurableInSchematics(t *testing.T) { options := testschematic.TestSchematicOptionsDefault(&testschematic.TestSchematicOptions{ Testing: t, Prefix: "ocp-fc", - TarIncludePatterns: []string{"*.tf", fullyConfigurableTerraformDir + "/*.*", fullyConfigurableTerraformDir + "/scripts/*.*", "scripts/*.sh", "kubeconfig/README.md", "modules/kube-audit/*.*", "modules/kube-audit/kubeconfig/README.md", "modules/kube-audit/scripts/*.sh", fullyConfigurableTerraformDir + "/kubeconfig/README.md", "modules/kube-audit/helm-charts/kube-audit/*.*", "modules/kube-audit/helm-charts/kube-audit/templates/*.*"}, + TarIncludePatterns: []string{"*.tf", fullyConfigurableTerraformDir + "/*.*", fullyConfigurableTerraformDir + "/scripts/*.*", "scripts/*.sh", "kubeconfig/README.md", "modules/kube-audit/*.*", "modules/worker-pool/*.tf", "modules/kube-audit/kubeconfig/README.md", "modules/kube-audit/scripts/*.sh", fullyConfigurableTerraformDir + "/kubeconfig/README.md", "modules/kube-audit/helm-charts/kube-audit/*.*", "modules/kube-audit/helm-charts/kube-audit/templates/*.*"}, TemplateFolder: fullyConfigurableTerraformDir, Tags: []string{"test-schematic"}, DeleteWorkspaceOnFail: false, @@ -176,7 +177,7 @@ func TestRunUpgradeFullyConfigurable(t *testing.T) { options := testschematic.TestSchematicOptionsDefault(&testschematic.TestSchematicOptions{ Testing: t, Prefix: "fc-upg", - TarIncludePatterns: []string{"*.tf", fullyConfigurableTerraformDir + "/*.*", fullyConfigurableTerraformDir + "/scripts/*.*", "scripts/*.sh", "kubeconfig/README.md", "modules/kube-audit/*.*", "modules/kube-audit/kubeconfig/README.md", "modules/kube-audit/scripts/*.sh", fullyConfigurableTerraformDir + "/kubeconfig/README.md", "modules/kube-audit/helm-charts/kube-audit/*.*", "modules/kube-audit/helm-charts/kube-audit/templates/*.*"}, + TarIncludePatterns: []string{"*.tf", fullyConfigurableTerraformDir + "/*.*", fullyConfigurableTerraformDir + "/scripts/*.*", "scripts/*.sh", "kubeconfig/README.md", "modules/kube-audit/*.*", "modules/kube-audit/kubeconfig/README.md", "modules/kube-audit/scripts/*.sh", fullyConfigurableTerraformDir + "/kubeconfig/README.md", "modules/kube-audit/helm-charts/kube-audit/*.*", "modules/kube-audit/helm-charts/kube-audit/templates/*.*", "modules/worker-pool/*.tf"}, TemplateFolder: fullyConfigurableTerraformDir, Tags: []string{"test-schematic"}, DeleteWorkspaceOnFail: false, From a4acda21f4408ba93380a5bc5f4f0c8cfb5de1c9 Mon Sep 17 00:00:00 2001 From: Md Anam Raihan Date: Fri, 17 Oct 2025 17:46:45 +0530 Subject: [PATCH 04/18] added moved block --- moved.tf | 9 +++++++++ 1 file changed, 9 insertions(+) create mode 100644 moved.tf diff --git a/moved.tf b/moved.tf new file mode 100644 index 00000000..dee39191 --- /dev/null +++ b/moved.tf @@ -0,0 +1,9 @@ +moved { + from = ibm_container_vpc_worker_pool.pool + to = module.worker_pools.ibm_container_vpc_worker_pool.pool +} + +moved { + from = ibm_container_vpc_worker_pool.autoscaling_pool + to = module.worker_pools.ibm_container_vpc_worker_pool.autoscaling_pool +} From 49cb75a1dd79c19f2ece12f9d259a20e42ebb1c9 Mon Sep 17 00:00:00 2001 From: Md Anam Raihan Date: Tue, 21 Oct 2025 12:56:07 +0530 Subject: [PATCH 05/18] update tests --- tests/pr_test.go | 1 - 1 file changed, 1 deletion(-) diff --git a/tests/pr_test.go b/tests/pr_test.go index 950b14a4..cd93f311 100644 --- a/tests/pr_test.go +++ b/tests/pr_test.go @@ -217,7 +217,6 @@ func TestRunCustomsgExample(t *testing.T) { CloudInfoService: sharedInfoSvc, ImplicitDestroy: []string{ "module.ocp_base.null_resource.confirm_network_healthy", - "module.ocp_base.null_resource.reset_api_key", }, ImplicitRequired: false, TerraformVars: map[string]interface{}{ From 01adf44c7ffe5270acabf26e6b0162355243bd49 Mon Sep 17 00:00:00 2001 From: Md Anam Raihan Date: Tue, 21 Oct 2025 14:08:31 +0000 Subject: [PATCH 06/18] update readme --- modules/worker-pool/README.md | 120 ++++++++++++++++++++++++++++++++++ 1 file changed, 120 insertions(+) diff --git a/modules/worker-pool/README.md b/modules/worker-pool/README.md index e69de29b..c5323e60 100644 --- a/modules/worker-pool/README.md +++ b/modules/worker-pool/README.md @@ -0,0 +1,120 @@ +# Worker pool module + +This module defines and manages worker pools for an IBM Cloud Openshift VPC cluster using the `ibm_container_vpc_worker_pool` resource. It provisions and configures standalone and autoscaling worker pools, handling both pools with optional taints, labels, and encryption configurations. + +## Usage + +``` +module "worker_pools" { + source = "terraform-ibm-modules/base-ocp-vpc/ibm//modules/worker-pool" + version = "X.Y.Z" # Replace "X.Y.Z" with a release version to lock into a specific release + vpc_id = "79cxxxx-xxxx-xxxx-xxxx-xxxxxXX8667" + resource_group_id = "xxXXxxXXxXxXXXXxxXxxxXXXXxXXXXX" + cluster_id = local.cluster_id + vpc_subnets = { + zone-1 = [ + { + cidr_block = "192.168.32.0/22" + id = "0717-afc29fbb-0dbe-493a-a5b9-f3c5899cb8b9" + zone = "us-south-1" + }, + { + cidr_block = "192.168.36.0/22" + id = "0727-d65c1eda-9e38-4200-8452-cb8ff5bb3140" + zone = "us-south-2" + }, + { + cidr_block = "192.168.40.0/22" + id = "0737-9a823cd3-16bf-4ba4-a429-9e1fc7db74b8" + zone = "us-south-3" + } + ] + zone-2 = [ + { + cidr_block = "192.168.0.0/22" + id = "0717-846b9490-34ae-4a6c-8288-28112dca1ba3" + zone = "us-south-1" + }, + { + cidr_block = "192.168.4.0/22" + id = "0727-ef8db7f6-ffa5-4d8b-a317-4631741a45ee" + zone = "us-south-2" + }, + { + cidr_block = "192.168.8.0/22" + id = "0737-c9a6d871-d95b-4914-abf5-82c22f4161d1" + zone = "us-south-3" + } + ] + zone-3 = [ + { + cidr_block = "192.168.16.0/22" + id = "0717-d46e227c-89d4-4b02-9008-d03907a275b6" + zone = "us-south-1" + }, + { + cidr_block = "192.168.20.0/22" + id = "0727-93b1edcb-966c-4517-a7af-6ac63cd93adf" + zone = "us-south-2" + }, + { + cidr_block = "192.168.24.0/22" + id = "0737-807ec4f1-4d84-484e-b2f4-62dd5e431065" + zone = "us-south-3" + } + ] + } + worker_pools = [ + { + subnet_prefix = "default" + pool_name = "default" + machine_type = "bx2.4x16" + workers_per_zone = 2 + operating_system = "REDHAT_8_64" + } + ] + ignore_worker_pool_size_changes = false + allow_default_worker_pool_replacement = false +} +``` + + +### Requirements + +| Name | Version | +|------|---------| +| [terraform](#requirement\_terraform) | >= 1.9.0 | +| [ibm](#requirement\_ibm) | >= 1.78.2, < 2.0.0 | + +### Modules + +No modules. + +### Resources + +| Name | Type | +|------|------| +| [ibm_container_vpc_worker_pool.autoscaling_pool](https://registry.terraform.io/providers/ibm-cloud/ibm/latest/docs/resources/container_vpc_worker_pool) | resource | +| [ibm_container_vpc_worker_pool.pool](https://registry.terraform.io/providers/ibm-cloud/ibm/latest/docs/resources/container_vpc_worker_pool) | resource | +| [ibm_container_vpc_worker_pool.all_pools](https://registry.terraform.io/providers/ibm-cloud/ibm/latest/docs/data-sources/container_vpc_worker_pool) | data source | + +### Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| [allow\_default\_worker\_pool\_replacement](#input\_allow\_default\_worker\_pool\_replacement) | (Advanced users) Set to true to allow the module to recreate a default worker pool. If you wish to make any change to the default worker pool which requires the re-creation of the default pool follow these [steps](https://github.com/terraform-ibm-modules/terraform-ibm-base-ocp-vpc?tab=readme-ov-file#important-considerations-for-terraform-and-default-worker-pool). | `bool` | `false` | no | +| [cluster\_id](#input\_cluster\_id) | ID of the existing openshift cluster. | `string` | n/a | yes | +| [ignore\_worker\_pool\_size\_changes](#input\_ignore\_worker\_pool\_size\_changes) | Enable if using worker autoscaling. Stops Terraform managing worker count | `bool` | `false` | no | +| [ocp\_entitlement](#input\_ocp\_entitlement) | Value that is applied to the entitlements for OCP cluster provisioning | `string` | `null` | no | +| [resource\_group\_id](#input\_resource\_group\_id) | The ID of an existing IBM Cloud resource group where the cluster is grouped. | `string` | n/a | yes | +| [vpc\_id](#input\_vpc\_id) | ID of the VPC instance where this cluster is provisioned. | `string` | n/a | yes | +| [vpc\_subnets](#input\_vpc\_subnets) | Metadata that describes the VPC's subnets. Obtain this information from the VPC where this cluster is created. | 
map(list(object({
    id         = string
    zone       = string
    cidr_block = string
  })))
| n/a | yes | +| [worker\_pools](#input\_worker\_pools) | List of worker pools | 
list(object({
    subnet_prefix = optional(string)
    vpc_subnets = optional(list(object({
      id         = string
      zone       = string
      cidr_block = string
    })))
    pool_name         = string
    machine_type      = string
    workers_per_zone  = number
    resource_group_id = optional(string)
    operating_system  = string
    labels            = optional(map(string))
    minSize           = optional(number)
    secondary_storage = optional(string)
    maxSize           = optional(number)
    enableAutoscaling = optional(bool)
    boot_volume_encryption_kms_config = optional(object({
      crk             = string
      kms_instance_id = string
      kms_account_id  = optional(string)
    }))
    additional_security_group_ids = optional(list(string))
  }))
| n/a | yes | +| [worker\_pools\_taints](#input\_worker\_pools\_taints) | Optional, Map of lists containing node taints by node-pool name | `map(list(object({ key = string, value = string, effect = string })))` | `null` | no | + +### Outputs + +| Name | Description | +|------|-------------| +| [workerpools](#output\_workerpools) | Worker pools created | + From 7f9e360f2dbd4181122b422cd8ffaa38b6ef824b Mon Sep 17 00:00:00 2001 From: Md Anam Raihan Date: Tue, 21 Oct 2025 20:33:40 +0530 Subject: [PATCH 07/18] update readme --- modules/worker-pool/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/worker-pool/README.md b/modules/worker-pool/README.md index c5323e60..4a3774f8 100644 --- a/modules/worker-pool/README.md +++ b/modules/worker-pool/README.md @@ -10,7 +10,7 @@ module "worker_pools" { version = "X.Y.Z" # Replace "X.Y.Z" with a release version to lock into a specific release vpc_id = "79cxxxx-xxxx-xxxx-xxxx-xxxxxXX8667" resource_group_id = "xxXXxxXXxXxXXXXxxXxxxXXXXxXXXXX" - cluster_id = local.cluster_id + cluster_id = "xxXXxXXXxXxXXXXXxxxx" vpc_subnets = { zone-1 = [ { From 3d4b1bc80ef7f6b2a794c010f97acc94cce0913a Mon Sep 17 00:00:00 2001 From: Md Anam Raihan Date: Fri, 24 Oct 2025 11:30:51 +0530 Subject: [PATCH 08/18] add worker pool example --- examples/worker_pool/main.tf | 21 +++++++++ examples/worker_pool/outputs.tf | 11 +++++ examples/worker_pool/provider.tf | 9 ++++ examples/worker_pool/variables.tf | 77 +++++++++++++++++++++++++++++++ examples/worker_pool/version.tf | 12 +++++ 5 files changed, 130 insertions(+) create mode 100644 examples/worker_pool/main.tf create mode 100644 examples/worker_pool/outputs.tf create mode 100644 examples/worker_pool/provider.tf create mode 100644 examples/worker_pool/variables.tf create mode 100644 examples/worker_pool/version.tf diff --git a/examples/worker_pool/main.tf b/examples/worker_pool/main.tf new file mode 100644 index 00000000..a2445270 --- /dev/null +++ b/examples/worker_pool/main.tf @@ -0,0 +1,21 @@ +######################################################################################################################## +# Resource Group +######################################################################################################################## + +module "resource_group" { + source = "terraform-ibm-modules/resource-group/ibm" + version = "1.4.0" + # if an existing resource group is not set (null) create a new one using prefix + resource_group_name = var.resource_group == null ? "${var.prefix}-resource-group" : null + existing_resource_group_name = var.resource_group +} + + +module "worker_pools" { + source = "../../modules/worker-pool" + resource_group_id = module.resource_group.resource_group_id + cluster_id = var.cluster_id + worker_pools = var.worker_pools + vpc_subnets = var.vpc_subnets + vpc_id = var.vpc_id +} diff --git a/examples/worker_pool/outputs.tf b/examples/worker_pool/outputs.tf new file mode 100644 index 00000000..135186b7 --- /dev/null +++ b/examples/worker_pool/outputs.tf @@ -0,0 +1,11 @@ +############################################################################## +# Outputs +############################################################################## + +#output "myoutput" { +# description = "Description of my output" +# value = "value" +# depends_on = [] +#} + +############################################################################## diff --git a/examples/worker_pool/provider.tf b/examples/worker_pool/provider.tf new file mode 100644 index 00000000..7a52c408 --- /dev/null +++ b/examples/worker_pool/provider.tf @@ -0,0 +1,9 @@ +######################################################################################################################## +# Terraform providers +######################################################################################################################## + +provider "ibm" { + ibmcloud_api_key = var.ibmcloud_api_key + region = var.region + visibility = "public" +} diff --git a/examples/worker_pool/variables.tf b/examples/worker_pool/variables.tf new file mode 100644 index 00000000..fceae9a9 --- /dev/null +++ b/examples/worker_pool/variables.tf @@ -0,0 +1,77 @@ +######################################################################################################################## +# Input Variables +######################################################################################################################## + +variable "ibmcloud_api_key" { + type = string + description = "The IBM Cloud api key" + sensitive = true +} + +variable "prefix" { + type = string + description = "Prefix for name of all resource created by this example" + validation { + error_message = "Prefix must begin and end with a letter and contain only letters, numbers, and - characters." + condition = can(regex("^([A-z]|[a-z][-a-z0-9]*[a-z0-9])$", var.prefix)) + } +} + +variable "region" { + type = string + description = "Region where resources are created" +} + +variable "resource_group" { + type = string + description = "An existing resource group name to use for this example, if unset a new resource group will be created" + default = null +} + +variable "cluster_id" { + type = string + description = "The ID of the cluster" +} + +variable "worker_pools" { + type = list(object({ + subnet_prefix = optional(string) + vpc_subnets = optional(list(object({ + id = string + zone = string + cidr_block = string + }))) + pool_name = string + machine_type = string + workers_per_zone = number + resource_group_id = optional(string) + operating_system = string + labels = optional(map(string)) + minSize = optional(number) + secondary_storage = optional(string) + maxSize = optional(number) + enableAutoscaling = optional(bool) + boot_volume_encryption_kms_config = optional(object({ + crk = string + kms_instance_id = string + kms_account_id = optional(string) + })) + additional_security_group_ids = optional(list(string)) + })) + description = "List of worker pools" +} + +variable "vpc_subnets" { + type = map(list(object({ + id = string + zone = string + cidr_block = string + }))) + description = "Metadata that describes the VPC's subnets. Obtain this information from the VPC where this cluster is created." +} + +variable "vpc_id" { + type = string + description = "ID of the VPC instance where this cluster is provisioned." +} + diff --git a/examples/worker_pool/version.tf b/examples/worker_pool/version.tf new file mode 100644 index 00000000..e51c9efc --- /dev/null +++ b/examples/worker_pool/version.tf @@ -0,0 +1,12 @@ +terraform { + required_version = ">= 1.9.0" + + # Ensure that there is always 1 example locked into the lowest provider version of the range defined in the main + # module's version.tf (basic and add_rules_to_sg), and 1 example that will always use the latest provider version (advanced, fscloud and multiple mzr). + required_providers { + ibm = { + source = "ibm-cloud/ibm" + version = ">= 1.78.2" + } + } +} From 7040b3ad84a699edd0edd631a957158d9e031096 Mon Sep 17 00:00:00 2001 From: Md Anam Raihan Date: Fri, 24 Oct 2025 11:51:59 +0530 Subject: [PATCH 09/18] update worker pool example --- examples/worker_pool/main.tf | 81 +++++++++++++++++++++++++++++-- examples/worker_pool/outputs.tf | 15 +++--- examples/worker_pool/provider.tf | 3 +- examples/worker_pool/variables.tf | 49 +++++++++++-------- 4 files changed, 115 insertions(+), 33 deletions(-) diff --git a/examples/worker_pool/main.tf b/examples/worker_pool/main.tf index a2445270..3cf6509b 100644 --- a/examples/worker_pool/main.tf +++ b/examples/worker_pool/main.tf @@ -10,12 +10,87 @@ module "resource_group" { existing_resource_group_name = var.resource_group } +######################################################################################################################## +# VPC + Subnet + Public Gateway +# +# NOTE: This is a very simple VPC with single subnet in a single zone with a public gateway enabled, that will allow +# all traffic ingress/egress by default. +# For production use cases this would need to be enhanced by adding more subnets and zones for resiliency, and +# ACLs/Security Groups for network security. +######################################################################################################################## + +resource "ibm_is_vpc" "vpc" { + name = "${var.prefix}-vpc" + resource_group = module.resource_group.resource_group_id + address_prefix_management = "auto" + tags = var.resource_tags +} + +resource "ibm_is_public_gateway" "gateway" { + name = "${var.prefix}-gateway-1" + vpc = ibm_is_vpc.vpc.id + resource_group = module.resource_group.resource_group_id + zone = "${var.region}-1" +} + +resource "ibm_is_subnet" "subnet_zone_1" { + name = "${var.prefix}-subnet-1" + vpc = ibm_is_vpc.vpc.id + resource_group = module.resource_group.resource_group_id + zone = "${var.region}-1" + total_ipv4_address_count = 256 + public_gateway = ibm_is_public_gateway.gateway.id +} + +######################################################################################################################## +# OCP VPC cluster (single zone) +######################################################################################################################## + +locals { + cluster_vpc_subnets = { + default = [ + { + id = ibm_is_subnet.subnet_zone_1.id + cidr_block = ibm_is_subnet.subnet_zone_1.ipv4_cidr_block + zone = ibm_is_subnet.subnet_zone_1.zone + } + ] + } + + worker_pools = [ + { + subnet_prefix = "default" + pool_name = "default" # ibm_container_vpc_cluster automatically names default pool "default" (See https://github.com/IBM-Cloud/terraform-provider-ibm/issues/2849) + machine_type = "bx2.4x16" + workers_per_zone = 2 # minimum of 2 is allowed when using single zone + operating_system = "RHCOS" + } + ] +} + +module "ocp_base" { + source = "../.." + resource_group_id = module.resource_group.resource_group_id + region = var.region + tags = var.resource_tags + cluster_name = var.prefix + force_delete_storage = true + vpc_id = ibm_is_vpc.vpc.id + vpc_subnets = local.cluster_vpc_subnets + ocp_version = var.ocp_version + worker_pools = local.worker_pools + access_tags = var.access_tags + ocp_entitlement = var.ocp_entitlement + disable_outbound_traffic_protection = true # set as True to enable outbound traffic; required for accessing Operator Hub in the OpenShift console. +} + + module "worker_pools" { source = "../../modules/worker-pool" resource_group_id = module.resource_group.resource_group_id - cluster_id = var.cluster_id + cluster_id = module.ocp_base.cluster_id worker_pools = var.worker_pools - vpc_subnets = var.vpc_subnets - vpc_id = var.vpc_id + vpc_subnets = local.cluster_vpc_subnets + vpc_id = ibm_is_vpc.vpc.id } diff --git a/examples/worker_pool/outputs.tf b/examples/worker_pool/outputs.tf index 135186b7..8fc0f174 100644 --- a/examples/worker_pool/outputs.tf +++ b/examples/worker_pool/outputs.tf @@ -1,11 +1,8 @@ -############################################################################## +######################################################################################################################## # Outputs -############################################################################## +######################################################################################################################## -#output "myoutput" { -# description = "Description of my output" -# value = "value" -# depends_on = [] -#} - -############################################################################## +output "cluster_name" { + value = module.ocp_base.cluster_name + description = "The name of the provisioned cluster." +} diff --git a/examples/worker_pool/provider.tf b/examples/worker_pool/provider.tf index 7a52c408..84b69850 100644 --- a/examples/worker_pool/provider.tf +++ b/examples/worker_pool/provider.tf @@ -1,9 +1,8 @@ ######################################################################################################################## -# Terraform providers +# Provider config ######################################################################################################################## provider "ibm" { ibmcloud_api_key = var.ibmcloud_api_key region = var.region - visibility = "public" } diff --git a/examples/worker_pool/variables.tf b/examples/worker_pool/variables.tf index fceae9a9..f887c5c8 100644 --- a/examples/worker_pool/variables.tf +++ b/examples/worker_pool/variables.tf @@ -1,10 +1,10 @@ ######################################################################################################################## -# Input Variables +# Input variables ######################################################################################################################## variable "ibmcloud_api_key" { type = string - description = "The IBM Cloud api key" + description = "The IBM Cloud api token" sensitive = true } @@ -28,9 +28,28 @@ variable "resource_group" { default = null } -variable "cluster_id" { +variable "resource_tags" { + type = list(string) + description = "Optional list of tags to be added to created resources" + default = [] +} + +variable "ocp_version" { type = string - description = "The ID of the cluster" + description = "Version of the OCP cluster to provision" + default = null +} + +variable "access_tags" { + type = list(string) + description = "A list of access tags to apply to the resources created by the module." + default = [] +} + +variable "ocp_entitlement" { + type = string + description = "Value that is applied to the entitlements for OCP cluster provisioning" + default = null } variable "worker_pools" { @@ -59,19 +78,11 @@ variable "worker_pools" { additional_security_group_ids = optional(list(string)) })) description = "List of worker pools" + default = [{ + subnet_prefix = "default" + pool_name = "myworkerpool" + machine_type = "bx2.4x16" + operating_system = "REDHAT_8_64" + workers_per_zone = 2 # minimum of 2 is allowed when using single zone + }] } - -variable "vpc_subnets" { - type = map(list(object({ - id = string - zone = string - cidr_block = string - }))) - description = "Metadata that describes the VPC's subnets. Obtain this information from the VPC where this cluster is created." -} - -variable "vpc_id" { - type = string - description = "ID of the VPC instance where this cluster is provisioned." -} - From 0e860f487c36dd8d54f570274d001861afd05f2f Mon Sep 17 00:00:00 2001 From: Md Anam Raihan Date: Fri, 24 Oct 2025 14:36:32 +0530 Subject: [PATCH 10/18] update default worker pool --- examples/worker_pool/README.md | 10 ++++++++++ examples/worker_pool/variables.tf | 2 +- 2 files changed, 11 insertions(+), 1 deletion(-) create mode 100644 examples/worker_pool/README.md diff --git a/examples/worker_pool/README.md b/examples/worker_pool/README.md new file mode 100644 index 00000000..13f5e16f --- /dev/null +++ b/examples/worker_pool/README.md @@ -0,0 +1,10 @@ +# Worker pool example + +This example demonstrates how to provision a basic single-zone OCP VPC cluster along with an additional worker pool attached to the cluster. + +The following resources are provisioned by this example: + +- A new resource group, if an existing one is not passed in. +- A basic VPC and subnet with public gateway enabled. +- A single zone OCP VPC cluster with a default worker pool. +- An additional worker pool attached to the VPC cluster. diff --git a/examples/worker_pool/variables.tf b/examples/worker_pool/variables.tf index f887c5c8..dc72d427 100644 --- a/examples/worker_pool/variables.tf +++ b/examples/worker_pool/variables.tf @@ -82,7 +82,7 @@ variable "worker_pools" { subnet_prefix = "default" pool_name = "myworkerpool" machine_type = "bx2.4x16" - operating_system = "REDHAT_8_64" + operating_system = "RHEL_9_64" workers_per_zone = 2 # minimum of 2 is allowed when using single zone }] } From a25f222267f82b3e7df90cdde947b55b220727c9 Mon Sep 17 00:00:00 2001 From: Md Anam Raihan Date: Fri, 24 Oct 2025 14:41:13 +0530 Subject: [PATCH 11/18] add workerpool example to test --- tests/pr_test.go | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/tests/pr_test.go b/tests/pr_test.go index cd93f311..9bc77a36 100644 --- a/tests/pr_test.go +++ b/tests/pr_test.go @@ -24,6 +24,7 @@ import ( const fullyConfigurableTerraformDir = "solutions/fully-configurable" const customsgExampleDir = "examples/custom_sg" +const workerpoolExampleDir = "examples/worker_pool" const quickStartTerraformDir = "solutions/quickstart" const resourceGroup = "geretain-test-base-ocp-vpc" @@ -233,6 +234,17 @@ func TestRunCustomsgExample(t *testing.T) { assert.NotNil(t, output, "Expected some output") } +func TestRunWorkerPoolExample(t *testing.T) { + t.Parallel() + + options := setupOptions(t, "ocp-wp", workerpoolExampleDir, ocpVersion1) + + output, err := options.RunTestConsistency() + + assert.Nil(t, err, "This should not have errored") + assert.NotNil(t, output, "Expected some output") +} + /******************************************************************* * TESTS FOR THE TERRAFORM BASED QUICKSTART DEPLOYABLE ARCHITECTURE * ********************************************************************/ From f68b3bb62aa0da6f344221feaacd1861dc371477 Mon Sep 17 00:00:00 2001 From: Md Anam Raihan Date: Fri, 24 Oct 2025 15:04:34 +0530 Subject: [PATCH 12/18] resolve comments --- tests/other_test.go | 11 +++++++++++ tests/pr_test.go | 11 ----------- 2 files changed, 11 insertions(+), 11 deletions(-) diff --git a/tests/other_test.go b/tests/other_test.go index 1e62fef2..716f1bf2 100644 --- a/tests/other_test.go +++ b/tests/other_test.go @@ -150,6 +150,17 @@ func TestRunAdvancedExample(t *testing.T) { assert.NotNil(t, output, "Expected some output") } +func TestRunWorkerPoolExample(t *testing.T) { + t.Parallel() + + options := setupOptions(t, "ocp-wp", workerpoolExampleDir, ocpVersion1) + + output, err := options.RunTestConsistency() + + assert.Nil(t, err, "This should not have errored") + assert.NotNil(t, output, "Expected some output") +} + func TestFSCloudInSchematic(t *testing.T) { t.Parallel() diff --git a/tests/pr_test.go b/tests/pr_test.go index 9bc77a36..824d4426 100644 --- a/tests/pr_test.go +++ b/tests/pr_test.go @@ -234,17 +234,6 @@ func TestRunCustomsgExample(t *testing.T) { assert.NotNil(t, output, "Expected some output") } -func TestRunWorkerPoolExample(t *testing.T) { - t.Parallel() - - options := setupOptions(t, "ocp-wp", workerpoolExampleDir, ocpVersion1) - - output, err := options.RunTestConsistency() - - assert.Nil(t, err, "This should not have errored") - assert.NotNil(t, output, "Expected some output") -} - /******************************************************************* * TESTS FOR THE TERRAFORM BASED QUICKSTART DEPLOYABLE ARCHITECTURE * ********************************************************************/ From 8a2ec73e692dd226730e52477fd8646b80a1f516 Mon Sep 17 00:00:00 2001 From: Md Anam Raihan Date: Fri, 24 Oct 2025 18:12:10 +0530 Subject: [PATCH 13/18] update example --- examples/worker_pool/main.tf | 134 +++++++++++++++--------------- examples/worker_pool/outputs.tf | 8 +- examples/worker_pool/variables.tf | 60 ++++++++----- 3 files changed, 111 insertions(+), 91 deletions(-) diff --git a/examples/worker_pool/main.tf b/examples/worker_pool/main.tf index 3cf6509b..ccc3ea56 100644 --- a/examples/worker_pool/main.tf +++ b/examples/worker_pool/main.tf @@ -19,78 +19,78 @@ module "resource_group" { # ACLs/Security Groups for network security. ######################################################################################################################## -resource "ibm_is_vpc" "vpc" { - name = "${var.prefix}-vpc" - resource_group = module.resource_group.resource_group_id - address_prefix_management = "auto" - tags = var.resource_tags -} - -resource "ibm_is_public_gateway" "gateway" { - name = "${var.prefix}-gateway-1" - vpc = ibm_is_vpc.vpc.id - resource_group = module.resource_group.resource_group_id - zone = "${var.region}-1" -} - -resource "ibm_is_subnet" "subnet_zone_1" { - name = "${var.prefix}-subnet-1" - vpc = ibm_is_vpc.vpc.id - resource_group = module.resource_group.resource_group_id - zone = "${var.region}-1" - total_ipv4_address_count = 256 - public_gateway = ibm_is_public_gateway.gateway.id -} - -######################################################################################################################## -# OCP VPC cluster (single zone) -######################################################################################################################## - -locals { - cluster_vpc_subnets = { - default = [ - { - id = ibm_is_subnet.subnet_zone_1.id - cidr_block = ibm_is_subnet.subnet_zone_1.ipv4_cidr_block - zone = ibm_is_subnet.subnet_zone_1.zone - } - ] - } - - worker_pools = [ - { - subnet_prefix = "default" - pool_name = "default" # ibm_container_vpc_cluster automatically names default pool "default" (See https://github.com/IBM-Cloud/terraform-provider-ibm/issues/2849) - machine_type = "bx2.4x16" - workers_per_zone = 2 # minimum of 2 is allowed when using single zone - operating_system = "RHCOS" - } - ] -} - -module "ocp_base" { - source = "../.." - resource_group_id = module.resource_group.resource_group_id - region = var.region - tags = var.resource_tags - cluster_name = var.prefix - force_delete_storage = true - vpc_id = ibm_is_vpc.vpc.id - vpc_subnets = local.cluster_vpc_subnets - ocp_version = var.ocp_version - worker_pools = local.worker_pools - access_tags = var.access_tags - ocp_entitlement = var.ocp_entitlement - disable_outbound_traffic_protection = true # set as True to enable outbound traffic; required for accessing Operator Hub in the OpenShift console. -} +# resource "ibm_is_vpc" "vpc" { +# name = "${var.prefix}-vpc" +# resource_group = module.resource_group.resource_group_id +# address_prefix_management = "auto" +# tags = var.resource_tags +# } +# +# resource "ibm_is_public_gateway" "gateway" { +# name = "${var.prefix}-gateway-1" +# vpc = ibm_is_vpc.vpc.id +# resource_group = module.resource_group.resource_group_id +# zone = "${var.region}-1" +# } +# +# resource "ibm_is_subnet" "subnet_zone_1" { +# name = "${var.prefix}-subnet-1" +# vpc = ibm_is_vpc.vpc.id +# resource_group = module.resource_group.resource_group_id +# zone = "${var.region}-1" +# total_ipv4_address_count = 256 +# public_gateway = ibm_is_public_gateway.gateway.id +# } +# +# ######################################################################################################################## +# # OCP VPC cluster (single zone) +# ######################################################################################################################## +# +# locals { +# cluster_vpc_subnets = { +# default = [ +# { +# id = ibm_is_subnet.subnet_zone_1.id +# cidr_block = ibm_is_subnet.subnet_zone_1.ipv4_cidr_block +# zone = ibm_is_subnet.subnet_zone_1.zone +# } +# ] +# } +# +# worker_pools = [ +# { +# subnet_prefix = "default" +# pool_name = "default" # ibm_container_vpc_cluster automatically names default pool "default" (See https://github.com/IBM-Cloud/terraform-provider-ibm/issues/2849) +# machine_type = "bx2.4x16" +# workers_per_zone = 2 # minimum of 2 is allowed when using single zone +# operating_system = "RHCOS" +# } +# ] +# } +# +# module "ocp_base" { +# source = "../.." +# resource_group_id = module.resource_group.resource_group_id +# region = var.region +# tags = var.resource_tags +# cluster_name = var.prefix +# force_delete_storage = true +# vpc_id = ibm_is_vpc.vpc.id +# vpc_subnets = local.cluster_vpc_subnets +# ocp_version = var.ocp_version +# worker_pools = local.worker_pools +# access_tags = var.access_tags +# ocp_entitlement = var.ocp_entitlement +# disable_outbound_traffic_protection = true # set as True to enable outbound traffic; required for accessing Operator Hub in the OpenShift console. +# } module "worker_pools" { source = "../../modules/worker-pool" resource_group_id = module.resource_group.resource_group_id - cluster_id = module.ocp_base.cluster_id + cluster_id = var.cluster_id worker_pools = var.worker_pools - vpc_subnets = local.cluster_vpc_subnets - vpc_id = ibm_is_vpc.vpc.id + vpc_subnets = var.vpc_subnets + vpc_id = var.vpc_id } diff --git a/examples/worker_pool/outputs.tf b/examples/worker_pool/outputs.tf index 8fc0f174..feda6164 100644 --- a/examples/worker_pool/outputs.tf +++ b/examples/worker_pool/outputs.tf @@ -2,7 +2,7 @@ # Outputs ######################################################################################################################## -output "cluster_name" { - value = module.ocp_base.cluster_name - description = "The name of the provisioned cluster." -} +# output "cluster_name" { +# value = module.ocp_base.cluster_name +# description = "The name of the provisioned cluster." +# } diff --git a/examples/worker_pool/variables.tf b/examples/worker_pool/variables.tf index dc72d427..2382bc07 100644 --- a/examples/worker_pool/variables.tf +++ b/examples/worker_pool/variables.tf @@ -28,29 +28,29 @@ variable "resource_group" { default = null } -variable "resource_tags" { - type = list(string) - description = "Optional list of tags to be added to created resources" - default = [] -} +# variable "resource_tags" { +# type = list(string) +# description = "Optional list of tags to be added to created resources" +# default = [] +# } -variable "ocp_version" { - type = string - description = "Version of the OCP cluster to provision" - default = null -} +# variable "ocp_version" { +# type = string +# description = "Version of the OCP cluster to provision" +# default = null +# } -variable "access_tags" { - type = list(string) - description = "A list of access tags to apply to the resources created by the module." - default = [] -} +# variable "access_tags" { +# type = list(string) +# description = "A list of access tags to apply to the resources created by the module." +# default = [] +# } -variable "ocp_entitlement" { - type = string - description = "Value that is applied to the entitlements for OCP cluster provisioning" - default = null -} +# variable "ocp_entitlement" { +# type = string +# description = "Value that is applied to the entitlements for OCP cluster provisioning" +# default = null +# } variable "worker_pools" { type = list(object({ @@ -86,3 +86,23 @@ variable "worker_pools" { workers_per_zone = 2 # minimum of 2 is allowed when using single zone }] } + +variable "vpc_subnets" { + type = map(list(object({ + id = string + zone = string + cidr_block = string + }))) + description = "Metadata that describes the VPC's subnets. Obtain this information from the VPC where this cluster is created." +} + +variable "cluster_id" { + type = string + description = "ID of the existing openshift cluster." +} + +variable "vpc_id" { + type = string + description = "ID of the VPC instance where this cluster is provisioned." +} + From 2015d932606a4ed2cca27dff890f656144599fba Mon Sep 17 00:00:00 2001 From: Md Anam Raihan Date: Fri, 24 Oct 2025 20:00:58 +0530 Subject: [PATCH 14/18] Add default value null to prefix variable --- examples/worker_pool/variables.tf | 1 + 1 file changed, 1 insertion(+) diff --git a/examples/worker_pool/variables.tf b/examples/worker_pool/variables.tf index 2382bc07..c784d562 100644 --- a/examples/worker_pool/variables.tf +++ b/examples/worker_pool/variables.tf @@ -15,6 +15,7 @@ variable "prefix" { error_message = "Prefix must begin and end with a letter and contain only letters, numbers, and - characters." condition = can(regex("^([A-z]|[a-z][-a-z0-9]*[a-z0-9])$", var.prefix)) } +default = null } variable "region" { From 9a354da89a2ce7036b1ac1983950349e4fc485e9 Mon Sep 17 00:00:00 2001 From: Md Anam Raihan Date: Fri, 24 Oct 2025 20:04:38 +0530 Subject: [PATCH 15/18] Remove validation from prefix variable Removed validation for prefix variable in Terraform. --- examples/worker_pool/variables.tf | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/examples/worker_pool/variables.tf b/examples/worker_pool/variables.tf index c784d562..e16434a5 100644 --- a/examples/worker_pool/variables.tf +++ b/examples/worker_pool/variables.tf @@ -11,11 +11,7 @@ variable "ibmcloud_api_key" { variable "prefix" { type = string description = "Prefix for name of all resource created by this example" - validation { - error_message = "Prefix must begin and end with a letter and contain only letters, numbers, and - characters." - condition = can(regex("^([A-z]|[a-z][-a-z0-9]*[a-z0-9])$", var.prefix)) - } -default = null + default = null } variable "region" { From 4143f78135c2eb053b416977e9ebce158c5c1132 Mon Sep 17 00:00:00 2001 From: Md Anam Raihan Date: Fri, 24 Oct 2025 20:28:31 +0530 Subject: [PATCH 16/18] resolve comments --- examples/custom_sg/main.tf | 14 ++++ examples/custom_sg/variables.tf | 35 ++++++++++ examples/worker_pool/README.md | 10 --- examples/worker_pool/main.tf | 96 -------------------------- examples/worker_pool/outputs.tf | 8 --- examples/worker_pool/provider.tf | 8 --- examples/worker_pool/variables.tf | 108 ------------------------------ examples/worker_pool/version.tf | 12 ---- tests/other_test.go | 11 --- tests/pr_test.go | 1 - 10 files changed, 49 insertions(+), 254 deletions(-) delete mode 100644 examples/worker_pool/README.md delete mode 100644 examples/worker_pool/main.tf delete mode 100644 examples/worker_pool/outputs.tf delete mode 100644 examples/worker_pool/provider.tf delete mode 100644 examples/worker_pool/variables.tf delete mode 100644 examples/worker_pool/version.tf diff --git a/examples/custom_sg/main.tf b/examples/custom_sg/main.tf index ef8dc6b0..c89ca481 100644 --- a/examples/custom_sg/main.tf +++ b/examples/custom_sg/main.tf @@ -117,3 +117,17 @@ module "ocp_base" { "registry" = [module.custom_sg["custom-registry-vpe-sg"].security_group_id] } } + + +######################################################################################################################## +# Worker Pool +######################################################################################################################## + +module "worker_pool" { + source = "../../modules/worker-pool" + resource_group_id = module.resource_group.resource_group_id + vpc_id = ibm_is_vpc.vpc.id + cluster_id = module.ocp_base.cluster_id + vpc_subnets = local.cluster_vpc_subnets + worker_pools = var.worker_pools +} diff --git a/examples/custom_sg/variables.tf b/examples/custom_sg/variables.tf index c89ebf53..693152ee 100644 --- a/examples/custom_sg/variables.tf +++ b/examples/custom_sg/variables.tf @@ -57,3 +57,38 @@ variable "ocp_entitlement" { description = "Value that is applied to the entitlements for OCP cluster provisioning" default = null } + +variable "worker_pools" { + type = list(object({ + subnet_prefix = optional(string) + vpc_subnets = optional(list(object({ + id = string + zone = string + cidr_block = string + }))) + pool_name = string + machine_type = string + workers_per_zone = number + resource_group_id = optional(string) + operating_system = string + labels = optional(map(string)) + minSize = optional(number) + secondary_storage = optional(string) + maxSize = optional(number) + enableAutoscaling = optional(bool) + boot_volume_encryption_kms_config = optional(object({ + crk = string + kms_instance_id = string + kms_account_id = optional(string) + })) + additional_security_group_ids = optional(list(string)) + })) + description = "List of additional worker pools" + default = [{ + subnet_prefix = "default" + pool_name = "workerpool" + machine_type = "bx2.4x16" + operating_system = "REDHAT_8_64" + workers_per_zone = 2 + }] +} diff --git a/examples/worker_pool/README.md b/examples/worker_pool/README.md deleted file mode 100644 index 13f5e16f..00000000 --- a/examples/worker_pool/README.md +++ /dev/null @@ -1,10 +0,0 @@ -# Worker pool example - -This example demonstrates how to provision a basic single-zone OCP VPC cluster along with an additional worker pool attached to the cluster. - -The following resources are provisioned by this example: - -- A new resource group, if an existing one is not passed in. -- A basic VPC and subnet with public gateway enabled. -- A single zone OCP VPC cluster with a default worker pool. -- An additional worker pool attached to the VPC cluster. diff --git a/examples/worker_pool/main.tf b/examples/worker_pool/main.tf deleted file mode 100644 index ccc3ea56..00000000 --- a/examples/worker_pool/main.tf +++ /dev/null @@ -1,96 +0,0 @@ -######################################################################################################################## -# Resource Group -######################################################################################################################## - -module "resource_group" { - source = "terraform-ibm-modules/resource-group/ibm" - version = "1.4.0" - # if an existing resource group is not set (null) create a new one using prefix - resource_group_name = var.resource_group == null ? "${var.prefix}-resource-group" : null - existing_resource_group_name = var.resource_group -} - -######################################################################################################################## -# VPC + Subnet + Public Gateway -# -# NOTE: This is a very simple VPC with single subnet in a single zone with a public gateway enabled, that will allow -# all traffic ingress/egress by default. -# For production use cases this would need to be enhanced by adding more subnets and zones for resiliency, and -# ACLs/Security Groups for network security. -######################################################################################################################## - -# resource "ibm_is_vpc" "vpc" { -# name = "${var.prefix}-vpc" -# resource_group = module.resource_group.resource_group_id -# address_prefix_management = "auto" -# tags = var.resource_tags -# } -# -# resource "ibm_is_public_gateway" "gateway" { -# name = "${var.prefix}-gateway-1" -# vpc = ibm_is_vpc.vpc.id -# resource_group = module.resource_group.resource_group_id -# zone = "${var.region}-1" -# } -# -# resource "ibm_is_subnet" "subnet_zone_1" { -# name = "${var.prefix}-subnet-1" -# vpc = ibm_is_vpc.vpc.id -# resource_group = module.resource_group.resource_group_id -# zone = "${var.region}-1" -# total_ipv4_address_count = 256 -# public_gateway = ibm_is_public_gateway.gateway.id -# } -# -# ######################################################################################################################## -# # OCP VPC cluster (single zone) -# ######################################################################################################################## -# -# locals { -# cluster_vpc_subnets = { -# default = [ -# { -# id = ibm_is_subnet.subnet_zone_1.id -# cidr_block = ibm_is_subnet.subnet_zone_1.ipv4_cidr_block -# zone = ibm_is_subnet.subnet_zone_1.zone -# } -# ] -# } -# -# worker_pools = [ -# { -# subnet_prefix = "default" -# pool_name = "default" # ibm_container_vpc_cluster automatically names default pool "default" (See https://github.com/IBM-Cloud/terraform-provider-ibm/issues/2849) -# machine_type = "bx2.4x16" -# workers_per_zone = 2 # minimum of 2 is allowed when using single zone -# operating_system = "RHCOS" -# } -# ] -# } -# -# module "ocp_base" { -# source = "../.." -# resource_group_id = module.resource_group.resource_group_id -# region = var.region -# tags = var.resource_tags -# cluster_name = var.prefix -# force_delete_storage = true -# vpc_id = ibm_is_vpc.vpc.id -# vpc_subnets = local.cluster_vpc_subnets -# ocp_version = var.ocp_version -# worker_pools = local.worker_pools -# access_tags = var.access_tags -# ocp_entitlement = var.ocp_entitlement -# disable_outbound_traffic_protection = true # set as True to enable outbound traffic; required for accessing Operator Hub in the OpenShift console. -# } - - - -module "worker_pools" { - source = "../../modules/worker-pool" - resource_group_id = module.resource_group.resource_group_id - cluster_id = var.cluster_id - worker_pools = var.worker_pools - vpc_subnets = var.vpc_subnets - vpc_id = var.vpc_id -} diff --git a/examples/worker_pool/outputs.tf b/examples/worker_pool/outputs.tf deleted file mode 100644 index feda6164..00000000 --- a/examples/worker_pool/outputs.tf +++ /dev/null @@ -1,8 +0,0 @@ -######################################################################################################################## -# Outputs -######################################################################################################################## - -# output "cluster_name" { -# value = module.ocp_base.cluster_name -# description = "The name of the provisioned cluster." -# } diff --git a/examples/worker_pool/provider.tf b/examples/worker_pool/provider.tf deleted file mode 100644 index 84b69850..00000000 --- a/examples/worker_pool/provider.tf +++ /dev/null @@ -1,8 +0,0 @@ -######################################################################################################################## -# Provider config -######################################################################################################################## - -provider "ibm" { - ibmcloud_api_key = var.ibmcloud_api_key - region = var.region -} diff --git a/examples/worker_pool/variables.tf b/examples/worker_pool/variables.tf deleted file mode 100644 index 2382bc07..00000000 --- a/examples/worker_pool/variables.tf +++ /dev/null @@ -1,108 +0,0 @@ -######################################################################################################################## -# Input variables -######################################################################################################################## - -variable "ibmcloud_api_key" { - type = string - description = "The IBM Cloud api token" - sensitive = true -} - -variable "prefix" { - type = string - description = "Prefix for name of all resource created by this example" - validation { - error_message = "Prefix must begin and end with a letter and contain only letters, numbers, and - characters." - condition = can(regex("^([A-z]|[a-z][-a-z0-9]*[a-z0-9])$", var.prefix)) - } -} - -variable "region" { - type = string - description = "Region where resources are created" -} - -variable "resource_group" { - type = string - description = "An existing resource group name to use for this example, if unset a new resource group will be created" - default = null -} - -# variable "resource_tags" { -# type = list(string) -# description = "Optional list of tags to be added to created resources" -# default = [] -# } - -# variable "ocp_version" { -# type = string -# description = "Version of the OCP cluster to provision" -# default = null -# } - -# variable "access_tags" { -# type = list(string) -# description = "A list of access tags to apply to the resources created by the module." -# default = [] -# } - -# variable "ocp_entitlement" { -# type = string -# description = "Value that is applied to the entitlements for OCP cluster provisioning" -# default = null -# } - -variable "worker_pools" { - type = list(object({ - subnet_prefix = optional(string) - vpc_subnets = optional(list(object({ - id = string - zone = string - cidr_block = string - }))) - pool_name = string - machine_type = string - workers_per_zone = number - resource_group_id = optional(string) - operating_system = string - labels = optional(map(string)) - minSize = optional(number) - secondary_storage = optional(string) - maxSize = optional(number) - enableAutoscaling = optional(bool) - boot_volume_encryption_kms_config = optional(object({ - crk = string - kms_instance_id = string - kms_account_id = optional(string) - })) - additional_security_group_ids = optional(list(string)) - })) - description = "List of worker pools" - default = [{ - subnet_prefix = "default" - pool_name = "myworkerpool" - machine_type = "bx2.4x16" - operating_system = "RHEL_9_64" - workers_per_zone = 2 # minimum of 2 is allowed when using single zone - }] -} - -variable "vpc_subnets" { - type = map(list(object({ - id = string - zone = string - cidr_block = string - }))) - description = "Metadata that describes the VPC's subnets. Obtain this information from the VPC where this cluster is created." -} - -variable "cluster_id" { - type = string - description = "ID of the existing openshift cluster." -} - -variable "vpc_id" { - type = string - description = "ID of the VPC instance where this cluster is provisioned." -} - diff --git a/examples/worker_pool/version.tf b/examples/worker_pool/version.tf deleted file mode 100644 index e51c9efc..00000000 --- a/examples/worker_pool/version.tf +++ /dev/null @@ -1,12 +0,0 @@ -terraform { - required_version = ">= 1.9.0" - - # Ensure that there is always 1 example locked into the lowest provider version of the range defined in the main - # module's version.tf (basic and add_rules_to_sg), and 1 example that will always use the latest provider version (advanced, fscloud and multiple mzr). - required_providers { - ibm = { - source = "ibm-cloud/ibm" - version = ">= 1.78.2" - } - } -} diff --git a/tests/other_test.go b/tests/other_test.go index 716f1bf2..1e62fef2 100644 --- a/tests/other_test.go +++ b/tests/other_test.go @@ -150,17 +150,6 @@ func TestRunAdvancedExample(t *testing.T) { assert.NotNil(t, output, "Expected some output") } -func TestRunWorkerPoolExample(t *testing.T) { - t.Parallel() - - options := setupOptions(t, "ocp-wp", workerpoolExampleDir, ocpVersion1) - - output, err := options.RunTestConsistency() - - assert.Nil(t, err, "This should not have errored") - assert.NotNil(t, output, "Expected some output") -} - func TestFSCloudInSchematic(t *testing.T) { t.Parallel() diff --git a/tests/pr_test.go b/tests/pr_test.go index 824d4426..cd93f311 100644 --- a/tests/pr_test.go +++ b/tests/pr_test.go @@ -24,7 +24,6 @@ import ( const fullyConfigurableTerraformDir = "solutions/fully-configurable" const customsgExampleDir = "examples/custom_sg" -const workerpoolExampleDir = "examples/worker_pool" const quickStartTerraformDir = "solutions/quickstart" const resourceGroup = "geretain-test-base-ocp-vpc" From 9492774a7d5ebeeb6709b1f1b46a9c7954902849 Mon Sep 17 00:00:00 2001 From: Md Anam Raihan Date: Fri, 24 Oct 2025 20:29:49 +0530 Subject: [PATCH 17/18] remove worker pool example --- examples/worker_pool/variables.tf | 105 ------------------------------ 1 file changed, 105 deletions(-) delete mode 100644 examples/worker_pool/variables.tf diff --git a/examples/worker_pool/variables.tf b/examples/worker_pool/variables.tf deleted file mode 100644 index e16434a5..00000000 --- a/examples/worker_pool/variables.tf +++ /dev/null @@ -1,105 +0,0 @@ -######################################################################################################################## -# Input variables -######################################################################################################################## - -variable "ibmcloud_api_key" { - type = string - description = "The IBM Cloud api token" - sensitive = true -} - -variable "prefix" { - type = string - description = "Prefix for name of all resource created by this example" - default = null -} - -variable "region" { - type = string - description = "Region where resources are created" -} - -variable "resource_group" { - type = string - description = "An existing resource group name to use for this example, if unset a new resource group will be created" - default = null -} - -# variable "resource_tags" { -# type = list(string) -# description = "Optional list of tags to be added to created resources" -# default = [] -# } - -# variable "ocp_version" { -# type = string -# description = "Version of the OCP cluster to provision" -# default = null -# } - -# variable "access_tags" { -# type = list(string) -# description = "A list of access tags to apply to the resources created by the module." -# default = [] -# } - -# variable "ocp_entitlement" { -# type = string -# description = "Value that is applied to the entitlements for OCP cluster provisioning" -# default = null -# } - -variable "worker_pools" { - type = list(object({ - subnet_prefix = optional(string) - vpc_subnets = optional(list(object({ - id = string - zone = string - cidr_block = string - }))) - pool_name = string - machine_type = string - workers_per_zone = number - resource_group_id = optional(string) - operating_system = string - labels = optional(map(string)) - minSize = optional(number) - secondary_storage = optional(string) - maxSize = optional(number) - enableAutoscaling = optional(bool) - boot_volume_encryption_kms_config = optional(object({ - crk = string - kms_instance_id = string - kms_account_id = optional(string) - })) - additional_security_group_ids = optional(list(string)) - })) - description = "List of worker pools" - default = [{ - subnet_prefix = "default" - pool_name = "myworkerpool" - machine_type = "bx2.4x16" - operating_system = "RHEL_9_64" - workers_per_zone = 2 # minimum of 2 is allowed when using single zone - }] -} - -variable "vpc_subnets" { - type = map(list(object({ - id = string - zone = string - cidr_block = string - }))) - description = "Metadata that describes the VPC's subnets. Obtain this information from the VPC where this cluster is created." -} - -variable "cluster_id" { - type = string - description = "ID of the existing openshift cluster." -} - -variable "vpc_id" { - type = string - description = "ID of the VPC instance where this cluster is provisioned." -} - From 9f7fd8a804d7ff2fca90cf8516ec9178805b09d3 Mon Sep 17 00:00:00 2001 From: Md Anam Raihan Date: Fri, 24 Oct 2025 15:10:19 +0000 Subject: [PATCH 18/18] resolve pc --- examples/custom_sg/README.md | 1 + examples/custom_sg/main.tf | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/examples/custom_sg/README.md b/examples/custom_sg/README.md index 58cde5c8..b2f41666 100644 --- a/examples/custom_sg/README.md +++ b/examples/custom_sg/README.md @@ -6,6 +6,7 @@ An example showing how to attach additional security groups to the worker pools, 2. A second custom security group, named `custom-worker-pool-sg`, is specified for one of the `custom-sg` worker pools. This security group is not applied to other worker pools. 3. Three custom security groups, named `custom-master-vpe-sg`, `custom-registry-vpe-sg`, and `custom-kube-api-vpe-sg`, are attached to the three VPEs created by the ROKS-stack: the master VPE, the container registry VPE, and the kubernetes API VPE. This is in addition to the IBM-managed security groups that are still attached to those resources. 4. One custom security group, named `custom-lb-sg`, is attached to the LB created out-of-the-box by the IBM stack. +5. An additional worker pool named `workerpool` is created and attached to the cluster. Furthermore, the default IBM-managed `kube-` security group is linked to all worker nodes of the cluster by utilizing the `attach_ibm_managed_security_group` input variable. It is important to note that, in this configuration, the default VPC security group is not connected to any worker node. diff --git a/examples/custom_sg/main.tf b/examples/custom_sg/main.tf index c89ca481..004b4953 100644 --- a/examples/custom_sg/main.tf +++ b/examples/custom_sg/main.tf @@ -120,7 +120,7 @@ module "ocp_base" { ######################################################################################################################## -# Worker Pool +# Worker Pool ######################################################################################################################## module "worker_pool" {