fix: update code

Author: Jordan-Williams2

chart/cloud-pak-deployer/templates/install-job.yaml

@@ -75,11 +75,11 @@ spec:
             - '/cloud-pak-deployer/cp-deploy.sh vault set -vs cp4d_admin_cpd_{{ .Values.cluster_name }} -vsv {{ .Values.deployer.admin_password }} && /cloud-pak-deployer/cp-deploy.sh env apply -vvvv {{ .Values.deployer.accept_license_flag }}'
           resources:
             limits:
-              cpu: 200m
+              cpu: 250m
               memory: 512Mi
             requests:
-              cpu: 10m
-              memory: 64Mi
+              cpu: 100m
+              memory: 256Mi
       serviceAccount: {{ .Values.deployer.prefix }}-sa
       volumes:
         - name: config-volume

chart/cloud-pak-deployer/templates/uninstall-job.yaml

@@ -66,11 +66,11 @@ spec:
             - /cloud-pak-deployer/scripts/cp4d/cp4d-delete-instance.sh cpd <<< "y"
           resources:
             limits:
-              cpu: 200m
+              cpu: 250m
               memory: 512Mi
             requests:
-              cpu: 10m
-              memory: 64Mi
+              cpu: 100m
+              memory: 256Mi
       restartPolicy: Never
       securityContext:
         runAsUser: 0

examples/basic/main.tf

@@ -1,24 +1,106 @@
 ##############################################################################
-# ROKS Landing zone
+locals {
+  cluster_name  = var.existing_cluster_name != null ? var.existing_cluster_name : module.ocp_base[0].cluster_name
+  cluster_rg_id = var.existing_cluster_rg_id != null ? var.existing_cluster_rg_id : module.resource_group[0].resource_group_id
+}
+###############################################################################
+
+##############################################################################
+# Resource Group
 ##############################################################################
 
-module "roks_landing_zone" {
-  source           = "git::https://github.com/terraform-ibm-modules/terraform-ibm-landing-zone.git//patterns/roks-quickstart?ref=v6.6.1"
-  ibmcloud_api_key = var.ibmcloud_api_key
-  prefix           = var.prefix
-  region           = var.region
-  resource_tags    = var.resource_tags
+module "resource_group" {
+  count   = var.existing_cluster_rg_id == null ? 1 : 0
+  source  = "terraform-ibm-modules/resource-group/ibm"
+  version = "1.1.6"
+  # if an existing resource group is not set (null) create a new one using prefix
+  resource_group_name = "${var.prefix}-resource-group"
+}
+
+########################################################################################################################
+# VPC + Subnet + Public Gateway
+#
+# NOTE: This is a very simple VPC with single subnet in a single zone with a public gateway enabled, that will allow
+# all traffic ingress/egress by default.
+# For production use cases this would need to be enhanced by adding more subnets and zones for resiliency, and
+# ACLs/Security Groups for network security.
+########################################################################################################################
+
+resource "ibm_is_vpc" "vpc" {
+  name                      = "${var.prefix}-vpc"
+  resource_group            = local.cluster_rg_id
+  address_prefix_management = "auto"
+  tags                      = var.resource_tags
+}
+
+resource "ibm_is_public_gateway" "gateway" {
+  name           = "${var.prefix}-gateway-1"
+  vpc            = ibm_is_vpc.vpc.id
+  resource_group = local.cluster_rg_id
+  zone           = "${var.region}-1"
+}
+
+resource "ibm_is_subnet" "subnet_zone_1" {
+  name                     = "${var.prefix}-subnet-1"
+  vpc                      = ibm_is_vpc.vpc.id
+  resource_group           = local.cluster_rg_id
+  zone                     = "${var.region}-1"
+  total_ipv4_address_count = 256
+  public_gateway           = ibm_is_public_gateway.gateway.id
+}
+
+########################################################################################################################
+# OCP VPC cluster (single zone)
+########################################################################################################################
+
+locals {
+  cluster_vpc_subnets = {
+    default = [
+      {
+        id         = ibm_is_subnet.subnet_zone_1.id
+        cidr_block = ibm_is_subnet.subnet_zone_1.ipv4_cidr_block
+        zone       = ibm_is_subnet.subnet_zone_1.zone
+      }
+    ]
+  }
+
+  worker_pools = [
+    {
+      subnet_prefix    = "default"
+      pool_name        = "default" # ibm_container_vpc_cluster automatically names default pool "default" (See https://github.com/IBM-Cloud/terraform-provider-ibm/issues/2849)
+      machine_type     = "bx2.16x64"
+      operating_system = "REDHAT_8_64"
+      workers_per_zone = 3 # minimum of 2 is allowed when using single zone
+    }
+  ]
+}
+
+module "ocp_base" {
+  count                               = var.existing_cluster_name == null ? 1 : 0
+  source                              = "terraform-ibm-modules/base-ocp-vpc/ibm"
+  version                             = "3.41.7"
+  resource_group_id                   = local.cluster_rg_id
+  region                              = var.region
+  tags                                = var.resource_tags
+  cluster_name                        = var.prefix
+  force_delete_storage                = true
+  vpc_id                              = ibm_is_vpc.vpc.id
+  vpc_subnets                         = local.cluster_vpc_subnets
+  worker_pools                        = local.worker_pools
+  disable_outbound_traffic_protection = true # set as True to enable outbound traffic
 }
 
 ##############################################################################
 # Deploy cloudpak_data
 ##############################################################################
+
 module "cloudpak_data" {
   source                    = "../../solutions/deploy"
   ibmcloud_api_key          = var.ibmcloud_api_key
   prefix                    = var.prefix
   region                    = var.region
-  cluster_name              = module.roks_landing_zone.workload_cluster_id
+  cluster_name              = local.cluster_name
+  cluster_rg_id             = local.cluster_rg_id
   cloud_pak_deployer_image  = "quay.io/cloud-pak-deployer/cloud-pak-deployer"
   cpd_admin_password        = "Passw0rd" #pragma: allowlist secret
   cpd_entitlement_key       = "entitlementKey"

examples/basic/variables.tf

@@ -36,3 +36,19 @@ variable "install_odf_cluster_addon" {
   type        = bool
   default     = false
 }
+
+variable "existing_cluster_name" {
+  description = "Existing cluster name"
+  type        = string
+  default     = "ocp-cp4d-v2"
+  validation {
+    condition     = can(regex("^[a-z][a-z0-9-]{0,12}[a-z0-9]$", var.existing_cluster_name))
+    error_message = "Existing cluster name must begin with a letter and contain only lowercase letters, numbers, and - characters. Existing cluster names must end with a lowercase letter or number and be 13 or fewer characters."
+  }
+}
+
+variable "existing_cluster_rg_id" {
+  description = "Existing resource group id"
+  type        = string
+  default     = null
+}

solutions/deploy/74c080ff29612f3bf0b14e76405315690a572051fe664871657fd9349b5c8a04_ocp-cp4d-v2_k8sconfig/config.yml

@@ -0,0 +1,26 @@
+apiVersion: v1
+clusters:
+- cluster:
+    server: https://c106-e.us-south.containers.cloud.ibm.com:31203
+  name: ocp-cp4d-v2/d04fmmsd0trb3gtjs3k0
+- cluster:
+    server: https://c106-e.us-south.containers.cloud.ibm.com:31203
+  name: c106-e-us-south-containers-cloud-ibm-com:31203
+contexts:
+- context:
+    cluster: ocp-cp4d-v2/d04fmmsd0trb3gtjs3k0
+    namespace: default
+    user: ""
+  name: ocp-cp4d-v2/d04fmmsd0trb3gtjs3k0
+- context:
+    cluster: c106-e-us-south-containers-cloud-ibm-com:31203
+    namespace: default
+    user: IAM#[email protected]/c106-e-us-south-containers-cloud-ibm-com:31203
+  name: default/c106-e-us-south-containers-cloud-ibm-com:31203/IAM#[email protected]
+current-context: default/c106-e-us-south-containers-cloud-ibm-com:31203/IAM#[email protected]
+kind: Config
+preferences: {}
+users:
+- name: IAM#[email protected]/c106-e-us-south-containers-cloud-ibm-com:31203
+  user:
+    token: sha256~3zsiX1Et5jdtmk0kycFC_j52OcuYi0hMDLz66vGlyqo

solutions/deploy/README.md

@@ -105,6 +105,7 @@ You need the following permissions to run this module:
 | <a name="requirement_external"></a> [external](#requirement\_external) | >= 2.3.4 |
 | <a name="requirement_helm"></a> [helm](#requirement\_helm) | >= 2.8.0, <3.0.0 |
 | <a name="requirement_ibm"></a> [ibm](#requirement\_ibm) | 1.71.3 |
+| <a name="requirement_shell"></a> [shell](#requirement\_shell) | 1.7.10 |
 
 ### Modules
 
@@ -124,18 +125,20 @@ You need the following permissions to run this module:
 | [external_external.schematics](https://registry.terraform.io/providers/hashicorp/external/latest/docs/data-sources/external) | data source |
 | [ibm_container_cluster_config.cluster_config](https://registry.terraform.io/providers/ibm-cloud/ibm/1.71.3/docs/data-sources/container_cluster_config) | data source |
 | [ibm_container_vpc_cluster.cluster_info](https://registry.terraform.io/providers/ibm-cloud/ibm/1.71.3/docs/data-sources/container_vpc_cluster) | data source |
+| [ibm_iam_auth_token.tokendata](https://registry.terraform.io/providers/ibm-cloud/ibm/1.71.3/docs/data-sources/iam_auth_token) | data source |
 
 ### Inputs
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
 | <a name="input_cloud_pak_deployer_image"></a> [cloud\_pak\_deployer\_image](#input\_cloud\_pak\_deployer\_image) | Cloud Pak Deployer image to use. If `null`, the image will be built using Code Engine. | `string` | `null` | no |
-| <a name="input_cloud_pak_deployer_release"></a> [cloud\_pak\_deployer\_release](#input\_cloud\_pak\_deployer\_release) | Release of Cloud Pak Deployer version to use. View releases at: https://github.com/IBM/cloud-pak-deployer/releases. | `string` | `"v3.1.2"` | no |
-| <a name="input_cloud_pak_deployer_secret"></a> [cloud\_pak\_deployer\_secret](#input\_cloud\_pak\_deployer\_secret) | Secret for accessing the Cloud Pak Deployer image. If `null`, a default secret will be created. | <pre>object({<br/>    username = string<br/>    password = string<br/>    server   = string<br/>    email    = string<br/>  })</pre> | `null` | no |
-| <a name="input_cluster_name"></a> [cluster\_name](#input\_cluster\_name) | Name of the OpenShift cluster. | `string` | n/a | yes |
+| <a name="input_cloud_pak_deployer_release"></a> [cloud\_pak\_deployer\_release](#input\_cloud\_pak\_deployer\_release) | Release of Cloud Pak Deployer version to use. View releases at: https://github.com/IBM/cloud-pak-deployer/releases. | `string` | `"v3.1.3"` | no |
+| <a name="input_cloud_pak_deployer_secret"></a> [cloud\_pak\_deployer\_secret](#input\_cloud\_pak\_deployer\_secret) | Secret for accessing the Cloud Pak Deployer image. If `null`, a default secret will be created # pragma: allowlist secret. | <pre>object({<br/>    username = string<br/>    password = string<br/>    server   = string<br/>    email    = string<br/>  })</pre> | `null` | no |
+| <a name="input_cluster_name"></a> [cluster\_name](#input\_cluster\_name) | Name of Red Hat OpenShift cluster to install watsonx onto | `string` | n/a | yes |
+| <a name="input_cluster_rg_id"></a> [cluster\_rg\_id](#input\_cluster\_rg\_id) | Resource group id of the cluster | `string` | n/a | yes |
 | <a name="input_code_engine_project_id"></a> [code\_engine\_project\_id](#input\_code\_engine\_project\_id) | If you want to use an existing project, you can pass the code engine project ID and the Cloud Pak Deployer build will be built within the existing project instead of creating a new one. | `string` | `null` | no |
 | <a name="input_code_engine_project_name"></a> [code\_engine\_project\_name](#input\_code\_engine\_project\_name) | If the variable cloud\_pak\_deployer\_image is null, it will build the image with code engine and store it within a private ICR registry. Provide a name if you want to set the name. If not defined, default will be `{prefix}-cpd-{random-suffix}`. | `string` | `null` | no |
-| <a name="input_cpd_accept_license"></a> [cpd\_accept\_license](#input\_cpd\_accept\_license) | When set to 'true', it is understood that the user has read the terms of the Cloud Pak license(s) and agrees to the terms outlined. | `bool` | `false` | no |
+| <a name="input_cpd_accept_license"></a> [cpd\_accept\_license](#input\_cpd\_accept\_license) | When set to 'true', it is understood that the user has read the terms of the Cloud Pak license(s) and agrees to the terms outlined. | `bool` | `true` | no |
 | <a name="input_cpd_admin_password"></a> [cpd\_admin\_password](#input\_cpd\_admin\_password) | Password for the Cloud Pak for Data admin user. | `string` | n/a | yes |
 | <a name="input_cpd_entitlement_key"></a> [cpd\_entitlement\_key](#input\_cpd\_entitlement\_key) | Cloud Pak for Data entitlement key for access to the IBM Entitled Registry. Can be fetched from https://myibm.ibm.com/products-services/containerlibrary. | `string` | n/a | yes |
 | <a name="input_cpd_version"></a> [cpd\_version](#input\_cpd\_version) | Cloud Pak for Data version to install.  Only version 5.x.x is supported | `string` | `"5.0.3"` | no |

solutions/deploy/main.tf

@@ -10,9 +10,10 @@ locals {
   }
 }
 
-# Retrieve the OpenShift cluster info
+# Retrieve the openshift cluster info
 data "ibm_container_vpc_cluster" "cluster_info" {
-  name = var.cluster_name
+  name              = var.cluster_name
+  resource_group_id = var.cluster_rg_id
 }
 
 module "build_cpd_image" {

solutions/deploy/providers.tf

@@ -9,6 +9,14 @@ data "ibm_container_cluster_config" "cluster_config" {
   config_dir      = local.kube_config_dir
 }
 
+data "ibm_iam_auth_token" "tokendata" {}
+
+provider "shell" {
+  sensitive_environment = {
+    TOKEN = data.ibm_iam_auth_token.tokendata.iam_access_token
+  }
+}
+
 provider "helm" {
   kubernetes {
     host  = data.ibm_container_cluster_config.cluster_config.host

solutions/deploy/variables.tf

@@ -53,11 +53,11 @@ variable "cloud_pak_deployer_image" {
 variable "cloud_pak_deployer_release" {
   description = "Release of Cloud Pak Deployer version to use. View releases at: https://github.com/IBM/cloud-pak-deployer/releases."
   type        = string
-  default     = "v3.1.2"
+  default     = "v3.1.3"
 }
 
 variable "cloud_pak_deployer_secret" {
-  description = "Secret for accessing the Cloud Pak Deployer image. If `null`, a default secret will be created."
+  description = "Secret for accessing the Cloud Pak Deployer image. If `null`, a default secret will be created # pragma: allowlist secret."
   type = object({
     username = string
     password = string
@@ -68,7 +68,12 @@ variable "cloud_pak_deployer_secret" {
 }
 
 variable "cluster_name" {
-  description = "Name of the OpenShift cluster."
+  description = "Name of Red Hat OpenShift cluster to install watsonx onto"
+  type        = string
+}
+
+variable "cluster_rg_id" {
+  description = "Resource group id of the cluster"
   type        = string
 }
 
@@ -119,7 +124,7 @@ variable "odf_config" {
 variable "cpd_accept_license" {
   description = "When set to 'true', it is understood that the user has read the terms of the Cloud Pak license(s) and agrees to the terms outlined."
   type        = bool
-  default     = false
+  default     = true
 }
 
 variable "cpd_admin_password" {

solutions/deploy/version.tf

@@ -13,5 +13,9 @@ terraform {
       source  = "hashicorp/helm"
       version = ">= 2.8.0, <3.0.0"
     }
+    shell = {
+      source  = "scottwinkler/shell"
+      version = "1.7.10"
+    }
   }
 }