feat: add the ability to disable / enable the OCP console using new parameter in clusters input enable_ocp_console (#960)

Author: Aashiq-J

README.md

@@ -244,7 +244,7 @@ module "cluster" {
     if cluster.kube_type == "openshift"
   }
   source             = "terraform-ibm-modules/base-ocp-vpc/ibm"
-  version            = "3.37.3"
+  version            = "3.41.7"
   resource_group_id  = local.resource_groups[each.value.resource_group]
   region             = var.region
   cluster_name       = each.value.cluster_name
@@ -290,7 +290,6 @@ module "cluster" {
   )
   force_delete_storage                  = each.value.cluster_force_delete_storage
   ocp_version                           = each.value.kube_version == null || each.value.kube_version == "default" ? each.value.kube_version : replace(each.value.kube_version, "_openshift", "")
-  import_default_worker_pool_on_create  = each.value.import_default_worker_pool_on_create
   allow_default_worker_pool_replacement = each.value.allow_default_worker_pool_replacement
   tags                                  = var.tags
   use_existing_cos                      = true
@@ -299,6 +298,7 @@ module "cluster" {
   verify_worker_network_readiness       = each.value.verify_cluster_network_readiness
   use_private_endpoint                  = each.value.use_ibm_cloud_private_api_endpoints
   addons                                = each.value.addons
+  enable_ocp_console                    = each.value.enable_ocp_console
   manage_all_addons                     = each.value.manage_all_addons
   disable_outbound_traffic_protection   = each.value.disable_outbound_traffic_protection
   kms_config = each.value.kms_config == null ? {} : {

cluster.tf

@@ -111,19 +111,18 @@ locals {
           crk_name         = "${var.prefix}-roks-key"
           private_endpoint = true
         }
-        workers_per_subnet                   = var.workers_per_zone
-        machine_type                         = var.flavor
-        kube_type                            = "openshift"
-        kube_version                         = var.kube_version
-        resource_group                       = "${var.prefix}-${var.vpcs[1]}-rg"
-        cos_name                             = "cos"
-        entitlement                          = var.entitlement
-        secondary_storage                    = var.secondary_storage
-        use_private_endpoint                 = var.use_private_endpoint
-        operating_system                     = "REDHAT_8_64"
-        verify_worker_network_readiness      = var.verify_worker_network_readiness
-        boot_volume_crk_name                 = "${var.prefix}-roks-key"
-        import_default_worker_pool_on_create = false
+        workers_per_subnet              = var.workers_per_zone
+        machine_type                    = var.flavor
+        kube_type                       = "openshift"
+        kube_version                    = var.kube_version
+        resource_group                  = "${var.prefix}-${var.vpcs[1]}-rg"
+        cos_name                        = "cos"
+        entitlement                     = var.entitlement
+        secondary_storage               = var.secondary_storage
+        use_private_endpoint            = var.use_private_endpoint
+        operating_system                = "REDHAT_8_64"
+        verify_worker_network_readiness = var.verify_worker_network_readiness
+        boot_volume_crk_name            = "${var.prefix}-roks-key"
         # By default, create dedicated pool for logging
         worker_pools = [
           {

patterns/mixed/config.tf

@@ -49,7 +49,6 @@ locals {
          "workers_per_subnet": 1,
          "entitlement": ${local.entitlement_val},
          "disable_public_endpoint": false,
-         "import_default_worker_pool_on_create" : false,
          "use_ibm_cloud_private_api_endpoints": false
       }
    ],

patterns/roks-quickstart/main.tf

@@ -91,24 +91,23 @@ locals {
           crk_name         = "${var.prefix}-roks-key"
           private_endpoint = true
         }
-        workers_per_subnet                   = var.workers_per_zone
-        machine_type                         = var.flavor
-        kube_type                            = "openshift"
-        kube_version                         = var.kube_version
-        resource_group                       = "${var.prefix}-${network}-rg"
-        cos_name                             = "cos"
-        entitlement                          = var.entitlement
-        secondary_storage                    = var.secondary_storage
-        addons                               = var.cluster_addons
-        manage_all_addons                    = var.manage_all_cluster_addons
-        boot_volume_crk_name                 = "${var.prefix}-roks-key"
-        disable_outbound_traffic_protection  = var.disable_outbound_traffic_protection
-        cluster_force_delete_storage         = var.cluster_force_delete_storage
-        operating_system                     = var.operating_system
-        kms_wait_for_apply                   = var.kms_wait_for_apply
-        use_ibm_cloud_private_api_endpoints  = var.use_ibm_cloud_private_api_endpoints
-        verify_cluster_network_readiness     = var.verify_cluster_network_readiness
-        import_default_worker_pool_on_create = false
+        workers_per_subnet                  = var.workers_per_zone
+        machine_type                        = var.flavor
+        kube_type                           = "openshift"
+        kube_version                        = var.kube_version
+        resource_group                      = "${var.prefix}-${network}-rg"
+        cos_name                            = "cos"
+        entitlement                         = var.entitlement
+        secondary_storage                   = var.secondary_storage
+        addons                              = var.cluster_addons
+        manage_all_addons                   = var.manage_all_cluster_addons
+        boot_volume_crk_name                = "${var.prefix}-roks-key"
+        disable_outbound_traffic_protection = var.disable_outbound_traffic_protection
+        cluster_force_delete_storage        = var.cluster_force_delete_storage
+        operating_system                    = var.operating_system
+        kms_wait_for_apply                  = var.kms_wait_for_apply
+        use_ibm_cloud_private_api_endpoints = var.use_ibm_cloud_private_api_endpoints
+        verify_cluster_network_readiness    = var.verify_cluster_network_readiness
         # By default, create dedicated pool for logging
         worker_pools = [
           # {

patterns/roks/module/config.tf

@@ -21,7 +21,6 @@
             "operating_system": "REDHAT_8_64",
             "use_ibm_cloud_private_api_endpoints": false,
             "verify_cluster_network_readiness": false,
-            "import_default_worker_pool_on_create": false,
             "kms_config": {
                 "crk_name": "slz-key",
                 "private_endpoint": true
@@ -110,7 +109,19 @@
                     "force_delete": true,
                     "kms_key": "slz-atracker-key",
                     "name": "atracker-bucket",
-                    "storage_class": "standard"
+                    "storage_class": "standard",
+                    "expire_rule": {
+                        "rule_id": "a-bucket-expire-rule",
+                        "enable": true,
+                        "days": 30,
+                        "prefix": "logs/"
+                    },
+                    "archive_rule": {
+                        "rule_id": "a-bucket-arch-rule",
+                        "enable": true,
+                        "days": 0,
+                        "type": "Glacier"
+                    }
                 }
             ],
             "keys": [
@@ -393,7 +404,7 @@
         {
             "access_tags": [],
             "boot_volume_encryption_key_name": "slz-vsi-volume-key",
-            "image_name": "ibm-ubuntu-24-04-6-minimal-amd64-1",
+            "image_name": "ibm-ubuntu-24-04-6-minimal-amd64-2",
             "machine_type": "cx2-2x4",
             "name": "jump-box",
             "resource_group": "slz-management-rg",
@@ -427,7 +438,7 @@
         {
             "access_tags": [],
             "boot_volume_encryption_key_name": "slz-vsi-volume-key",
-            "image_name": "ibm-ubuntu-24-04-6-minimal-amd64-1",
+            "image_name": "ibm-ubuntu-24-04-6-minimal-amd64-2",
             "machine_type": "cx2-2x4",
             "name": "private-svs",
             "resource_group": "slz-work-rg",
@@ -461,7 +472,7 @@
         {
             "access_tags": [],
             "boot_volume_encryption_key_name": "slz-vsi-volume-key",
-            "image_name": "ibm-ubuntu-24-04-6-minimal-amd64-1",
+            "image_name": "ibm-ubuntu-24-04-6-minimal-amd64-2",
             "machine_type": "cx2-2x4",
             "name": "inet-svs",
             "resource_group": "slz-edge-rg",

tests/resources/override-example.json

@@ -887,9 +887,9 @@ variable "clusters" {
       kms_wait_for_apply                    = optional(bool, true)  # make terraform wait until KMS is applied to master and it is ready and deployed
       verify_cluster_network_readiness      = optional(bool, true)  # Flag to run a script will run kubectl commands to verify that all worker nodes can communicate successfully with the master. If the runtime does not have access to the kube cluster to run kubectl commands, this should be set to false.
       use_ibm_cloud_private_api_endpoints   = optional(bool, true)  # Flag to force all cluster related api calls to use the IBM Cloud private endpoints.
-      import_default_worker_pool_on_create  = optional(bool)        # (Advanced users) Whether to handle the default worker pool as a stand-alone ibm_container_vpc_worker_pool resource on cluster creation. Only set to false if you understand the implications of managing the default worker pool as part of the cluster resource. Set to true to import the default worker pool as a separate resource. Set to false to manage the default worker pool as part of the cluster resource.
-      allow_default_worker_pool_replacement = optional(bool)        # (Advanced users) Set to true to allow the module to recreate a default worker pool. Only use in the case where you are getting an error indicating that the default worker pool cannot be replaced on apply. Once the default worker pool is handled as a stand-alone ibm_container_vpc_worker_pool, if you wish to make any change to the default worker pool which requires the re-creation of the default pool set this variable to true
+      allow_default_worker_pool_replacement = optional(bool)        # (Advanced users) Set to true to allow the module to recreate a default worker pool. If you wish to make any change to the default worker pool which requires the re-creation of the default pool follow these [steps](https://github.com/terraform-ibm-modules/terraform-ibm-base-ocp-vpc?tab=readme-ov-file#important-considerations-for-terraform-and-default-worker-pool).
       labels                                = optional(map(string)) # A list of labels that you want to add to the default worker pool.
+      enable_ocp_console                    = optional(bool)        # Flag to specify whether to enable or disable the OpenShift console. If set to `null` the module will not modify the setting currently set on the cluster. Bare in mind when setting this to `true` or `false` on a cluster with private only endpoint enabled, the runtime must be able to access the private endpoint.
       addons = optional(object({                                    # Map of OCP cluster add-on versions to install
         debug-tool                = optional(string)
         image-key-synchronizer    = optional(string)

variables.tf

@@ -8,7 +8,7 @@ terraform {
   required_providers {
     ibm = {
       source  = "IBM-Cloud/ibm"
-      version = ">= 1.68.1, < 2.0.0"
+      version = ">= 1.71.0, < 2.0.0"
     }
     random = {
       source  = "hashicorp/random"