Merge branch 'main' into renovate/terraform-module

Author: jor2

.secrets.baseline

@@ -3,7 +3,7 @@
     "files": "go.sum|^.secrets.baseline$",
     "lines": null
   },
-  "generated_at": "2025-01-24T16:49:18Z",
+  "generated_at": "2025-02-11T22:49:03Z",
   "plugins_used": [
     {
       "name": "AWSKeyDetector"
@@ -76,18 +76,7 @@
       "name": "TwilioKeyDetector"
     }
   ],
-  "results": {
-    "solutions/deploy/README.md": [
-      {
-        "hashed_secret": "2254481e1661d8f017a712b0d1ad9a14fd9460a3",
-        "is_secret": false,
-        "is_verified": false,
-        "line_number": 134,
-        "type": "Secret Keyword",
-        "verified_result": null
-      }
-    ]
-  },
+  "results": {},
   "version": "0.13.1+ibm.62.dss",
   "word_list": {
     "file": null,

chart/cloud-pak-deployer/templates/install-job.yaml

@@ -75,11 +75,11 @@ spec:
             - '/cloud-pak-deployer/cp-deploy.sh vault set -vs cp4d_admin_cpd_{{ .Values.cluster_name }} -vsv {{ .Values.deployer.admin_password }} && /cloud-pak-deployer/cp-deploy.sh env apply -vvvv {{ .Values.deployer.accept_license_flag }}'
           resources:
             limits:
-              cpu: 200m
+              cpu: 250m
               memory: 512Mi
             requests:
-              cpu: 10m
-              memory: 64Mi
+              cpu: 100m
+              memory: 256Mi
       serviceAccount: {{ .Values.deployer.prefix }}-sa
       volumes:
         - name: config-volume

chart/cloud-pak-deployer/templates/uninstall-job.yaml

@@ -66,11 +66,11 @@ spec:
             - /cloud-pak-deployer/scripts/cp4d/cp4d-delete-instance.sh cpd <<< "y"
           resources:
             limits:
-              cpu: 200m
+              cpu: 250m
               memory: 512Mi
             requests:
-              cpu: 10m
-              memory: 64Mi
+              cpu: 100m
+              memory: 256Mi
       restartPolicy: Never
       securityContext:
         runAsUser: 0

examples/basic/main.tf

@@ -1,24 +1,106 @@
 ##############################################################################
-# ROKS Landing zone
+locals {
+  cluster_name  = var.existing_cluster_name != null ? var.existing_cluster_name : module.ocp_base[0].cluster_name
+  cluster_rg_id = var.existing_cluster_rg_id != null ? var.existing_cluster_rg_id : module.resource_group[0].resource_group_id
+}
+###############################################################################
+
+##############################################################################
+# Resource Group
 ##############################################################################
 
-module "roks_landing_zone" {
-  source           = "git::https://github.com/terraform-ibm-modules/terraform-ibm-landing-zone.git//patterns/roks-quickstart?ref=v6.8.1"
-  ibmcloud_api_key = var.ibmcloud_api_key
-  prefix           = var.prefix
-  region           = var.region
-  resource_tags    = var.resource_tags
+module "resource_group" {
+  count   = var.existing_cluster_rg_id == null ? 1 : 0
+  source  = "terraform-ibm-modules/resource-group/ibm"
+  version = "1.1.6"
+  # if an existing resource group is not set (null) create a new one using prefix
+  resource_group_name = "${var.prefix}-resource-group"
+}
+
+########################################################################################################################
+# VPC + Subnet + Public Gateway
+#
+# NOTE: This is a very simple VPC with single subnet in a single zone with a public gateway enabled, that will allow
+# all traffic ingress/egress by default.
+# For production use cases this would need to be enhanced by adding more subnets and zones for resiliency, and
+# ACLs/Security Groups for network security.
+########################################################################################################################
+
+resource "ibm_is_vpc" "vpc" {
+  name                      = "${var.prefix}-vpc"
+  resource_group            = local.cluster_rg_id
+  address_prefix_management = "auto"
+  tags                      = var.resource_tags
+}
+
+resource "ibm_is_public_gateway" "gateway" {
+  name           = "${var.prefix}-gateway-1"
+  vpc            = ibm_is_vpc.vpc.id
+  resource_group = local.cluster_rg_id
+  zone           = "${var.region}-1"
+}
+
+resource "ibm_is_subnet" "subnet_zone_1" {
+  name                     = "${var.prefix}-subnet-1"
+  vpc                      = ibm_is_vpc.vpc.id
+  resource_group           = local.cluster_rg_id
+  zone                     = "${var.region}-1"
+  total_ipv4_address_count = 256
+  public_gateway           = ibm_is_public_gateway.gateway.id
+}
+
+########################################################################################################################
+# OCP VPC cluster (single zone)
+########################################################################################################################
+
+locals {
+  cluster_vpc_subnets = {
+    default = [
+      {
+        id         = ibm_is_subnet.subnet_zone_1.id
+        cidr_block = ibm_is_subnet.subnet_zone_1.ipv4_cidr_block
+        zone       = ibm_is_subnet.subnet_zone_1.zone
+      }
+    ]
+  }
+
+  worker_pools = [
+    {
+      subnet_prefix    = "default"
+      pool_name        = "default" # ibm_container_vpc_cluster automatically names default pool "default" (See https://github.com/IBM-Cloud/terraform-provider-ibm/issues/2849)
+      machine_type     = "bx2.16x64"
+      operating_system = "REDHAT_8_64"
+      workers_per_zone = 3 # minimum of 2 is allowed when using single zone
+    }
+  ]
+}
+
+module "ocp_base" {
+  count                               = var.existing_cluster_name == null ? 1 : 0
+  source                              = "terraform-ibm-modules/base-ocp-vpc/ibm"
+  version                             = "3.41.7"
+  resource_group_id                   = local.cluster_rg_id
+  region                              = var.region
+  tags                                = var.resource_tags
+  cluster_name                        = var.prefix
+  force_delete_storage                = true
+  vpc_id                              = ibm_is_vpc.vpc.id
+  vpc_subnets                         = local.cluster_vpc_subnets
+  worker_pools                        = local.worker_pools
+  disable_outbound_traffic_protection = true # set as True to enable outbound traffic
 }
 
 ##############################################################################
 # Deploy cloudpak_data
 ##############################################################################
+
 module "cloudpak_data" {
   source                    = "../../solutions/deploy"
   ibmcloud_api_key          = var.ibmcloud_api_key
   prefix                    = var.prefix
   region                    = var.region
-  cluster_name              = module.roks_landing_zone.workload_cluster_id
+  cluster_name              = local.cluster_name
+  cluster_rg_id             = local.cluster_rg_id
   cloud_pak_deployer_image  = "quay.io/cloud-pak-deployer/cloud-pak-deployer"
   cpd_admin_password        = "Passw0rd" #pragma: allowlist secret
   cpd_entitlement_key       = "entitlementKey"

examples/basic/variables.tf

@@ -3,7 +3,7 @@
 ##############################################################################
 
 variable "ibmcloud_api_key" {
-  description = "The IBM Cloud platform API key needed to deploy IAM enabled resources."
+  description = "The IBM Cloud API key to deploy resources."
   type        = string
   sensitive   = true
 }
@@ -14,8 +14,8 @@ variable "prefix" {
   default     = "lz-roks-cp4d"
 
   validation {
-    error_message = "Prefix must begin with a letter and contain only lowercase letters, numbers, and - characters. Prefixes must end with a lowercase letter or number and be 13 or fewer characters."
-    condition     = can(regex("^([a-z]|[a-z][-a-z0-9]*[a-z0-9])$", var.prefix)) && length(var.prefix) <= 13
+    error_message = "Prefix must begin with a letter and contain only lowercase letters, numbers, and - characters. Prefixes must end with a lowercase letter or number and be 16 or fewer characters."
+    condition     = can(regex("^([a-z]|[a-z][-a-z0-9]*[a-z0-9])$", var.prefix)) && length(var.prefix) <= 16
   }
 }
 
@@ -36,3 +36,19 @@ variable "install_odf_cluster_addon" {
   type        = bool
   default     = false
 }
+
+variable "existing_cluster_name" {
+  description = "Existing cluster name"
+  type        = string
+  default     = null
+  validation {
+    condition     = can(regex("^[a-z][a-z0-9-]{0,12}[a-z0-9]$", var.existing_cluster_name))
+    error_message = "Existing cluster name must begin with a letter and contain only lowercase letters, numbers, and - characters. Existing cluster names must end with a lowercase letter or number and be 13 or fewer characters."
+  }
+}
+
+variable "existing_cluster_rg_id" {
+  description = "Existing resource group id"
+  type        = string
+  default     = null
+}

examples/basic/version.tf

@@ -3,7 +3,7 @@ terraform {
   required_providers {
     # renovate is set up to keep provider version at the latest for all DA solutions
     ibm = {
-      source  = "IBM-Cloud/ibm"
+      source  = "ibm-cloud/ibm"
       version = "1.71.3"
     }
   }