You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.md
+7-1Lines changed: 7 additions & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -43,6 +43,7 @@ For more information about the default configuration, see [Default Secure Landin
43
43
:information_source: Ctrl/Cmd+Click or right-click on the Schematics deploy button to open in a new tab
44
44
* <ahref="./examples/one-vpc-one-vsi">One VPC with one VSI example</a> <ahref="https://cloud.ibm.com/schematics/workspaces/create?workspace_name=landing-zone-one-vpc-one-vsi-example&repository=https://github.com/terraform-ibm-modules/terraform-ibm-landing-zone/tree/main/examples/one-vpc-one-vsi"><imgsrc="https://img.shields.io/badge/Deploy%20with IBM%20Cloud%20Schematics-0f62fe?logo=ibm&logoColor=white&labelColor=0f62fe"alt="Deploy with IBM Cloud Schematics"style="height: 16px; vertical-align: text-bottom; margin-left: 5px;"></a>
45
45
* <ahref="./examples/override-example">Override.json example</a> <ahref="https://cloud.ibm.com/schematics/workspaces/create?workspace_name=landing-zone-override-example-example&repository=https://github.com/terraform-ibm-modules/terraform-ibm-landing-zone/tree/main/examples/override-example"><imgsrc="https://img.shields.io/badge/Deploy%20with IBM%20Cloud%20Schematics-0f62fe?logo=ibm&logoColor=white&labelColor=0f62fe"alt="Deploy with IBM Cloud Schematics"style="height: 16px; vertical-align: text-bottom; margin-left: 5px;"></a>
| <aname="input_appid"></a> [appid](#input\_appid)| The App ID instance to be used for the teleport vsi deployments | <pre>object({<br/> name = optional(string)<br/> resource_group = optional(string)<br/> use_data = optional(bool)<br/> keys = optional(list(string))<br/> use_appid = bool<br/> })</pre> | <pre>{<br/> "use_appid": false<br/>}</pre> | no |
| <a name="input_clusters"></a> [clusters](#input\_clusters) | A list describing clusters workloads to create | <pre>list(<br/> object({<br/> name = string # Name of Cluster<br/> vpc_name = string # Name of VPC<br/> subnet_names = list(string) # List of vpc subnets for cluster<br/> workers_per_subnet = number # Worker nodes per subnet.<br/> machine_type = string # Worker node flavor<br/> kube_type = string # iks or openshift<br/> kube_version = optional(string) # Can be a version from `ibmcloud ks versions` or `default`<br/> entitlement = optional(string) # entitlement option for openshift<br/> secondary_storage = optional(string) # Secondary storage type<br/> pod_subnet = optional(string) # Portable subnet for pods<br/> service_subnet = optional(string) # Portable subnet for services<br/> resource_group = string # Resource Group used for cluster<br/> cos_name = optional(string) # Name of COS instance Required only for OpenShift clusters<br/> access_tags = optional(list(string), [])<br/> boot_volume_crk_name = optional(string) # Boot volume encryption key name<br/> disable_public_endpoint = optional(bool, true) # disable cluster public, leaving only private endpoint<br/> disable_outbound_traffic_protection = optional(bool, false) # public outbound access from the cluster workers<br/> cluster_force_delete_storage = optional(bool, false) # force the removal of persistent storage associated with the cluster during cluster deletion<br/> operating_system = string # The operating system of the workers in the default worker pool. See https://cloud.ibm.com/docs/openshift?topic=openshift-openshift_versions#openshift_versions_available .<br/> kms_wait_for_apply = optional(bool, true) # make terraform wait until KMS is applied to master and it is ready and deployed<br/> verify_cluster_network_readiness = optional(bool, true) # Flag to run a script will run kubectl commands to verify that all worker nodes can communicate successfully with the master. If the runtime does not have access to the kube cluster to run kubectl commands, this should be set to false.<br/> use_ibm_cloud_private_api_endpoints = optional(bool, true) # Flag to force all cluster related api calls to use the IBM Cloud private endpoints.<br/> allow_default_worker_pool_replacement = optional(bool) # (Advanced users) Set to true to allow the module to recreate a default worker pool. If you wish to make any change to the default worker pool which requires the re-creation of the default pool follow these [steps](https://github.com/terraform-ibm-modules/terraform-ibm-base-ocp-vpc?tab=readme-ov-file#important-considerations-for-terraform-and-default-worker-pool).<br/> labels = optional(map(string)) # A list of labels that you want to add to the default worker pool.<br/> enable_ocp_console = optional(bool) # Flag to specify whether to enable or disable the OpenShift console. If set to `null` the module will not modify the setting currently set on the cluster. Bare in mind when setting this to `true` or `false` on a cluster with private only endpoint enabled, the runtime must be able to access the private endpoint.<br/> addons = optional(object({ # Map of OCP cluster add-on versions to install<br/> debug-tool = optional(string)<br/> image-key-synchronizer = optional(string)<br/> openshift-data-foundation = optional(string)<br/> vpc-file-csi-driver = optional(string)<br/> static-route = optional(string)<br/> cluster-autoscaler = optional(string)<br/> vpc-block-csi-driver = optional(string)<br/> ibm-storage-operator = optional(string)<br/> }), {})<br/> manage_all_addons = optional(bool, false) # Instructs Terraform to manage all cluster addons, even if addons were installed outside of the module. If set to 'true' this module will destroy any addons that were installed by other sources.<br/> kms_config = optional(<br/> object({<br/> crk_name = string # Name of key<br/> private_endpoint = optional(bool) # Private endpoint<br/> })<br/> )<br/> worker_pools = optional(<br/> list(<br/> object({<br/> name = string # Worker pool name<br/> vpc_name = string # VPC name<br/> workers_per_subnet = number # Worker nodes per subnet<br/> flavor = string # Worker node flavor<br/> subnet_names = list(string) # List of vpc subnets for worker pool<br/> entitlement = optional(string) # entitlement option for openshift<br/> secondary_storage = optional(string) # Secondary storage type<br/> boot_volume_crk_name = optional(string) # Boot volume encryption key name<br/> operating_system = string # The operating system of the workers in the worker pool. See https://cloud.ibm.com/docs/openshift?topic=openshift-openshift_versions#openshift_versions_available .<br/> labels = optional(map(string)) # A list of labels that you want to add to all the worker nodes in the worker pool.<br/> })<br/> )<br/> )<br/> })<br/> )</pre> | n/a | yes |
915
+
| <a name="input_clusters"></a> [clusters](#input\_clusters) | A list describing clusters workloads to create | <pre>list(<br/> object({<br/> name = string # Name of Cluster<br/> vpc_name = string # Name of VPC<br/> subnet_names = list(string) # List of vpc subnets for cluster<br/> workers_per_subnet = number # Worker nodes per subnet.<br/> machine_type = string # Worker node flavor<br/> kube_type = string # iks or openshift<br/> kube_version = optional(string) # Can be a version from `ibmcloud ks versions` or `default`<br/> entitlement = optional(string) # entitlement option for openshift<br/> secondary_storage = optional(string) # Secondary storage type<br/> pod_subnet = optional(string) # Portable subnet for pods<br/> service_subnet = optional(string) # Portable subnet for services<br/> resource_group = string # Resource Group used for cluster<br/> cos_name = optional(string) # Name of COS instance Required only for OpenShift clusters<br/> access_tags = optional(list(string), [])<br/> boot_volume_crk_name = optional(string) # Boot volume encryption key name<br/> disable_public_endpoint = optional(bool, true) # disable cluster public, leaving only private endpoint<br/> disable_outbound_traffic_protection = optional(bool, false) # public outbound access from the cluster workers<br/> cluster_force_delete_storage = optional(bool, false) # force the removal of persistent storage associated with the cluster during cluster deletion<br/> operating_system = string # The operating system of the workers in the default worker pool. See https://cloud.ibm.com/docs/openshift?topic=openshift-openshift_versions#openshift_versions_available .<br/> kms_wait_for_apply = optional(bool, true) # make terraform wait until KMS is applied to master and it is ready and deployed<br/> verify_cluster_network_readiness = optional(bool, true) # Flag to run a script will run kubectl commands to verify that all worker nodes can communicate successfully with the master. If the runtime does not have access to the kube cluster to run kubectl commands, this should be set to false.<br/> use_ibm_cloud_private_api_endpoints = optional(bool, true) # Flag to force all cluster related api calls to use the IBM Cloud private endpoints.<br/> allow_default_worker_pool_replacement = optional(bool) # (Advanced users) Set to true to allow the module to recreate a default worker pool. If you wish to make any change to the default worker pool which requires the re-creation of the default pool follow these [steps](https://github.com/terraform-ibm-modules/terraform-ibm-base-ocp-vpc?tab=readme-ov-file#important-considerations-for-terraform-and-default-worker-pool).<br/> labels = optional(map(string)) # A list of labels that you want to add to the default worker pool.<br/> enable_ocp_console = optional(bool) # Flag to specify whether to enable or disable the OpenShift console. If set to `null` the module will not modify the setting currently set on the cluster. Bare in mind when setting this to `true` or `false` on a cluster with private only endpoint enabled, the runtime must be able to access the private endpoint.<br/> addons = optional(object({ # Map of OCP cluster add-on versions to install<br/> debug-tool = optional(string)<br/> image-key-synchronizer = optional(string)<br/> openshift-data-foundation = optional(string)<br/> vpc-file-csi-driver = optional(string)<br/> static-route = optional(string)<br/> # cluster-autoscaler = optional(string) Due to a Terraform limitation that prevents dynamically creating the Kubernetes provider, the cluster-autoscaler add-on cannot currently be deployed through this module.<br/> vpc-block-csi-driver = optional(string)<br/> ibm-storage-operator = optional(string)<br/> }), {})<br/> manage_all_addons = optional(bool, false) # Instructs Terraform to manage all cluster addons, even if addons were installed outside of the module. If set to 'true' this module will destroy any addons that were installed by other sources.<br/> kms_config = optional(<br/> object({<br/> crk_name = string # Name of key<br/> private_endpoint = optional(bool) # Private endpoint<br/> })<br/> )<br/> worker_pools = optional(<br/> list(<br/> object({<br/> name = string # Worker pool name<br/> vpc_name = string # VPC name<br/> workers_per_subnet = number # Worker nodes per subnet<br/> flavor = string # Worker node flavor<br/> subnet_names = list(string) # List of vpc subnets for worker pool<br/> entitlement = optional(string) # entitlement option for openshift<br/> secondary_storage = optional(string) # Secondary storage type<br/> boot_volume_crk_name = optional(string) # Boot volume encryption key name<br/> operating_system = string # The operating system of the workers in the worker pool. See https://cloud.ibm.com/docs/openshift?topic=openshift-openshift_versions#openshift_versions_available .<br/> labels = optional(map(string)) # A list of labels that you want to add to all the worker nodes in the worker pool.<br/> })<br/> )<br/> )<br/> })<br/> )</pre> | n/a | yes |
915
916
| <a name="input_cos"></a> [cos](#input\_cos) | Object describing the cloud object storage instance, buckets, and keys. Set `use_data` to false to create instance | <pre>list(<br/> object({<br/> name = string<br/> use_data = optional(bool)<br/> resource_group = string<br/> plan = optional(string)<br/> random_suffix = optional(bool) # Use a random suffix for COS instance<br/> access_tags = optional(list(string), [])<br/> skip_kms_s2s_auth_policy = optional(bool, false) # skip auth policy between this instance and kms instance, useful if existing resources are used<br/> skip_flowlogs_s2s_auth_policy = optional(bool, false) # skip auth policy between flow logs service and this instance, set to true if this policy is already in place on account<br/> skip_atracker_s2s_auth_policy = optional(bool, false) # skip auth policyt between atracker service and this instance, set to true if this is existing recipient of atracker already<br/> buckets = list(object({<br/> name = string<br/> storage_class = string<br/> endpoint_type = string<br/> force_delete = bool<br/> single_site_location = optional(string)<br/> region_location = optional(string)<br/> cross_region_location = optional(string)<br/> kms_key = optional(string)<br/> access_tags = optional(list(string), [])<br/> allowed_ip = optional(list(string), [])<br/> hard_quota = optional(number)<br/> archive_rule = optional(object({<br/> days = number<br/> archive_filter_prefix = optional(string)<br/> enable = bool<br/> rule_id = optional(string)<br/> type = string<br/> }))<br/> expire_rule = optional(object({<br/> days = optional(number)<br/> expire_filter_prefix = optional(string)<br/> date = optional(string)<br/> enable = bool<br/> expired_object_delete_marker = optional(string)<br/> prefix = optional(string)<br/> rule_id = optional(string)<br/> }))<br/> activity_tracking = optional(object({<br/> activity_tracker_crn = string<br/> read_data_events = bool<br/> write_data_events = bool<br/> management_events = bool<br/> }))<br/> metrics_monitoring = optional(object({<br/> metrics_monitoring_crn = string<br/> request_metrics_enabled = optional(bool)<br/> usage_metrics_enabled = optional(bool)<br/> }))<br/> retention_rule = optional(object({<br/> default = number<br/> maximum = number<br/> minimum = number<br/> permanent = optional(bool)<br/> }))<br/> }))<br/> keys = optional(<br/> list(object({<br/> name = string<br/> role = string<br/> enable_HMAC = bool<br/> }))<br/> )<br/><br/> })<br/> )</pre> | n/a | yes |
916
917
| <aname="input_enable_transit_gateway"></a> [enable\_transit\_gateway](#input\_enable\_transit\_gateway)| Create transit gateway |`bool`|`true`| no |
917
918
| <aname="input_existing_vpc_cbr_zone_id"></a> [existing\_vpc\_cbr\_zone\_id](#input\_existing\_vpc\_cbr\_zone\_id)| ID of the existing CBR (Context-based restrictions) network zone, with context set to the VPC. This zone is used in a CBR rule, which allows traffic to flow only from the landing zone VPCs to specific cloud services. [Learn more](https://github.com/terraform-ibm-modules/terraform-ibm-landing-zone/blob/main/patterns/DA-cbr-tutorial.md). |`string`|`null`| no |
@@ -999,6 +1000,11 @@ module "cluster_pattern" {
999
1000
| <aname="output_workload_rg_name"></a> [workload\_rg\_name](#output\_workload\_rg\_name)| Resource group name for the workload resource group used within landing zone. |
1000
1001
<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
1001
1002
1003
+
## Known issues
1004
+
1005
+
For a list of common known issues see:
1006
+
-[Known issues with landing zone deployable architectures](https://cloud.ibm.com/docs/secure-infrastructure-vpc?topic=secure-infrastructure-vpc-known-issues)
1007
+
1002
1008
<!-- Leave this section as is so that your module has a link to local development environment set up steps for contributors to follow -->
Copy file name to clipboardExpand all lines: patterns/roks/module/variables.tf
-1Lines changed: 0 additions & 1 deletion
Original file line number
Diff line number
Diff line change
@@ -243,7 +243,6 @@ variable "cluster_addons" {
243
243
openshift-data-foundation =optional(string)
244
244
vpc-file-csi-driver =optional(string)
245
245
static-route =optional(string)
246
-
cluster-autoscaler =optional(string)
247
246
vpc-block-csi-driver =optional(string)
248
247
})
249
248
description="Map of OCP cluster add-on versions to install (NOTE: The 'vpc-block-csi-driver' add-on is installed by default for VPC clusters, however you can explicitly specify it here if you wish to choose a later version than the default one). For full list of all supported add-ons and versions, see https://cloud.ibm.com/docs/containers?topic=containers-supported-cluster-addon-versions"
0 commit comments