feat: Create reference architecture markdown doc #1044
Conversation
…ble' variation of VPC DA
jor2
changed the title
| - name: "Jordan Williams" | ||
|
|
||
| # The release that the reference architecture describes | ||
| version: 8.1.0 |
There was a problem hiding this comment.
yes this is correct - maybe go with 8.2.0 as thats probably the version we will release
|
|
||
| related_links: | ||
| - title: "Cloud automation for VPC" | ||
| url: "https://cloud.ibm.com/docs/deployable-reference-architectures?topic=deployable-reference-architectures-vpc-fully-configurable" |
There was a problem hiding this comment.
what should the link for this be? we don't have a doc there it seems.
There was a problem hiding this comment.
Oh there seems to be a bug in deploy-arch-ibm-slz-vpc-standard.md - this is a related link - its trying to link to the VSI DA. I'll create a PR to fix it. This should be:
related_links:
- title: "Landing zone for applications with virtual servers"
url: "https://cloud.ibm.com/docs/deployable-reference-architectures?topic=deployable-reference-architectures-vsi-ra"
description: "A deployable architecture that creates a customizable and secure infrastructure, with virtual servers, to run your workloads with a Virtual Private Cloud (VPC) in multizone regions."
- title: "Landing zone for containerized applications with Red Hat OpenShift"
url: "https://cloud.ibm.com/docs/deployable-reference-architectures?topic=deployable-reference-architectures-ocp-ra"
description: "A deployable architecture that creates secure and compliant Red Hat OpenShift Container Platform workload clusters on a Virtual Private Cloud (VPC) network."
reference-architectures/deploy-arch-ibm-vpc-fully-configurable.md
Outdated
Show resolved
Hide resolved
reference-architectures/deploy-arch-ibm-vpc-fully-configurable.md
Outdated
Show resolved
Hide resolved
reference-architectures/deploy-arch-ibm-vpc-fully-configurable.md
Outdated
Show resolved
Hide resolved
ocofaigh
left a comment
ocofaigh
left a comment
There was a problem hiding this comment.
There is no mention of the DA dependencies which are on by default in the DA:
- Encryption (Key Protect)
- Observability (logging, monitoring, AT)
- Compliance (SCC Workload protect)
Updated references from 'Cloud automation for VPC' to 'Cloud foundation for VPC' throughout the document.
Included a paragraph mentioning these dependencies. |
…ble' variation of VPC DA
…ble' variation of VPC DA
…ble' variation of VPC DA
| # Value is the URL to land the user in the IBM Cloud catalog details page | ||
| # for the deployable architecture. | ||
| # See https://test.cloud.ibm.com/docs/get-coding?topic=get-coding-deploy-button | ||
| deployment-url: https://cloud.ibm.com/catalog/architecture/deploy-arch-ibm-vpc-2af61763-f8ef-4527-a815-b92166f29bc8-global |
There was a problem hiding this comment.
wrong URL - should point to landing zone tile
There was a problem hiding this comment.
|
|
||
| {{site.data.keyword.attribute-definition-list}} | ||
|
|
||
| # Cloud foundation for VPC - Fully configurable variation |
There was a problem hiding this comment.
The display name of the variation is not called "Fully configurable" - it is called "Standard - Integrated setup with configurable services"
| ## Architecture diagram | ||
| {: #ra-vpc-fully-configurable-architecture-diagram} | ||
|
|
||
| {: caption="Figure 1. Fully configurable variation of Cloud foundation for VPC" caption-side="bottom"}{: external download="deployable-architecture-vpc.svg"} |
There was a problem hiding this comment.
after this moves to terraform-ibm-landing-zone-vpc - you can use a local directory reference like the other reference architectures do.
(replace "Fully configurable" with "Standard - Integrated setup with configurable services")
ocofaigh
left a comment
ocofaigh
left a comment
There was a problem hiding this comment.
Few more comments. Also please be aware the variation display name is actually Standard - Integrated setup with configurable services, and not Fully configurable
Also please move this file into the terraform-ibm-landing-zone-vpc repo - it needs to live with the source and diagram.
| {: #ra-vpc-fully-configurable-architecture-diagram} | ||
|
|
||
| {: caption="Figure 1. Fully configurable variation of Cloud foundation for VPC" caption-side="bottom"}{: external download="deployable-architecture-vpc.svg"} | ||
|
|
There was a problem hiding this comment.
This is missing the "Design requirements" section? Which should point to the heat map
|
|
||
| The Cloud foundation for VPC deployable architecture sets up a foundational IBM Cloud Virtual Private Cloud (VPC) environment with full configurability and flexibility. This deployable architecture provides complete control over VPC configuration, including subnets, network ACLs, security groups, public gateways, VPN gateways, and VPE gateways. Unlike pre-configured variations, this solution allows you to customize every aspect of your VPC infrastructure to meet specific requirements. | ||
|
|
||
| This deployable architecture includes enterprise-grade security, observability, and compliance capabilities through integrated dependencies that are enabled by default: encryption services (Key Protect), storage services (Cloud Object Storage), observability services (Cloud Logs, Cloud Monitoring, Activity Tracker), and compliance services (Security and Compliance Center Workload Protection). These services provide comprehensive security, monitoring, and compliance coverage for your VPC infrastructure. |
There was a problem hiding this comment.
This deployable architecture strengthens applications by built-in enterprise-grade security, observability, and compliance features. It has default integration with encryption service via Key Protect, storage through Cloud Object Storage, observability tools such as Cloud Logs, Cloud Monitoring, and Activity Tracker, and compliance support from the Security and Compliance Center Workload Protection. Together, these services ensure robust protection, comprehensive monitoring, and regulatory compliance for your VPC infrastructure.
| | * Create isolated network segments \n * Support multi-zone deployments \n * Enable proper subnet planning | Configurable subnets | Create one to three zones with customizable subnet configurations in each zone | Use default subnet configurations | | ||
| | * Control network traffic at subnet level \n * Implement security policies \n * Meet compliance requirements | Network ACLs | Create network ACLs with multiple customizable rules (up to 25 rules per ACL) | Use default VPC ACL rules | | ||
| | * Manage instance-level security \n * Control application traffic \n * Implement fine-grained access control | Security groups | Configurable security group rules for precise traffic control | Use default security group settings | | ||
| {: caption="Table 1. VPC architecture decisions" caption-side="bottom"} |
There was a problem hiding this comment.
Remove Table 1. here, {: caption="Table 1. VPC architecture decisions" caption-side="bottom"} . the markdown takes care of numbering.
| | * Establish secure connections to on-premises \n * Support hybrid cloud deployments \n * Enable encrypted site-to-site connectivity | VPN gateways | Create VPN gateways with configurable connections for secure hybrid connectivity | Use IBM Cloud Direct Link or other connectivity options | | ||
| | * Access IBM Cloud services privately \n * Avoid public internet traffic \n * Improve security and performance | VPE gateways | Create Virtual Private Endpoints for private access to IBM Cloud services | Access services over public internet | | ||
| | * Support advanced DNS scenarios \n * Enable cross-VPC communication \n * Implement hub-and-spoke topologies | DNS configuration | Configurable hub and spoke DNS-sharing model with custom resolvers | Use default VPC DNS settings | | ||
| {: caption="Table 2. Network connectivity architecture decisions" caption-side="bottom"} |
There was a problem hiding this comment.
Remove Table 2 here, {: caption="Table 2. Network connectivity architecture decisions" caption-side="bottom"} . the markdown takes care of numbering.
| | * Meet diverse addressing requirements \n * Support different network topologies \n * Enable custom IP planning | Address prefix management | Configurable address prefixes with manual or automatic management | Use only automatic address prefix assignment | | ||
| | * Support different compliance requirements \n * Enable various security configurations \n * Provide deployment options | Clean default configurations | Option to clean default security group and ACL rules | Keep default rules | | ||
| | * Enable resource organization \n * Support governance requirements \n * Implement resource management | Resource groups and tagging | Configurable resource groups and comprehensive tagging support | Use default resource organization | | ||
| {: caption="Table 3. Flexibility and customization architecture decisions" caption-side="bottom"} |
| ## Key features | ||
| {: #ra-vpc-fully-configurable-features} | ||
|
|
||
| The Fully configurable variation provides comprehensive control over: |
There was a problem hiding this comment.
replace "Fully configurable" with "Standard - Integrated setup with configurable services"
|
This has moved to terraform-ibm-modules/terraform-ibm-landing-zone-vpc#1047 - @jor2 please address comments in that PR |
Description
Fill in the Reference architecture template for the new "Fully configurable" variation of the VPC DA and add it to https://github.com/terraform-ibm-modules/terraform-ibm-landing-zone/tree/main/reference-architectures
Release required?
x.x.X)x.X.x)X.x.x)Release notes content
Run the pipeline
If the CI pipeline doesn't run when you create the PR, the PR requires a user with GitHub collaborators access to run the pipeline.
Run the CI pipeline when the PR is ready for review and you expect tests to pass. Add a comment to the PR with the following text:
Checklist for reviewers
For mergers