feat: add support for IKS and OCP clusters on classic infrastructure (#336)

Author: bhpratt

README.md

@@ -57,6 +57,7 @@ provider "helm" {
 module "observability_agents" {
   source                           = "terraform-ibm-modules/observability-agents/ibm"
   version                          = "X.X.X" # Replace "X.X.X" with a release version to lock into a specific release
+  is_vpc_cluster                   = true # Change to false if target cluster is running on classic infrastructure
   cluster_id                       = "cluster id" # update this with your cluster id where the agents will be installed
   cluster_resource_group_id        = "resource group id" # update this with the Id of your IBM Cloud resource group
   log_analysis_ingestion_key       = "XXXXXXXX"
@@ -124,6 +125,7 @@ No modules.
 |------|------|
 | [helm_release.cloud_monitoring_agent](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [helm_release.log_analysis_agent](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
+| [ibm_container_cluster.cluster](https://registry.terraform.io/providers/ibm-cloud/ibm/latest/docs/data-sources/container_cluster) | data source |
 | [ibm_container_cluster_config.cluster_config](https://registry.terraform.io/providers/ibm-cloud/ibm/latest/docs/data-sources/container_cluster_config) | data source |
 | [ibm_container_vpc_cluster.cluster](https://registry.terraform.io/providers/ibm-cloud/ibm/latest/docs/data-sources/container_vpc_cluster) | data source |
 
@@ -145,6 +147,7 @@ No modules.
 | <a name="input_cluster_config_endpoint_type"></a> [cluster\_config\_endpoint\_type](#input\_cluster\_config\_endpoint\_type) | Specify which type of endpoint to use for for cluster config access: 'default', 'private', 'vpe', 'link'. 'default' value will use the default endpoint of the cluster. | `string` | `"default"` | no |
 | <a name="input_cluster_id"></a> [cluster\_id](#input\_cluster\_id) | The ID of the cluster you wish to deploy the agents in | `string` | n/a | yes |
 | <a name="input_cluster_resource_group_id"></a> [cluster\_resource\_group\_id](#input\_cluster\_resource\_group\_id) | The Resource Group ID of the cluster | `string` | n/a | yes |
+| <a name="input_is_vpc_cluster"></a> [is\_vpc\_cluster](#input\_is\_vpc\_cluster) | Specify true if the target cluster for the observability agents is a VPC cluster, false if it is a classic cluster. | `bool` | `true` | no |
 | <a name="input_log_analysis_add_cluster_name"></a> [log\_analysis\_add\_cluster\_name](#input\_log\_analysis\_add\_cluster\_name) | If true, configure the log analysis agent to attach a tag containing the cluster name to all log messages. | `bool` | `true` | no |
 | <a name="input_log_analysis_agent_custom_line_exclusion"></a> [log\_analysis\_agent\_custom\_line\_exclusion](#input\_log\_analysis\_agent\_custom\_line\_exclusion) | Log Analysis agent custom configuration for line exclusion setting LOGDNA\_K8S\_METADATA\_LINE\_EXCLUSION. See https://github.com/logdna/logdna-agent-v2/blob/master/docs/KUBERNETES.md#configuration-for-kubernetes-metadata-filtering for more info. | `string` | `null` | no |
 | <a name="input_log_analysis_agent_custom_line_inclusion"></a> [log\_analysis\_agent\_custom\_line\_inclusion](#input\_log\_analysis\_agent\_custom\_line\_inclusion) | Log Analysis agent custom configuration for line inclusion setting LOGDNA\_K8S\_METADATA\_LINE\_INCLUSION. See https://github.com/logdna/logdna-agent-v2/blob/master/docs/KUBERNETES.md#configuration-for-kubernetes-metadata-filtering for more info. | `string` | `null` | no |

examples/basic/main.tf

@@ -35,25 +35,28 @@ module "observability_instances" {
 ##############################################################################
 
 resource "ibm_is_vpc" "example_vpc" {
+  count          = var.is_vpc_cluster ? 1 : 0
   name           = "${var.prefix}-vpc"
   resource_group = module.resource_group.resource_group_id
   tags           = var.resource_tags
 }
 
 resource "ibm_is_public_gateway" "public_gateway" {
+  count          = var.is_vpc_cluster ? 1 : 0
   name           = "${var.prefix}-gateway-1"
-  vpc            = ibm_is_vpc.example_vpc.id
+  vpc            = ibm_is_vpc.example_vpc[0].id
   resource_group = module.resource_group.resource_group_id
   zone           = "${var.region}-1"
 }
 
 resource "ibm_is_subnet" "testacc_subnet" {
+  count                    = var.is_vpc_cluster ? 1 : 0
   name                     = "${var.prefix}-subnet"
-  vpc                      = ibm_is_vpc.example_vpc.id
+  vpc                      = ibm_is_vpc.example_vpc[0].id
   zone                     = "${var.region}-1"
   total_ipv4_address_count = 256
   resource_group           = module.resource_group.resource_group_id
-  public_gateway           = ibm_is_public_gateway.public_gateway.id
+  public_gateway           = ibm_is_public_gateway.public_gateway[0].id
 }
 
 resource "ibm_resource_instance" "cos_instance" {
@@ -72,9 +75,11 @@ locals {
   default_version = var.is_openshift ? "${data.ibm_container_cluster_versions.cluster_versions.default_openshift_version}_openshift" : data.ibm_container_cluster_versions.cluster_versions.default_kube_version
 }
 
+# Create either a VPC or classic cluster, depending on the is_vpc_cluster variable
 resource "ibm_container_vpc_cluster" "cluster" {
+  count                = var.is_vpc_cluster ? 1 : 0
   name                 = var.prefix
-  vpc_id               = ibm_is_vpc.example_vpc.id
+  vpc_id               = ibm_is_vpc.example_vpc[0].id
   kube_version         = local.default_version
   flavor               = "bx2.4x16"
   worker_count         = "2"
@@ -83,7 +88,7 @@ resource "ibm_container_vpc_cluster" "cluster" {
   force_delete_storage = true
   wait_till            = "Normal"
   zones {
-    subnet_id = ibm_is_subnet.testacc_subnet.id
+    subnet_id = ibm_is_subnet.testacc_subnet[0].id
     name      = "${var.region}-1"
   }
   resource_group_id = module.resource_group.resource_group_id
@@ -95,8 +100,43 @@ resource "ibm_container_vpc_cluster" "cluster" {
   }
 }
 
+resource "ibm_container_cluster" "cluster" {
+  #checkov:skip=CKV2_IBM_7:Public endpoint is required for testing purposes
+  count                = var.is_vpc_cluster ? 0 : 1
+  name                 = var.prefix
+  datacenter           = var.datacenter
+  default_pool_size    = 2
+  hardware             = "shared"
+  kube_version         = local.default_version
+  entitlement          = var.is_openshift ? "cloud_pak" : null
+  force_delete_storage = true
+  machine_type         = "b3c.4x16"
+  public_vlan_id       = ibm_network_vlan.public_vlan[0].id
+  private_vlan_id      = ibm_network_vlan.private_vlan[0].id
+  wait_till            = "Normal"
+  resource_group_id    = module.resource_group.resource_group_id
+  tags                 = var.resource_tags
+
+  timeouts {
+    delete = "2h"
+    create = "3h"
+  }
+}
+
+resource "ibm_network_vlan" "public_vlan" {
+  count      = var.is_vpc_cluster ? 0 : 1
+  datacenter = var.datacenter
+  type       = "PUBLIC"
+}
+
+resource "ibm_network_vlan" "private_vlan" {
+  count      = var.is_vpc_cluster ? 0 : 1
+  datacenter = var.datacenter
+  type       = "PRIVATE"
+}
+
 data "ibm_container_cluster_config" "cluster_config" {
-  cluster_name_id   = ibm_container_vpc_cluster.cluster.id
+  cluster_name_id   = var.is_vpc_cluster ? ibm_container_vpc_cluster.cluster[0].id : ibm_container_cluster.cluster[0].id
   resource_group_id = module.resource_group.resource_group_id
 }
 
@@ -114,7 +154,8 @@ resource "time_sleep" "wait_operators" {
 module "observability_agents" {
   source                        = "../.."
   depends_on                    = [time_sleep.wait_operators]
-  cluster_id                    = ibm_container_vpc_cluster.cluster.id
+  is_vpc_cluster                = var.is_vpc_cluster
+  cluster_id                    = var.is_vpc_cluster ? ibm_container_vpc_cluster.cluster[0].id : ibm_container_cluster.cluster[0].id
   cluster_resource_group_id     = module.resource_group.resource_group_id
   log_analysis_instance_region  = module.observability_instances.region
   log_analysis_ingestion_key    = module.observability_instances.log_analysis_ingestion_key

examples/basic/variables.tf

@@ -10,6 +10,12 @@ variable "is_openshift" {
   default     = true
 }
 
+variable "is_vpc_cluster" {
+  type        = bool
+  description = "Specify true if the target cluster for the observability agents is a VPC cluster, false if it is classic cluster."
+  default     = true
+}
+
 variable "prefix" {
   type        = string
   description = "Prefix for name of all resource created by this example"
@@ -33,3 +39,9 @@ variable "region" {
   description = "Region where resources are created"
   default     = "ca-tor"
 }
+
+variable "datacenter" {
+  type        = string
+  description = "If creating a classic cluster, the data center where the cluster is created"
+  default     = "syd01"
+}

main.tf

@@ -2,8 +2,15 @@
 # terraform-ibm-observability-agents
 ##############################################################################
 
-# Lookup cluster name from ID
+# Lookup cluster name from ID. The is_vpc_cluster variable defines whether to use the VPC data block or the Classic data block
 data "ibm_container_vpc_cluster" "cluster" {
+  count             = var.is_vpc_cluster ? 1 : 0
+  name              = var.cluster_id
+  resource_group_id = var.cluster_resource_group_id
+}
+
+data "ibm_container_cluster" "cluster" {
+  count             = var.is_vpc_cluster ? 0 : 1
   name              = var.cluster_id
   resource_group_id = var.cluster_resource_group_id
 }
@@ -18,7 +25,7 @@ data "ibm_container_cluster_config" "cluster_config" {
 
 locals {
   # LOCALS
-  cluster_name                  = data.ibm_container_vpc_cluster.cluster.resource_name # Not publically documented in provider. See https://github.com/IBM-Cloud/terraform-provider-ibm/issues/4485
+  cluster_name                  = var.is_vpc_cluster ? data.ibm_container_vpc_cluster.cluster[0].resource_name : data.ibm_container_cluster.cluster[0].resource_name # Not publically documented in provider. See https://github.com/IBM-Cloud/terraform-provider-ibm/issues/4485
   log_analysis_chart_location   = "${path.module}/chart/logdna-agent"
   log_analysis_image_tag_digest = "3.10.0-20240620.7524d812f60db3d2@sha256:8d73adc74bbd398128aac67037e708e6286ebc4cfcabbfe4d118f7d2ceeb775b" # datasource: icr.io/ext/logdna-agent versioning=regex:^(?<major>\d+)\.(?<minor>\d+)\.(?<patch>\d+)-(?<build>\d+)
   log_analysis_agent_registry   = "icr.io/ext/logdna-agent"

tests/pr_test.go

@@ -77,10 +77,19 @@ func TestRunUpgrade(t *testing.T) {
 func TestRunBasicAgentsKubernetes(t *testing.T) {
 	t.Parallel()
 
-	var extTerraformVarsK8s = map[string]interface{}{}
-	extTerraformVarsK8s["is_openshift"] = false
+	options := setupOptions(t, "basic-obs-agents-k8s", terraformDirOther, extTerraformVars)
+	options.TerraformVars["is_openshift"] = false
 
-	options := setupOptions(t, "basic-obs-agents-k8s", terraformDirOther, extTerraformVarsK8s)
+	output, err := options.RunTestConsistency()
+	assert.Nil(t, err, "This should not have errored")
+	assert.NotNil(t, output, "Expected some output")
+}
+
+func TestRunBasicAgentsClassic(t *testing.T) {
+	t.Parallel()
+
+	options := setupOptions(t, "basic-obs-agents-classic", terraformDirOther, extTerraformVars)
+	options.TerraformVars["is_vpc_cluster"] = false
 
 	output, err := options.RunTestConsistency()
 	assert.Nil(t, err, "This should not have errored")

variables.tf

@@ -23,6 +23,12 @@ variable "cluster_config_endpoint_type" {
   }
 }
 
+variable "is_vpc_cluster" {
+  description = "Specify true if the target cluster for the observability agents is a VPC cluster, false if it is a classic cluster."
+  type        = bool
+  default     = true
+}
+
 ##############################################################################
 # Log Analysis variables
 ##############################################################################