feat: expose the ability to force delete storage created by cluster. It defaults to false, however the OCP Quickstart flavor sets to true (#790)

Khuzaima05 · web-flow · commit 32a6820f8b41 · 2024-05-23T15:27:50.000+01:00
diff --git a/README.md b/README.md
@@ -907,7 +907,7 @@ module "cluster_pattern" {
 |------|-------------|------|---------|:--------:|
 | <a name="input_appid"></a> [appid](#input\_appid) | The App ID instance to be used for the teleport vsi deployments | <pre>object({<br>    name           = optional(string)<br>    resource_group = optional(string)<br>    use_data       = optional(bool)<br>    keys           = optional(list(string))<br>    use_appid      = bool<br>  })</pre> | <pre>{<br>  "use_appid": false<br>}</pre> | no |
 | <a name="input_atracker"></a> [atracker](#input\_atracker) | atracker variables | <pre>object({<br>    resource_group        = string<br>    receive_global_events = bool<br>    collector_bucket_name = string<br>    add_route             = bool<br>  })</pre> | n/a | yes |
-| <a name="input_clusters"></a> [clusters](#input\_clusters) | A list describing clusters workloads to create | <pre>list(<br>    object({<br>      name                                = string           # Name of Cluster<br>      vpc_name                            = string           # Name of VPC<br>      subnet_names                        = list(string)     # List of vpc subnets for cluster<br>      workers_per_subnet                  = number           # Worker nodes per subnet.<br>      machine_type                        = string           # Worker node flavor<br>      kube_type                           = string           # iks or openshift<br>      kube_version                        = optional(string) # Can be a version from `ibmcloud ks versions` or `default`<br>      entitlement                         = optional(string) # entitlement option for openshift<br>      secondary_storage                   = optional(string) # Secondary storage type<br>      pod_subnet                          = optional(string) # Portable subnet for pods<br>      service_subnet                      = optional(string) # Portable subnet for services<br>      resource_group                      = string           # Resource Group used for cluster<br>      cos_name                            = optional(string) # Name of COS instance Required only for OpenShift clusters<br>      access_tags                         = optional(list(string), [])<br>      boot_volume_crk_name                = optional(string)      # Boot volume encryption key name<br>      disable_public_endpoint             = optional(bool, true)  # disable cluster public, leaving only private endpoint<br>      disable_outbound_traffic_protection = optional(bool, false) # public outbound access from the cluster workers<br>      addons = optional(object({                                  # Map of OCP cluster add-on versions to install<br>        debug-tool                = optional(string)<br>        image-key-synchronizer    = optional(string)<br>        openshift-data-foundation = optional(string)<br>        vpc-file-csi-driver       = optional(string)<br>        static-route              = optional(string)<br>        cluster-autoscaler        = optional(string)<br>        vpc-block-csi-driver      = optional(string)<br>      }), {})<br>      manage_all_addons = optional(bool, false) # Instructs Terraform to manage all cluster addons, even if addons were installed outside of the module. If set to 'true' this module will destroy any addons that were installed by other sources.<br>      kms_config = optional(<br>        object({<br>          crk_name         = string         # Name of key<br>          private_endpoint = optional(bool) # Private endpoint<br>        })<br>      )<br>      worker_pools = optional(<br>        list(<br>          object({<br>            name                 = string           # Worker pool name<br>            vpc_name             = string           # VPC name<br>            workers_per_subnet   = number           # Worker nodes per subnet<br>            flavor               = string           # Worker node flavor<br>            subnet_names         = list(string)     # List of vpc subnets for worker pool<br>            entitlement          = optional(string) # entitlement option for openshift<br>            secondary_storage    = optional(string) # Secondary storage type<br>            boot_volume_crk_name = optional(string) # Boot volume encryption key name<br>          })<br>        )<br>      )<br>    })<br>  )</pre> | n/a | yes |
+| <a name="input_clusters"></a> [clusters](#input\_clusters) | A list describing clusters workloads to create | <pre>list(<br>    object({<br>      name                                = string           # Name of Cluster<br>      vpc_name                            = string           # Name of VPC<br>      subnet_names                        = list(string)     # List of vpc subnets for cluster<br>      workers_per_subnet                  = number           # Worker nodes per subnet.<br>      machine_type                        = string           # Worker node flavor<br>      kube_type                           = string           # iks or openshift<br>      kube_version                        = optional(string) # Can be a version from `ibmcloud ks versions` or `default`<br>      entitlement                         = optional(string) # entitlement option for openshift<br>      secondary_storage                   = optional(string) # Secondary storage type<br>      pod_subnet                          = optional(string) # Portable subnet for pods<br>      service_subnet                      = optional(string) # Portable subnet for services<br>      resource_group                      = string           # Resource Group used for cluster<br>      cos_name                            = optional(string) # Name of COS instance Required only for OpenShift clusters<br>      access_tags                         = optional(list(string), [])<br>      boot_volume_crk_name                = optional(string)      # Boot volume encryption key name<br>      disable_public_endpoint             = optional(bool, true)  # disable cluster public, leaving only private endpoint<br>      disable_outbound_traffic_protection = optional(bool, false) # public outbound access from the cluster workers<br>      cluster_force_delete_storage        = optional(bool, false) # force the removal of persistent storage associated with the cluster during cluster deletion<br>      addons = optional(object({                                  # Map of OCP cluster add-on versions to install<br>        debug-tool                = optional(string)<br>        image-key-synchronizer    = optional(string)<br>        openshift-data-foundation = optional(string)<br>        vpc-file-csi-driver       = optional(string)<br>        static-route              = optional(string)<br>        cluster-autoscaler        = optional(string)<br>        vpc-block-csi-driver      = optional(string)<br>      }), {})<br>      manage_all_addons = optional(bool, false) # Instructs Terraform to manage all cluster addons, even if addons were installed outside of the module. If set to 'true' this module will destroy any addons that were installed by other sources.<br>      kms_config = optional(<br>        object({<br>          crk_name         = string         # Name of key<br>          private_endpoint = optional(bool) # Private endpoint<br>        })<br>      )<br>      worker_pools = optional(<br>        list(<br>          object({<br>            name                 = string           # Worker pool name<br>            vpc_name             = string           # VPC name<br>            workers_per_subnet   = number           # Worker nodes per subnet<br>            flavor               = string           # Worker node flavor<br>            subnet_names         = list(string)     # List of vpc subnets for worker pool<br>            entitlement          = optional(string) # entitlement option for openshift<br>            secondary_storage    = optional(string) # Secondary storage type<br>            boot_volume_crk_name = optional(string) # Boot volume encryption key name<br>          })<br>        )<br>      )<br>    })<br>  )</pre> | n/a | yes |
 | <a name="input_cos"></a> [cos](#input\_cos) | Object describing the cloud object storage instance, buckets, and keys. Set `use_data` to false to create instance | <pre>list(<br>    object({<br>      name           = string<br>      use_data       = optional(bool)<br>      resource_group = string<br>      plan           = optional(string)<br>      random_suffix  = optional(bool) # Use a random suffix for COS instance<br>      access_tags    = optional(list(string), [])<br>      buckets = list(object({<br>        name                  = string<br>        storage_class         = string<br>        endpoint_type         = string<br>        force_delete          = bool<br>        single_site_location  = optional(string)<br>        region_location       = optional(string)<br>        cross_region_location = optional(string)<br>        kms_key               = optional(string)<br>        access_tags           = optional(list(string), [])<br>        allowed_ip            = optional(list(string), [])<br>        hard_quota            = optional(number)<br>        archive_rule = optional(object({<br>          days    = number<br>          enable  = bool<br>          rule_id = optional(string)<br>          type    = string<br>        }))<br>        expire_rule = optional(object({<br>          days                         = optional(number)<br>          date                         = optional(string)<br>          enable                       = bool<br>          expired_object_delete_marker = optional(string)<br>          prefix                       = optional(string)<br>          rule_id                      = optional(string)<br>        }))<br>        activity_tracking = optional(object({<br>          activity_tracker_crn = string<br>          read_data_events     = bool<br>          write_data_events    = bool<br>        }))<br>        metrics_monitoring = optional(object({<br>          metrics_monitoring_crn  = string<br>          request_metrics_enabled = optional(bool)<br>          usage_metrics_enabled   = optional(bool)<br>        }))<br>      }))<br>      keys = optional(<br>        list(object({<br>          name        = string<br>          role        = string<br>          enable_HMAC = bool<br>        }))<br>      )<br><br>    })<br>  )</pre> | n/a | yes |
 | <a name="input_enable_transit_gateway"></a> [enable\_transit\_gateway](#input\_enable\_transit\_gateway) | Create transit gateway | `bool` | `true` | no |
 | <a name="input_f5_template_data"></a> [f5\_template\_data](#input\_f5\_template\_data) | Data for all f5 templates | <pre>object({<br>    tmos_admin_password     = optional(string)<br>    license_type            = optional(string)<br>    byol_license_basekey    = optional(string)<br>    license_host            = optional(string)<br>    license_username        = optional(string)<br>    license_password        = optional(string)<br>    license_pool            = optional(string)<br>    license_sku_keyword_1   = optional(string)<br>    license_sku_keyword_2   = optional(string)<br>    license_unit_of_measure = optional(string)<br>    do_declaration_url      = optional(string)<br>    as3_declaration_url     = optional(string)<br>    ts_declaration_url      = optional(string)<br>    phone_home_url          = optional(string)<br>    template_source         = optional(string)<br>    template_version        = optional(string)<br>    app_id                  = optional(string)<br>    tgactive_url            = optional(string)<br>    tgstandby_url           = optional(string)<br>    tgrefresh_url           = optional(string)<br>  })</pre> | <pre>{<br>  "license_type": "none"<br>}</pre> | no |
diff --git a/cluster.tf b/cluster.tf
@@ -57,6 +57,7 @@ resource "ibm_container_vpc_cluster" "cluster" {
   pod_subnet                          = each.value.pod_subnet
   service_subnet                      = each.value.service_subnet
   disable_outbound_traffic_protection = each.value.disable_outbound_traffic_protection
+  force_delete_storage                = each.value.cluster_force_delete_storage
   crk                                 = each.value.boot_volume_crk_name == null ? null : regex("key:(.*)", module.key_management.key_map[each.value.boot_volume_crk_name].crn)[0]
   kms_instance_id                     = each.value.boot_volume_crk_name == null ? null : regex(".*:(.*):key:.*", module.key_management.key_map[each.value.boot_volume_crk_name].crn)[0]
   kms_account_id                      = each.value.boot_volume_crk_name == null ? null : regex("a/([a-f0-9]{32})", module.key_management.key_map[each.value.boot_volume_crk_name].crn)[0] == data.ibm_iam_account_settings.iam_account_settings.account_id ? null : regex("a/([a-f0-9]{32})", module.key_management.key_map[each.value.boot_volume_crk_name].crn)[0]
diff --git a/common-dev-assets b/common-dev-assets
@@ -1 +1 @@
-Subproject commit d6af6b18b38ca0ec7d039fe8c295d475f3574351
+Subproject commit 22a87c013571edfc07b2e6f412361a9aea627cec
diff --git a/patterns/roks-quickstart/main.tf b/patterns/roks-quickstart/main.tf
@@ -38,6 +38,7 @@ locals {
          "name": "workload-cluster",
          "resource_group": "workload-rg",
          "disable_outbound_traffic_protection": true,
+         "cluster_force_delete_storage": true,
          "kms_config": {
             "crk_name": "roks-key",
             "private_endpoint": true
diff --git a/patterns/roks/main.tf b/patterns/roks/main.tf
@@ -51,6 +51,7 @@ module "roks_landing_zone" {
   license_host                           = var.license_host
   license_username                       = var.license_username
   disable_outbound_traffic_protection    = var.disable_outbound_traffic_protection
+  cluster_force_delete_storage           = var.cluster_force_delete_storage
   license_password                       = var.license_password
   license_pool                           = var.license_pool
   license_sku_keyword_1                  = var.license_sku_keyword_1
diff --git a/patterns/roks/module/config.tf b/patterns/roks/module/config.tf
@@ -91,6 +91,7 @@ locals {
         manage_all_addons                   = var.manage_all_cluster_addons
         boot_volume_crk_name                = "${var.prefix}-roks-key"
         disable_outbound_traffic_protection = var.disable_outbound_traffic_protection
+        cluster_force_delete_storage        = var.cluster_force_delete_storage
         # By default, create dedicated pool for logging
         worker_pools = [
           # {
diff --git a/patterns/roks/module/variables.tf b/patterns/roks/module/variables.tf
@@ -190,6 +190,12 @@ variable "disable_outbound_traffic_protection" {
   default     = false
 }
 
+variable "cluster_force_delete_storage" {
+  type        = bool
+  description = "Whether to delete persistent storage when the associated VPC cluster is deleted so that it can't be recovered. Set to true to force the removal of persistent storage. Set to false to skip the forceful deletion."
+  default     = false
+}
+
 ##############################################################################
 
 
diff --git a/patterns/roks/override.json b/patterns/roks/override.json
@@ -15,6 +15,7 @@
             "name": "management-cluster",
             "resource_group": "slz-management-rg",
             "disable_outbound_traffic_protection": false,
+            "cluster_force_delete_storage": false,
             "kms_config": {
                 "crk_name": "slz-roks-key",
                 "private_endpoint": true
@@ -50,6 +51,7 @@
             "name": "workload-cluster",
             "resource_group": "slz-workload-rg",
             "disable_outbound_traffic_protection": false,
+            "cluster_force_delete_storage": false,
             "kms_config": {
                 "crk_name": "slz-roks-key",
                 "private_endpoint": true
diff --git a/patterns/roks/variables.tf b/patterns/roks/variables.tf
@@ -199,6 +199,12 @@ variable "disable_outbound_traffic_protection" {
   default     = false
 }
 
+variable "cluster_force_delete_storage" {
+  type        = bool
+  description = "Whether to delete persistent storage when the associated VPC cluster is deleted so that it can't be recovered. Set to true to force the removal of persistent storage. Set to false to skip the forceful deletion."
+  default     = false
+}
+
 ##############################################################################
 
 
diff --git a/variables.tf b/variables.tf
@@ -828,6 +828,7 @@ variable "clusters" {
       boot_volume_crk_name                = optional(string)      # Boot volume encryption key name
       disable_public_endpoint             = optional(bool, true)  # disable cluster public, leaving only private endpoint
       disable_outbound_traffic_protection = optional(bool, false) # public outbound access from the cluster workers
+      cluster_force_delete_storage        = optional(bool, false) # force the removal of persistent storage associated with the cluster during cluster deletion
       addons = optional(object({                                  # Map of OCP cluster add-on versions to install
         debug-tool                = optional(string)
         image-key-synchronizer    = optional(string)
