Skip to content

feat: expose vpc subnet cidrs #1165

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 9 commits into from
Oct 14, 2025
Merged

feat: expose vpc subnet cidrs #1165

Show file tree
Hide file tree
Changes from 2 commits
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
dd978f1
feat: expose vpc subnet cidrs
ludwig-mueller Oct 9, 2025
243bcf5
docs: lastupdated, toc version
ludwig-mueller Oct 9, 2025
1c2cf66
fix: null check for powervs networks
ludwig-mueller Oct 10, 2025
27ab9a0
fix: add null check for object
ludwig-mueller Oct 10, 2025
7ebcbf5
fix: remove unneeded sg rules
ludwig-mueller Oct 10, 2025
50dec44
fix: vpn routes
ludwig-mueller Oct 10, 2025
3dc8193
Merge branch 'main' into vpc-subnets
ludwig-mueller Oct 13, 2025
2cbe584
fix: null checks for pvs networks
ludwig-mueller Oct 13, 2025
84e00bd
fix: change order of sg rules to avoid condition breaking json by add…
ludwig-mueller Oct 14, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
22 changes: 19 additions & 3 deletions ibm_catalog.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -220,6 +220,14 @@
"type": "multiline_secure_value"
}
},
{
"key": "vpc_subnet_cidrs",
"custom_config": {
"grouping": "deployment",
"original_grouping": "deployment",
"type": "code_editor"
}
},
{
"key": "powervs_management_network"
},
Expand Down Expand Up @@ -472,7 +480,7 @@
{
"diagram": {
"caption": "Power Virtual Server with VPC landing zone 'Standard Landscape' variation",
"url": "https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-powervs-infrastructure/refs/tags/v10.0.1/reference-architectures/standard/deploy-arch-ibm-pvs-inf-standard.svg",
"url": "https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-powervs-infrastructure/refs/tags/v10.1.1/reference-architectures/standard/deploy-arch-ibm-pvs-inf-standard.svg",
"type": "image/svg+xml"
},
"description": "The Power Virtual Server with VPC landing zone as variation 'Create a new architecture' deploys VPC services and a Power Virtual Server workspace and interconnects them.\n \nRequired and optional management components are configured."
Expand Down Expand Up @@ -871,6 +879,14 @@
"type": "code_editor"
}
},
{
"key": "vpc_subnet_cidrs",
"custom_config": {
"grouping": "deployment",
"original_grouping": "deployment",
"type": "code_editor"
}
},
{
"key": "powervs_management_network"
},
Expand Down Expand Up @@ -1088,7 +1104,7 @@
{
"diagram": {
"caption": "Power Virtual Server with VPC landing zone 'Quickstart' variation",
"url": "https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-powervs-infrastructure/refs/tags/v10.0.1/reference-architectures/standard-plus-vsi/deploy-arch-ibm-pvs-inf-standard-plus-vsi.svg",
"url": "https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-powervs-infrastructure/refs/tags/v10.1.1/reference-architectures/standard-plus-vsi/deploy-arch-ibm-pvs-inf-standard-plus-vsi.svg",
"type": "image/svg+xml"
},
"description": "The Power Virtual Server with VPC landing zone as 'Quickstart' variation of 'Create a new architecture' option deploys VPC services and a Power Virtual Server workspace and interconnects them. It also creates one Power virtual server instance of chosen t-shirt size or custom configuration.\n \nRequired and optional management components are configured."
Expand Down Expand Up @@ -1490,7 +1506,7 @@
{
"diagram": {
"caption": "Power Virtual Server with VPC landing zone 'Quickstart OpenShift' variation",
"url": "https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-powervs-infrastructure/refs/tags/v10.0.1/reference-architectures/standard-openshift/deploy-arch-ibm-pvs-inf-standard-openshift.svg",
"url": "https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-powervs-infrastructure/refs/tags/v10.1.1/reference-architectures/standard-openshift/deploy-arch-ibm-pvs-inf-standard-openshift.svg",
"type": "image/svg+xml"
},
"description": "The Power Virtual Server with VPC landing zone as variation 'Quickstart OpenShift' deploys VPC services and an Openshift Cluster on PowerVS and interconnects them.\n \nRequired and optional management components are configured."
Expand Down
1 change: 1 addition & 0 deletions modules/powervs-vpc-landing-zone/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -171,6 +171,7 @@ Creates VPC Landing Zone | Performs VPC VSI OS Config | Creates PowerVS Infrastr
| <a name="input_transit_gateway_global"></a> [transit\_gateway\_global](#input\_transit\_gateway\_global) | Connect to the networks outside the associated region. | `bool` | `false` | no |
| <a name="input_user_data"></a> [user\_data](#input\_user\_data) | User data that automatically performs common configuration tasks or runs scripts. For more information, see https://cloud.ibm.com/docs/vpc?topic=vpc-user-data. For information on using the user\_data variable, please refer: https://cloud.ibm.com/docs/secure-infrastructure-vpc?topic=secure-infrastructure-vpc-user-data | `string` | `null` | no |
| <a name="input_vpc_intel_images"></a> [vpc\_intel\_images](#input\_vpc\_intel\_images) | Stock OS image names for creating VPC landing zone VSI instances: RHEL (management and network services) and SLES (monitoring). | <pre>object({<br/> rhel_image = string<br/> sles_image = string<br/> })</pre> | n/a | yes |
| <a name="input_vpc_subnet_cidrs"></a> [vpc\_subnet\_cidrs](#input\_vpc\_subnet\_cidrs) | CIDR values for the VPC subnets to be created. It's customer responsibility that none of the defined networks collide, including the PowerVS subnets and VPN client pool. | <pre>object({<br/> vpn = string<br/> mgmt = string<br/> vpe = string<br/> edge = string<br/> })</pre> | <pre>{<br/> "edge": "10.30.40.0/24",<br/> "mgmt": "10.30.20.0/24",<br/> "vpe": "10.30.30.0/24",<br/> "vpn": "10.30.10.0/24"<br/>}</pre> | no |

### Outputs

Expand Down
24 changes: 22 additions & 2 deletions modules/powervs-vpc-landing-zone/client2sitevpn.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,8 +21,28 @@ locals {
cert_common_name = "example"

default_server_routes = {
"vpc-vsis" = {
destination = "10.0.0.0/8"
"vpc-vpn" = {
destination = var.vpc_subnet_cidrs.vpn
action = "deliver"
},
"vpc-mgmt" = {
destination = var.vpc_subnet_cidrs.mgmt
action = "deliver"
},
"vpc-vpe" = {
destination = var.vpc_subnet_cidrs.vpe
action = "deliver"
},
"vpc-edge" = {
destination = var.vpc_subnet_cidrs.edge
action = "deliver"
}
"vpn-pvs-mgmt" = {
destination = var.powervs_management_network.cidr
action = "deliver"
}
"vpn-pvs-bckp" = {
destination = var.powervs_backup_network.cidr
action = "deliver"
}
}
Expand Down
4 changes: 4 additions & 0 deletions modules/powervs-vpc-landing-zone/main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,10 @@ locals {
sles_image = var.vpc_intel_images.sles_image,
second_rg_name = local.second_rg_name,
tgw_rg_name = local.tgw_rg_name
vpc_subnet_cidrs = var.vpc_subnet_cidrs
powervs_mgmt_cidr = var.powervs_management_network.cidr
powervs_bckp_cidr = var.powervs_backup_network.cidr
vpn_client_cidr = var.client_to_site_vpn.client_ip_pool
}
)
}
Expand Down
130 changes: 112 additions & 18 deletions modules/powervs-vpc-landing-zone/presets/slz-preset.json.tftpl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -130,9 +130,54 @@
"source": "161.26.0.0/16"
},
{
"name": "allow-private1-inbound",
"name": "allow-vpn-inbound",
"direction": "inbound",
"source": "10.0.0.0/8",
"source": "${vpc_subnet_cidrs.vpn}",
"tcp": {
"port_max": 22,
"port_min": 22
}
},
{
"name": "allow-mgmt-inbound",
"direction": "inbound",
"source": "${vpc_subnet_cidrs.mgmt}",
"tcp": {
"port_max": 22,
"port_min": 22
}
},
{
"name": "allow-vpe-inbound",
"direction": "inbound",
"source": "${vpc_subnet_cidrs.vpe}",
"tcp": {
"port_max": 22,
"port_min": 22
}
},
{
"name": "allow-edge-inbound",
"direction": "inbound",
"source": "${vpc_subnet_cidrs.edge}",
"tcp": {
"port_max": 22,
"port_min": 22
}
},
{
"name": "allow-pvs-mgmt-inbound",
"direction": "inbound",
"source": "${powervs_mgmt_cidr}",
"tcp": {
"port_max": 22,
"port_min": 22
}
},
{
"name": "allow-pvs-bckp-inbound",
"direction": "inbound",
"source": "${powervs_bckp_cidr}",
"tcp": {
"port_max": 22,
"port_min": 22
Expand All @@ -150,7 +195,7 @@
{
"name": "allow-private3-inbound",
"direction": "inbound",
"source": "192.168.0.0/16",
"source": "${vpn_client_cidr}",
"tcp": {
"port_max": 22,
"port_min": 22
Expand Down Expand Up @@ -571,9 +616,34 @@
"source": "161.26.0.0/16"
},
{
"name": "allow-vpn-inbound",
"direction": "inbound",
"source": "${vpc_subnet_cidrs.vpn}"
},
{
"name": "allow-mgmt-inbound",
"direction": "inbound",
"source": "${vpc_subnet_cidrs.mgmt}"
},
{
"name": "allow-vpe-inbound",
"direction": "inbound",
"source": "${vpc_subnet_cidrs.vpe}"
},
{
"name": "allow-edge-inbound",
"direction": "inbound",
"source": "${vpc_subnet_cidrs.edge}"
},
{
"name": "allow-pvs-mgmt-inbound",
"direction": "inbound",
"source": "${powervs_mgmt_cidr}"
},
{
"name": "allow-pvs-bckp-inbound",
"direction": "inbound",
"name": "allow-private1-inbound",
"source": "10.0.0.0/8"
"source": "${powervs_bckp_cidr}"
},
{
"direction": "inbound",
Expand All @@ -583,7 +653,7 @@
{
"direction": "inbound",
"name": "allow-private3-inbound",
"source": "192.168.0.0/16"
"source": "${vpn_client_cidr}"
},
{
"direction": "outbound",
Expand All @@ -604,9 +674,34 @@
"source": "161.26.0.0/16"
},
{
"name": "allow-vpn-inbound",
"direction": "inbound",
"source": "${vpc_subnet_cidrs.vpn}"
},
{
"name": "allow-mgmt-inbound",
"direction": "inbound",
"source": "${vpc_subnet_cidrs.mgmt}"
},
{
"name": "allow-vpe-inbound",
"direction": "inbound",
"source": "${vpc_subnet_cidrs.vpe}"
},
{
"name": "allow-edge-inbound",
"direction": "inbound",
"source": "${vpc_subnet_cidrs.edge}"
},
{
"name": "allow-pvs-mgmt-inbound",
"direction": "inbound",
"source": "${powervs_mgmt_cidr}"
},
{
"name": "allow-pvs-bckp-inbound",
"direction": "inbound",
"name": "allow-private1-inbound",
"source": "10.0.0.0/8"
"source": "${powervs_bckp_cidr}"
},
{
"direction": "inbound",
Expand All @@ -616,7 +711,7 @@
{
"direction": "inbound",
"name": "allow-private3-inbound",
"source": "192.168.0.0/16"
"source": "${vpn_client_cidr}"
},
{
"direction": "outbound",
Expand All @@ -626,7 +721,6 @@
]
}
],
"network_cidr": "10.0.0.0/8",
"vpcs": [
{
"prefix": "edge",
Expand All @@ -642,10 +736,10 @@
],
"address_prefixes": {
"zone-1": [
"10.30.10.4/24",
"10.30.20.0/24",
"10.30.30.0/24",
"10.30.40.0/24"
"${vpc_subnet_cidrs.vpn}",
"${vpc_subnet_cidrs.mgmt}",
"${vpc_subnet_cidrs.vpe}",
"${vpc_subnet_cidrs.edge}"
]
},
"network_acls": [
Expand Down Expand Up @@ -673,25 +767,25 @@
"zone-1": [
{
"name": "vpn-zone-1",
"cidr": "10.30.10.0/24",
"cidr": "${vpc_subnet_cidrs.vpn}",
"public_gateway": false,
"acl_name": "acl"
},
{
"name": "vsi-management-zone-1",
"cidr": "10.30.20.0/24",
"cidr": "${vpc_subnet_cidrs.mgmt}",
"public_gateway": false,
"acl_name": "acl"
},
{
"name": "vpe-zone-1",
"cidr": "10.30.30.0/24",
"cidr": "${vpc_subnet_cidrs.vpe}",
"public_gateway": false,
"acl_name": "acl"
},
{
"name": "vsi-edge-zone-1",
"cidr": "10.30.40.0/24",
"cidr": "${vpc_subnet_cidrs.edge}",
"public_gateway": true,
"acl_name": "acl"
}
Expand Down
21 changes: 21 additions & 0 deletions modules/powervs-vpc-landing-zone/variables.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,27 @@ variable "ssh_private_key" {
sensitive = true
}

#####################################################
# Optional Parameters VPC
#####################################################

variable "vpc_subnet_cidrs" {
description = "CIDR values for the VPC subnets to be created. It's customer responsibility that none of the defined networks collide, including the PowerVS subnets and VPN client pool."
type = object({
vpn = string
mgmt = string
vpe = string
edge = string
})
default = {
"vpn" = "10.30.10.0/24"
"mgmt" = "10.30.20.0/24"
"vpe" = "10.30.30.0/24"
"edge" = "10.30.40.0/24"
}
# TODO validations?
}

#####################################################
# Optional Parameters IBM Cloud Services
#####################################################
Expand Down
6 changes: 3 additions & 3 deletions ...-architectures/standard-openshift/deploy-arch-ibm-pvs-inf-standard-openshift.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
---
copyright:
years: 2024, 2025
lastupdated: "2025-10-08"
lastupdated: "2025-10-09"
keywords:
subcollection: deployable-reference-architectures
authors:
Expand All @@ -15,7 +15,7 @@ image_source: https://github.com/terraform-ibm-modules/terraform-ibm-powervs-inf
use-case: ITServiceManagement
industry: Technology
content-type: reference-architecture
version: v10.0.1
version: v10.1.1
compliance:

---
Expand All @@ -27,7 +27,7 @@ compliance:
{: toc-content-type="reference-architecture"}
{: toc-industry="Technology"}
{: toc-use-case="ITServiceManagement"}
{: toc-version="v10.0.1"}
{: toc-version="v10.1.1"}

The Quickstart OpenShift deployment on Power Virtual Server with a VPC landing zone uses the Red Hat IPI installer to set up an OpenShift cluster. Before the deployment begins, it provisions VPC services and creates a Power Virtual Server workspace, which together form the landing zone used to access and manage the cluster.

Expand Down
6 changes: 3 additions & 3 deletions ...ce-architectures/standard-plus-vsi/deploy-arch-ibm-pvs-inf-standard-plus-vsi.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
---
copyright:
years: 2024, 2025
lastupdated: "2025-10-08"
lastupdated: "2025-10-09"
keywords:
subcollection: deployable-reference-architectures
authors:
Expand All @@ -16,7 +16,7 @@ image_source: https://github.com/terraform-ibm-modules/terraform-ibm-powervs-inf
use-case: ITServiceManagement
industry: Technology
content-type: reference-architecture
version: v10.0.1
version: v10.1.1
compliance:

---
Expand All @@ -28,7 +28,7 @@ compliance:
{: toc-content-type="reference-architecture"}
{: toc-industry="Technology"}
{: toc-use-case="ITServiceManagement"}
{: toc-version="v10.0.1"}
{: toc-version="v10.1.1"}

Quickstart deployment of the Power Virtual Server with VPC landing zone creates VPC services, a Power Virtual Server workspace, and interconnects them. It also deploys a Power Virtual Server of chosen T-shirt size or custom configuration. Supported Os are Aix, IBM i, and Linux images.

Expand Down
Loading