generated from terraform-ibm-modules/terraform-ibm-module-template
-
Notifications
You must be signed in to change notification settings - Fork 2
Expand file tree
/
Copy pathmain.tf
More file actions
114 lines (104 loc) · 4.44 KB
/
main.tf
File metadata and controls
114 lines (104 loc) · 4.44 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
########################################################################################################################
# Resource Group
########################################################################################################################
module "resource_group" {
source = "terraform-ibm-modules/resource-group/ibm"
version = "1.4.7"
# if an existing resource group is not set (null) create a new one using prefix
resource_group_name = var.resource_group == null ? "${var.prefix}-resource-group" : null
existing_resource_group_name = var.resource_group
}
########################################################################################################################
# VPC + Subnet + Public Gateway
#
# NOTE: This is a very simple VPC with single subnet in a single zone with a public gateway enabled, that will allow
# all traffic ingress/egress by default.
# For production use cases this would need to be enhanced by adding more subnets and zones for resiliency, and
# ACLs/Security Groups for network security.
########################################################################################################################
resource "ibm_is_vpc" "vpc" {
name = "${var.prefix}-vpc"
resource_group = module.resource_group.resource_group_id
address_prefix_management = "auto"
tags = var.resource_tags
}
resource "ibm_is_public_gateway" "gateway" {
name = "${var.prefix}-gateway-1"
vpc = ibm_is_vpc.vpc.id
resource_group = module.resource_group.resource_group_id
zone = "${var.region}-1"
}
resource "ibm_is_subnet" "subnet_zone_1" {
name = "${var.prefix}-subnet-1"
vpc = ibm_is_vpc.vpc.id
resource_group = module.resource_group.resource_group_id
zone = "${var.region}-1"
total_ipv4_address_count = 256
public_gateway = ibm_is_public_gateway.gateway.id
}
########################################################################################################################
# OCP VPC cluster (single zone)
########################################################################################################################
locals {
cluster_vpc_subnets = {
default = [
{
id = ibm_is_subnet.subnet_zone_1.id
cidr_block = ibm_is_subnet.subnet_zone_1.ipv4_cidr_block
zone = ibm_is_subnet.subnet_zone_1.zone
}
]
}
worker_pools = [
{
subnet_prefix = "default"
pool_name = "default" # ibm_container_vpc_cluster automatically names default pool "default" (See https://github.com/IBM-Cloud/terraform-provider-ibm/issues/2849)
machine_type = "bx2.4x16"
workers_per_zone = 2 # minimum of 2 is allowed when using single zone
operating_system = "RHCOS"
}
# Allocating a bare-metal worker node depends on the availability in that particular region.
# {
# subnet_prefix = "default"
# pool_name = "bare-metal"
# machine_type = "cx2d.metal.96x192"
# workers_per_zone = 2
# operating_system = "RHCOS"
# }
]
}
module "ocp_base" {
source = "terraform-ibm-modules/base-ocp-vpc/ibm"
version = "3.78.7"
resource_group_id = module.resource_group.resource_group_id
region = var.region
tags = var.resource_tags
cluster_name = var.prefix
force_delete_storage = true
vpc_id = ibm_is_vpc.vpc.id
vpc_subnets = local.cluster_vpc_subnets
ocp_version = "4.19"
worker_pools = local.worker_pools
access_tags = var.access_tags
ocp_entitlement = var.ocp_entitlement
addons = {
"vpc-file-csi-driver" = { version = "2.0" }
"openshift-data-foundation" = {
version = "4.19.0"
parameters_json = <<PARAMETERS_JSON
{
"osdStorageClassName":"localblock",
"odfDeploy":"true",
"autoDiscoverDevices":"true"
}
PARAMETERS_JSON
}
}
disable_outbound_traffic_protection = true # set as True to enable outbound traffic; required for accessing Operator Hub in the OpenShift console.
}
module "virtualization" {
depends_on = [module.ocp_base]
source = "../.."
cluster_id = module.ocp_base.cluster_id
cluster_resource_group_id = module.ocp_base.resource_group_id
}