├── .gitignore ├── README.md ├── acronyms.md ├── architecture ├── README.md ├── ibmcloud-iks-secrets-manager.drawio ├── ibmcloud-iks-secrets-manager.png ├── ibmcloud-iks-secrets-manager.svg ├── ibmcloud-observability.drawio ├── ibmcloud-observability.png ├── ibmcloud-observability.svg ├── ibmcloud-vpc-iks-architecture.drawio ├── ibmcloud-vpc-iks-architecture.mov ├── ibmcloud-vpc-iks-architecture.png └── ibmcloud-vpc-iks-architecture.svg ├── bmx-docker.sh ├── bmx.sh ├── cleanup ├── clean-iam-cluster-apikey.sh ├── clean-logs-trustedprofile.sh ├── clean-reclamations.sh └── clean-resources.sh ├── cloud-logs ├── README.md └── logger-agent.yaml ├── cloudfoundry ├── cf-api.md ├── cf-bluegreen.md ├── cf-custom-route.png ├── cf-diego-migration.md ├── cf-secure-domain.md ├── cf-volume.md └── cis-custom-domain.png ├── docker2bmx.sh ├── iam ├── 1-iam-access-group-create.sh ├── 2-iam-add-user-to-ag-and-org.sh ├── 3-iam-access-group-admin.sh ├── account-user-list.sh ├── account-user-parent-list.csv ├── account-user-parent-list.sh ├── account_users.txt ├── iam-assign-admin-role.sh ├── invite-user-iks-workshop.sh ├── invite-users-to-access-group.sh ├── lab-users-group.sh ├── labinabox-admin-rights.sh └── remove-user-and-space.sh ├── iks ├── allow-ingress-cloudflare-ips.yml ├── allow-traffic-from-my-ip.yml ├── classic-nlb │ └── deploy-nginx.yml ├── cloud-logs │ ├── README.md │ └── install-cloud-logs-agent.sh ├── create-cluster.sh ├── deny-alb-cfee3.yml ├── deny-alb-traffic.yml ├── deny-all-ingress.yml ├── deny-nodeports.yml ├── ingress-tls-volume-bind.yaml ├── nginx │ └── deploy-nginx.yml ├── pod-security-policies │ ├── nginx-priv.yaml │ └── pod-security-policies.md ├── proxy-protocol │ └── echo-iks-ingress.yaml └── strongswan │ ├── README.md │ ├── ibm-cloud-config.yaml │ ├── on-prem-config.yaml │ └── strongswan-config-orig.yaml ├── index.html ├── infrastructure ├── is-remove-vols.sh └── storage-block-file-cleanup.sh ├── kubectl-commands.md ├── local.env.example ├── newfile.md ├── odm ├── README.md ├── odm-db-credentials.env ├── roks-values-externaldb.yaml └── roks-values-internaldb.yaml ├── openshift ├── 3scale │ └── registry-secret.sh ├── api-create-vpc-openshift.json ├── cos │ └── README.md ├── csi-driver-smb │ └── readme.md ├── ingress-route │ ├── hello-world-route.yml │ ├── test-app-ingress.yml │ ├── test-nginx-route.yml │ └── test-public-lb.yml ├── mirror-registry │ └── README.md ├── nlb │ ├── nlb-tcp-private.yaml │ ├── nlb-tcp-public.yaml │ ├── nlb-udp.yaml │ └── readme.md ├── nsxt │ ├── nsxt-containers.yaml │ └── nsxt-lb.yaml ├── odf │ └── test-odf-app.md ├── openshift-banner.yml ├── openshift-nginx-pvc.yml ├── openshift-nginx2-pvc.yml ├── openshift-pvc.md ├── openshift-rbac1-clusterrolebinding.yml ├── openshift-rbac2-clusterrole.yml ├── openshift-rbac3-rolebinding.yml ├── openshift-user-invite.sh ├── openshift-user-remove.sh ├── prometheus │ ├── prometheus-example-app.yaml │ └── prometheus-example-monitor.yaml ├── pvc │ └── ephemeral-volume-pod.yaml ├── tcpdump │ ├── README.md │ └── ksniff-wireshark.png └── test-pvc-app.yml ├── pricing └── pricing.js ├── resource-groups └── reclamation-delete.sh ├── satellite ├── README.md ├── agent-env-files │ ├── connector.env │ └── readme.md ├── architecture.png ├── baremetal │ └── README.md ├── sat-architecture.png ├── satellite-create.sh ├── satellite-remove.sh ├── satellite.env └── satellite.env.template ├── secrets-manager ├── README.MD └── attach-sm-cluster.sh ├── sysdig ├── README.md ├── sysdig-benchmark-runner-configmap.yaml ├── sysdig-host-analyzer-configmap.yaml ├── sysdig-image-analyzer-configmap.yaml ├── sysdig-img-analyzer.png └── sysdig-node-analyzer-daemonset.yaml ├── terraform ├── appid-federation │ ├── app-id.tf │ ├── clean-state.sh │ ├── iam.tf │ ├── provider.tf │ ├── resource-group.tf │ ├── testing.tfvars │ └── variables.tf ├── cbr │ ├── account-cbr.tf │ ├── main.tf │ ├── outputs.tf │ ├── provider.tf │ ├── storage-cos.tf │ └── variables.tf ├── cloud-logs │ ├── account-rg.tf │ ├── observability-log-analysis.tf.deprecated │ ├── observability-logs-at-routing.tf │ ├── observability-logs-iam-authorizations.tf │ ├── observability-logs-instance.tf │ ├── observability-logs-routing.tf │ ├── observability-logs-storage-cos.tf │ ├── provider.tf │ ├── security-key-protect.tf │ ├── testing.auto.tfvars │ └── variables.tf ├── cloudfoundry │ ├── README.md │ ├── appcode │ │ └── get-started-node-master.zip │ └── main.tf ├── cos │ ├── account-iam-ag.tf │ ├── account-rg.tf │ ├── provider.tf │ ├── security-key-protect.tf │ ├── storage-cos.tf │ └── variables.tf ├── enterprise-apptio │ ├── README.md │ └── enterprise-apptio-export.tf ├── enterprise │ ├── account-rg.tf │ ├── enterprise-child-account.tf.onhold │ ├── enterprise-child-cos.tf.onhold │ ├── enterprise-iam-template.tf │ ├── enterprise-top-account.tf │ ├── export-vars.sh │ ├── provider.tf │ ├── testing.auto.tfvars │ └── variables.tf ├── event-streams │ ├── account-rg.tf │ ├── event-streams.tf │ ├── provider.tf │ ├── testing.auto.tfvars │ └── variables.tf ├── http-full │ ├── provider.tf │ └── security-scc.tf ├── hyperprotect │ ├── clean-state.sh │ ├── hp-dbaas.tf │ ├── provider.tf │ └── variables.tf ├── iam │ ├── account-rg.tf │ ├── iam-ag-vmware-lab.tf │ ├── iam-users.tf │ ├── iam.tf │ ├── observability-logging.tf.notworkingyet │ ├── observability-monitoring.tf.onhold │ ├── provider.tf │ └── variables.tf ├── icd-mongo │ ├── account-iam-ag.tf │ ├── account-rg.tf │ ├── database-mongo.tf │ ├── networking-vpc.tf │ ├── provider.tf │ ├── security-key-protect.tf.onhold │ ├── testing.auto.tfvars │ └── variables.tf ├── icd-postgres-modules │ ├── account-rg.tf │ ├── database-postgres.tf │ ├── provider.tf │ ├── testing.auto.tfvars │ └── variables.tf ├── icd-postgres │ ├── account-iam-ag.tf │ ├── account-rg.tf │ ├── database-postgres.tf │ ├── networking-vpc.tf │ ├── provider.tf │ ├── security-key-protect.tf │ ├── testing.auto.tfvars │ └── variables.tf ├── iks │ ├── account-rg.tf │ ├── container-iks.tf │ ├── networking-vpc.tf │ ├── provider.tf │ └── variables.tf ├── infracost-test │ ├── account-rg.tf │ ├── container-iks.tf │ ├── container-openshift.tf.onhold │ ├── networking-vpc-sgs.tf │ ├── networking-vpc.tf │ ├── provider.tf │ ├── testing.auto.tfvars │ └── variables.tf ├── internet-services │ ├── internet-services.tf │ ├── provider.tf │ └── variables.tf ├── labinabox-roks │ ├── account-rg.tf │ ├── container-openshift.tf │ ├── devops-notifications.tf │ ├── iam-ag.tf │ ├── networking-vpc-sgs.tf │ ├── networking-vpc.tf │ ├── observability-log-analysis.tf.deprecated │ ├── observability-logs-agents-roks.tf.removed │ ├── observability-logs-iam.tf │ ├── observability-logs-instance.tf │ ├── observability-logs-storage-cos.tf │ ├── observability-monitoring.tf │ ├── provider.tf │ ├── security-key-protect.tf │ ├── security-scc-cos.tf │ ├── security-scc-instance.tf │ ├── security-scc-scan-attachment.tf │ ├── security-secrets-manager.tf │ ├── testing.auto.tfvars │ └── variables.tf ├── mysql │ ├── clean-state.sh │ ├── iam.tf │ ├── key-protect.tf │ ├── mysql.tf │ ├── provider.tf │ ├── resource-group.tf │ ├── testing.tfvars │ └── variables.tf ├── observability │ ├── README.md │ ├── account-iam-ag.tf │ ├── account-rg.tf │ ├── observability-logging.tf │ ├── observability-monitoring.tf │ ├── provider.tf │ ├── testing.auto.tfvars │ └── variables.tf ├── odmonroks │ ├── account-rg.tf │ ├── container-openshift.tf │ ├── database-postgres.tf │ ├── iam-ag.tf │ ├── iam-users.tf │ ├── networking-vpc.tf │ ├── odm.auto.tfvars │ ├── provider.tf │ └── variables.tf ├── poc-openshift │ ├── attach-secrets-manager.sh │ ├── clean-state.sh │ ├── cluster-iks.tf │ ├── cluster-openshift.tf │ ├── continuous-delivery.tf │ ├── cos.tf │ ├── iam.tf │ ├── invite-users.tf │ ├── key-protect.tf │ ├── log-analysis.tf │ ├── monitoring-sysdig.tf │ ├── network.tf │ ├── provider.tf │ ├── resource-group.tf │ ├── secrets-manager.tf │ ├── testing.auto.tfvars │ └── variables.tf ├── scc │ ├── account-iam-ag.tf │ ├── account-rg.tf │ ├── devops-notifications.tf │ ├── provider.tf │ ├── security-key-protect.tf │ ├── security-scc-attachements.tf │ ├── security-scc-instance.tf │ ├── storage-cos.tf │ └── variables.tf ├── secrets-manager │ ├── account-rg.tf │ ├── networking-vpn-secrets.tf │ ├── provider.tf │ ├── security-secrets-manager.tf │ ├── testing.auto.tfvars │ └── variables.tf ├── sysdig │ ├── main.tf │ └── variables.tf ├── terraformer │ ├── provider.tf │ ├── readme.md │ ├── terraformer-generated.png │ └── variables.tf ├── transit-gateway │ ├── account-rg.tf │ ├── networking-vpc.tf │ ├── networking-vpc2.tf │ ├── provider.tf │ ├── transit-gateway.tf │ └── variables.tf ├── vpc-cluster-module │ ├── clean-state.sh │ ├── cluster-iks.tf │ ├── cluster-openshift.tf │ ├── cos.tf │ ├── iam.tf │ ├── log-analysis.tf │ ├── monitoring-sysdig.tf │ ├── network.tf │ ├── provider.tf │ ├── resource-group.tf │ ├── testing.tfvars │ └── variables.tf ├── vpc │ ├── bastion │ │ ├── main.tf │ │ ├── variables.tf │ │ └── versions.tf │ ├── multizone-vpc │ │ ├── clean-state.sh │ │ ├── multizone-vpc.tf │ │ ├── provider.tf │ │ ├── testing.tfvars │ │ └── variables.tf │ └── simple-vpc │ │ ├── clean-state.sh │ │ ├── provider.tf │ │ ├── simple-vpc.tf │ │ └── variables.tf ├── vpn-only │ ├── account-rg.tf │ ├── networking-vpc.tf │ ├── networking-vpn-certificates.tf │ ├── networking-vpn-client2server.tf │ ├── networking-vpn-secrets.tf │ ├── provider.tf │ ├── testing.auto.tfvars │ └── variables.tf ├── vpn-postgres-db2 │ ├── account-rg.tf │ ├── compute-vsi.tf │ ├── database-db2oncloud.tf │ ├── database-posgres.tf │ ├── networking-vpc.tf │ ├── networking-vpn-certificates.tf │ ├── networking-vpn-client2server.tf │ ├── networking-vpn-secrets.tf │ ├── provider.tf │ ├── testing.auto.tfvars │ └── variables.tf ├── vpn-vpc-vsi │ ├── README.md │ ├── account-rg.tf │ ├── images │ │ └── graph.svg │ ├── networking-vpc.tf │ ├── networking-vpn-certificates.tf │ ├── networking-vpn-client2server.tf │ ├── networking-vpn-secrets.tf │ ├── provider.tf │ ├── security-secrets-manager.tf │ ├── testing.auto.tfvars │ ├── tf-destroy.log │ └── variables.tf ├── vsi-classic │ ├── main.tf │ ├── provider.tf │ ├── security_groups.tf │ └── terraform.tfvars └── vsi-windows │ └── compute-vsi.tf ├── vmware ├── images │ ├── bastion.png │ ├── cluster-add-storage-pool.png │ ├── cluster-pool-match.png │ ├── cluster-storage-pool-deploying.png │ ├── cluster-worker-pool.png │ ├── email-invite.png │ ├── email-techzone-ready.png │ ├── firefox-console.png │ ├── firefox-settings.png │ ├── firefox-socks.png │ ├── ibm-cloud-rg.png │ ├── icp-switch.png │ ├── image1.png │ ├── image10.png │ ├── image11.png │ ├── image12.png │ ├── image13.png │ ├── image14.png │ ├── image15.png │ ├── image16.png │ ├── image17.png │ ├── image18.png │ ├── image19.png │ ├── image2.png │ ├── image20.png │ ├── image21.png │ ├── image22.png │ ├── image24.png │ ├── image25.png │ ├── image27.png │ ├── image29.png │ ├── image3.png │ ├── image31.png │ ├── image32.png │ ├── image33.png │ ├── image35.png │ ├── image36.png │ ├── image37.png │ ├── image38.png │ ├── image4.png │ ├── image40.png │ ├── image41.png │ ├── image43.png │ ├── image5.png │ ├── image6.png │ ├── image7.png │ ├── image8.png │ ├── image9.png │ ├── myreservation.png │ ├── oc-get-nodes.png │ ├── odf-issue.png │ ├── odf-parameters1.png │ ├── odf-parameters2.png │ ├── odf-parameters3.png │ ├── odf-parameters4.png │ ├── odf1.png │ ├── odf2.png │ ├── openshift-create1.png │ ├── openshift-worker-pool.png │ ├── openshift-worker-pool2.png │ ├── openshift-worker-pool3.png │ ├── openshift-worker-pool4.png │ ├── sat-services.png │ ├── satellite-clusters.png │ ├── satellite-create-services.png │ ├── satellite-services.png │ ├── satellite-workers.png │ ├── storage-create-config.png │ ├── storage-create-config2.png │ ├── vsphere-console.png │ └── vsphere-login.png └── wmware-odf.md ├── vpc └── vpc-cheatsheet.md ├── vpn ├── README.md └── images │ ├── sm-import1.png │ ├── sm-import2.png │ ├── sm-import3.png │ ├── tunnelblick-connected.png │ ├── vpn-create1.png │ ├── vpn-create2.png │ ├── vpn-create3.png │ ├── vpn-create4.png │ ├── vpn-create5.png │ ├── vpn-create6.png │ ├── vpn-download.png │ └── vpn-ui.png ├── vscode-utils └── code-install-extensions.sh └── watsonx ├── README.md ├── watsonx-cos.png ├── watsonx-private-enndpoint.png └── watsonx-regions.png /.gitignore: -------------------------------------------------------------------------------- 1 | # te 2 | **/*.env 3 | **/secrets/* 4 | 5 | # VPN Certificates 6 | *.ovpn 7 | 8 | **/*.txt 9 | **/*.crt 10 | **/*.key 11 | 12 | apikey 13 | settings.json 14 | **/*.DS_Store 15 | **/*.txt 16 | **/*.csv 17 | **/*.log 18 | 19 | satellite/satellite.env 20 | 21 | # Infracost 22 | **/.infracost/* 23 | 24 | # Local .terraform directories 25 | **/.terraform/* 26 | # Generated terraform scripts from Terraformer 27 | **/generated 28 | # .tfstate files 29 | *.tfstate 30 | *.tfstate.* 31 | *.terraform.lock.hcl 32 | # Exclude all .tfvars files, which are likely to contain sentitive data, such as 33 | # password, private keys, and other secrets. These should not be part of version 34 | # control as they are data points which are potentially sensitive and subject 35 | # to change depending on the environment. 36 | # 37 | # *.tfvars 38 | 39 | *.pem 40 | *.pub -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | 2 | Library of assets/scripts to help on IBM Cloud -------------------------------------------------------------------------------- /acronyms.md: -------------------------------------------------------------------------------- 1 | # Acronyms 2 | 3 | - ALB Application Load Balancer 4 | - CAAS Container as a Service 5 | - CAM Cloud Automation Manager 6 | - CF Cloud Foundry 7 | - IAM Identity Access Manager 8 | - IKS IBM Cloud Kubernetes Servie 9 | - K8S Kubernetes 10 | - POD Point of Delivery 11 | - POP Point of Presence 12 | - SRE Site Reliability Engineer 13 | - VA Vulnerability Advisor 14 | - VPC Virtual Private Cloud 15 | - WAF Web Application Firewall -------------------------------------------------------------------------------- /architecture/ibmcloud-iks-secrets-manager.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lionelmace/ibmcloud-utils/a34e03a070df4bcd2a8b5fd8a6954ec9b25af83d/architecture/ibmcloud-iks-secrets-manager.png -------------------------------------------------------------------------------- /architecture/ibmcloud-observability.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lionelmace/ibmcloud-utils/a34e03a070df4bcd2a8b5fd8a6954ec9b25af83d/architecture/ibmcloud-observability.png -------------------------------------------------------------------------------- /architecture/ibmcloud-vpc-iks-architecture.mov: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lionelmace/ibmcloud-utils/a34e03a070df4bcd2a8b5fd8a6954ec9b25af83d/architecture/ibmcloud-vpc-iks-architecture.mov -------------------------------------------------------------------------------- /architecture/ibmcloud-vpc-iks-architecture.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lionelmace/ibmcloud-utils/a34e03a070df4bcd2a8b5fd8a6954ec9b25af83d/architecture/ibmcloud-vpc-iks-architecture.png -------------------------------------------------------------------------------- /bmx-docker.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | echo "Please choose an option:" 3 | select target in "Option 1: cf ic" "Option 1: cf ic" "Exit"; do 4 | case $target in 5 | "Option 1: cf ic" ) 6 | export DOCKER_HOST= 7 | export DOCKER_CERT_PATH= 8 | export DOCKER_TLS_VERIFY= 9 | break;; 10 | "Option 1: cf ic" ) 11 | export DOCKER_HOST=tcp://containers-api.eu-gb.bluemix.net:8443 12 | export DOCKER_CERT_PATH=/Users/mace/.ice/certs/containers-api.eu-gb.bluemix.net/5c704be5-e47f-4842-9fb1-f3f412ca54a3 13 | export DOCKER_TLS_VERIFY=1 14 | exit;; 15 | esac 16 | done -------------------------------------------------------------------------------- /bmx.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | echo "Please choose a target:" 3 | select target in "Prod EU" "Prod US" "Prod AU" "Stage1 EU" "Stage1 US" "CIO DYS0 Dedicated" "CIO W3IBM Dedicated" "Exit"; do 4 | case $target in 5 | "Prod US" ) 6 | export BMX_TARGET=ng 7 | break;; 8 | "Prod EU" ) 9 | export BMX_TARGET=eu-gb 10 | break;; 11 | "Prod AU" ) 12 | export BMX_TARGET=au-syd 13 | break;; 14 | "Stage1 US" ) 15 | export BMX_TARGET=stage1.ng 16 | break;; 17 | "Stage1 EU" ) 18 | export BMX_TARGET=stage1.eu-gb 19 | break;; 20 | "CIO DYS0 Dedicated" ) 21 | export BMX_TARGET=dys0 22 | break;; 23 | "CIO W3IBM Dedicated" ) 24 | export BMX_TARGET=w3ibm 25 | break;; 26 | "Exit" ) 27 | exit;; 28 | esac 29 | done 30 | 31 | export CF_API=https://api.$BMX_TARGET.bluemix.net 32 | export CF_HOME="$HOME/.cf-bmx/$BMX_TARGET" 33 | 34 | # if cf_home does not exist do a login 35 | if [ ! -d $CF_HOME ]; then 36 | mkdir -p "$CF_HOME" 37 | cf login -a $CF_API 38 | else 39 | cf target 40 | fi 41 | 42 | rm -f $HOME/.cf 43 | ln -s $CF_HOME/.cf $HOME/.cf 44 | # ls -la $HOME/.cf 45 | -------------------------------------------------------------------------------- /cleanup/clean-iam-cluster-apikey.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Remove the API Key created when provisioning clusters 4 | # but don't get removed when deleting clusters!! 5 | 6 | source ../local.env 7 | 8 | count=0 9 | 10 | for i in `ibmcloud iam api-keys | grep containers-kubernetes-key | awk '{ print $1}' ` 11 | do 12 | # Delete API Key 13 | ibmcloud iam api-key-delete $i -f 14 | count=count+1 15 | 16 | done 17 | 18 | echo $count 'api keys deleted' 19 | -------------------------------------------------------------------------------- /cleanup/clean-logs-trustedprofile.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Remove the Trusted Profiles for Logs Agent and Workload Protection 4 | 5 | source ../local.env 6 | 7 | count=0 8 | 9 | for i in `ibmcloud iam tps | grep logs-agent | awk '{ print $1}' ` 10 | do 11 | # Delete Trusted Profile 12 | ibmcloud iam tp-delete $i -f 13 | count=count+1 14 | 15 | done 16 | 17 | echo $countwp 'logs trusted profiles deleted' 18 | 19 | for wp in `ibmcloud iam tps | grep workload-protection | awk '{ print $1}' ` 20 | do 21 | # Delete Trusted Profile for Workload Protection 22 | ibmcloud iam tp-delete $wp -f 23 | countwp=countwp+1 24 | 25 | done 26 | 27 | echo $countwp 'workload protection trusted profiles deleted' 28 | -------------------------------------------------------------------------------- /cleanup/clean-reclamations.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Remove the service reclamations 4 | 5 | count=0 6 | 7 | for i in `ibmcloud resource reclamations | awk 'NR>4 {print $1}' ` 8 | do 9 | # Delete reclamation Key 10 | ibmcloud resource reclamation-delete $i -f 11 | count=count+1 12 | 13 | done 14 | 15 | echo $count 'reclamations deleted' 16 | -------------------------------------------------------------------------------- /cleanup/clean-resources.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Delete all the remaining instances in a Resource Group 4 | 5 | count=0 6 | 7 | for i in `ibmcloud resource service-instances --type all | awk 'NR>3 {print $1}' ` 8 | do 9 | # Delete the instance 10 | ibmcloud resource service-instance-delete $i -f 11 | count=count+1 12 | 13 | done 14 | 15 | echo $count 'instances deleted' 16 | -------------------------------------------------------------------------------- /cloud-logs/README.md: -------------------------------------------------------------------------------- 1 | # Test Cloud Logs 2 | 3 | ## Pre-Requisites 4 | 5 | * Install yq `brew install yq` 6 | * Install oc CLI 7 | 8 | ## How to install 9 | 10 | 1. Download the Cloud Logs Routing agent configuration file 11 | 12 | ```sh 13 | curl -sSL https://ibm.biz/iclr-agent-yaml -o logger-agent.yaml 14 | ``` 15 | 16 | 1. Set the API Key 17 | 18 | ```sh 19 | export IAMAPIKey="" 20 | ``` 21 | 22 | 1. Install agent 23 | 24 | ```sh 25 | curl -sSL https://ibm.biz/logs-router-setup | bash -s -- \ 26 | -v 1.3.2 \ 27 | -m IAMAPIKey \ 28 | -k $IAMAPIKey \ 29 | -t OpenShift \ 30 | -r eu-de \ 31 | --send-directly-to-icl \ 32 | -h 3f019d15-c402-4328-886d-7147e5c4ff50.ingress.eu-de.logs.cloud.ibm.com \ 33 | -p 443 \ 34 | -d ~/mygit/ibmcloud-utils/cloud-logs/ 35 | ``` 36 | 37 | ## Resources 38 | 39 | * [Send IBM Cloud Kubernetes Service log data to IBM Cloud Logs](https://cloud.ibm.com/docs/cloud-logs?topic=cloud-logs-kube2logs) 40 | * [Managing the Logging agent for IBM Cloud Kubernetes Service clusters](https://cloud.ibm.com/docs/cloud-logs?topic=cloud-logs-agent-std-cluster) -------------------------------------------------------------------------------- /cloudfoundry/cf-bluegreen.md: -------------------------------------------------------------------------------- 1 | ## Blue-Green deployment 2 | 3 | ```bash 4 | # Blue-Green Deployment 5 | # --------------------- 6 | MANIFEST=manifest.yml 7 | 8 | echo "Using manifest file: $MANIFEST" 9 | 10 | if ! cf app $CF_APP; then 11 | cf push $CF_APP -n $CF_APP -f $MANIFEST 12 | else 13 | OLD_CF_APP=${CF_APP}-OLD-$(date +"%s") 14 | rollback() { 15 | set +e 16 | if cf app $OLD_CF_APP; then 17 | cf logs $CF_APP --recent 18 | cf delete $CF_APP -f 19 | cf rename $OLD_CF_APP $CF_APP 20 | fi 21 | exit 1 22 | } 23 | set -e 24 | trap rollback ERR 25 | cf rename $CF_APP $OLD_CF_APP 26 | cf push $CF_APP -n $CF_APP -f $MANIFEST 27 | cf delete $OLD_CF_APP -f 28 | fi 29 | ``` 30 | -------------------------------------------------------------------------------- /cloudfoundry/cf-custom-route.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lionelmace/ibmcloud-utils/a34e03a070df4bcd2a8b5fd8a6954ec9b25af83d/cloudfoundry/cf-custom-route.png -------------------------------------------------------------------------------- /cloudfoundry/cf-diego-migration.md: -------------------------------------------------------------------------------- 1 | 3 steps to migrate from Cloud Foundry DEA to DIEGO 2 | 3 | ## Migration Steps 4 | 5 | 1. Install the plugin from the CF Community repository 6 | 7 | ``` 8 | $ cf add-plugin-repo CF-Community https://plugins.cloudfoundry.org/ 9 | $ cf install-plugin Diego-Enabler -r CF-Community 10 | ``` 11 | 12 | 1. Migrate an app to Diego 13 | 14 | ``` 15 | $ cf enable-diego 16 | ``` 17 | or 18 | ```sh 19 | $ cf push app —no-start 20 | $ cf enable-diego 21 | $ cf start 22 | ``` 23 | 24 | 1. SSH into an application container instance 25 | 26 | ``` 27 | cf ssh 28 | ``` 29 | 30 | 31 | ## Resources 32 | 33 | - [A CF CLI plugin to help you migrate apps from the DEA to Diego runtime](https://github.com/cloudfoundry-incubator/Diego-Enabler) 34 | - [Migrating to Diego](https://github.com/cloudfoundry/diego-design-notes/blob/master/migrating-to-diego.md) 35 | - [Diego Migration](https://github.ibm.com/Bluemix-Ops/diego-migration/wiki) 36 | -------------------------------------------------------------------------------- /cloudfoundry/cf-volume.md: -------------------------------------------------------------------------------- 1 | ## container Service Volume 2 | 3 | 4 | 1. Get detailed about container volument 5 | 6 | ``` 7 | cf ic volume fs-inspect fc023c57-02ee-4ea8-bd06-ab473d7e42a6 8 | ``` 9 | 10 | Below are the results: 11 | 12 | ``` 13 | { 14 | "fs": { 15 | "capacity": 20, 16 | "created_date": "2017-01-20 17:57:34", 17 | "fsName": "fc023c57-02ee-4ea8-bd06-ab473d7e42a6", 18 | "hostPath": "/vol/fc023c57-02ee-4ea8-bd06-ab473d7e42a6", 19 | "iops": 4, 20 | "iopsTotal": 80, 21 | "orderId": 18882471, 22 | "provider": "ENDURANCE", 23 | "spaceGuid": "fc023c57-02ee-4ea8-bd06-ab473d7e42a6", 24 | "state": "READY", 25 | "updated_date": "2017-01-20 18:01:36" 26 | }, 27 | "fsUsage": { 28 | "Error": "Filesystem /vol/fc023c57-02ee-4ea8-bd06-ab473d7e42a6 not found" 29 | }, 30 | "volnames": [ 31 | "jenkins" 32 | ] 33 | } 34 | ``` 35 | -------------------------------------------------------------------------------- /cloudfoundry/cis-custom-domain.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lionelmace/ibmcloud-utils/a34e03a070df4bcd2a8b5fd8a6954ec9b25af83d/cloudfoundry/cis-custom-domain.png -------------------------------------------------------------------------------- /docker2bmx.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | echo "Push a ODM docker images to Bluemix..." 3 | 4 | # Variables 5 | ODM-VERSION=8.8.1.1 6 | NAMESPACE=mace 7 | REGISTRY=registry.eu-gb.bluemix.net 8 | 9 | echo "Tagging the images before pushing them to Bluemix..." 10 | docker tag odm-decisionserverruntime:$ODM_VERSION $REGISTRY/$NAMESPACE/odm-decisionserverruntime:$ODM_VERSION 11 | docker tag odm-decisioncenter:$ODM_VERSION $REGISTRY/$NAMESPACE/odm-decisioncenter:$ODM_VERSION 12 | docker tag odm-decisionrunner:$ODM_VERSION $REGISTRY/$NAMESPACE/odm-decisionrunner:$ODM_VERSION 13 | docker tag odm-decisionserverconsole:$ODM_VERSION $REGISTRY/$NAMESPACE/odm-decisionserverconsole:$ODM_VERSION 14 | docker tag odm-dbserver:$ODM_VERSION $REGISTRY/$NAMESPACE/odm-dbserver:$ODM_VERSION 15 | docker tag dockercloud/haproxy:latest $REGISTRY/$NAMESPACE/dockercloud/haproxy:latest 16 | 17 | echo "Pushing the images to Bluemix..." 18 | docker push $REGISTRY/$NAMESPACE/odm-decisionserverruntime:$ODM_VERSION 19 | docker push $REGISTRY/$NAMESPACE/odm-decisioncenter:$ODM_VERSION 20 | docker push $REGISTRY/$NAMESPACE/odm-decisionrunner:$ODM_VERSION 21 | docker push $REGISTRY/$NAMESPACE/odm-decisionserverconsole:$ODM_VERSION 22 | docker push $REGISTRY/$NAMESPACE/odm-dbserver:$ODM_VERSION 23 | docker push $REGISTRY/$NAMESPACE/dockercloud/haproxy:latest 24 | 25 | echo "Your registry" 26 | docker images 27 | 28 | done -------------------------------------------------------------------------------- /iam/2-iam-add-user-to-ag-and-org.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | ## Script to invite: 4 | ## 1. Create a Cloud Foundry Sapce with the lastname in the email address 5 | 6 | ## CF Org 7 | ORG="cloud-workshop" 8 | 9 | ibmcloud target -o $ORG 10 | 11 | for email in first.lastname@company.com 12 | do 13 | echo $email 14 | 15 | ## Extract last name from email 16 | lastname=$(echo $email | awk -F'@' '{print $1}' | sed 's?.*\.??g' | sed 's?.*\_??g' ) 17 | 18 | ## Create a Cloud Foundry space with the last name 19 | echo $lastname 20 | ibmcloud account space-create $lastname 21 | 22 | ## Invite user and assign role developer to this space 23 | ibmcloud account user-invite $email -o $ORG -s $lastname --space-role SpaceDeveloper 24 | 25 | # Add user into this access groug 26 | ibmcloud iam access-group-user-add group-workshop $email 27 | 28 | # Create Policy 29 | # bx iam user-policy-create $email --roles Administrator --service-name containers-kubernetes 30 | # bx iam user-policy-create $email --roles Administrator --service-name monitoring 31 | # bx iam user-policy-create $email --roles Administrator --service-name ibmcloud-log-analysis 32 | 33 | done -------------------------------------------------------------------------------- /iam/3-iam-access-group-admin.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | ## Script to create access groups for Administrator 4 | ## 1. All account management services 5 | ## 2. All resources in account (including future IAM enabled services) 6 | ## 3. All User Management resources 7 | ## ------------------------------------------------------------------- 8 | 9 | ## Resource Group 10 | RG="client" 11 | 12 | ## Define Access Group name and description 13 | AG_NAME="group-admin-test" 14 | AG_DESCRIPTION="GroupAdministrator" 15 | 16 | ## Create Access Group 17 | ibmcloud iam access-group-create $AG_NAME -d $AG_DESCRIPTION 18 | 19 | ## Assing Access Group Policies 20 | echo "Assigning policies to Access Group $AG_NAME" 21 | 22 | # Add Policy: All account management services 23 | ibmcloud iam access-group-policy-create $AG_NAME --roles Administrator --account-management 24 | 25 | # Add Policy: All resources in account (including future IAM enabled services) 26 | # ibmcloud iam access-group-policy-create $AG_NAME --roles Administrator,Manager --service-type service 27 | 28 | # Add Policy: All User Management resources 29 | # ibmcloud iam access-group-policy-create $AG_NAME --roles Administrator --service-name user-management 30 | 31 | ## Give Access with a Resource Group 32 | # ibmcloud iam access-group-policy-create $AG_NAME --roles Viewer --resource-group-name $RG 33 | # ibmcloud iam access-group-policy-create $AG_NAME --roles Administrator --resource-type resource-group --resource $RG 34 | 35 | ## Add User to the Access Group 36 | # ibmcloud iam access-group-user-add $AG_NAME first.lastname@company.com 37 | # ibmcloud iam access-group-user-add $AG_NAME first.lastname@company.com first2.last2@company.com 38 | -------------------------------------------------------------------------------- /iam/account-user-list.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | source ../local.env 4 | 5 | count=0 6 | file=account_users.txt 7 | # Empty file content 8 | cat /dev/null > $file 9 | 10 | for i in `ibmcloud account users | awk '{ print $1}' ` 11 | do 12 | # Extract all Account Users 13 | ALL=$ALL$i, 14 | ((count=count+1)) 15 | 16 | # Extract all IBM Cloud Users 17 | # if [[ $i == *"ibm"* ]]; then 18 | # ALL=$ALL$i, 19 | # ((count=count+1)) 20 | # fi 21 | 22 | # Extract only Red Hat users 23 | # if [[ $i == *"redhat"* ]]; then 24 | # # ALL=$ALL$i, 25 | # ibmcloud account user-remove $i -f 26 | # ((count=count+1)) 27 | # fi 28 | 29 | done 30 | 31 | echo $count 'users extracted to ' $file 32 | echo $ALL >> $file 33 | cat $file 34 | 35 | # cat remove_users.sh 36 | # echo "#" 37 | # echo "# You can run bash remove_users.sh if you trust the user list above." 38 | # echo "#" 39 | -------------------------------------------------------------------------------- /iam/account-user-parent-list.csv: -------------------------------------------------------------------------------- 1 | User email,Parent email 2 | lionel.xxxx@fr.ibm.com,Owner 3 | -------------------------------------------------------------------------------- /iam/account_users.txt: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /iam/invite-users-to-access-group.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # export EMAIL="first1.name1@fr.ibm.com first2.name2@fr.ibm.com first3.name3@fr.ibm.com" 4 | 5 | ACCESS_GROUP_NAME="workshop" 6 | 7 | for email in $EMAIL 8 | 9 | do 10 | # Invite user to the Account 11 | printf "\n## Inviting user \"$email\" to the account id \"$ACCOUNT_ID\".\n" 12 | ibmcloud account user-invite $email 13 | 14 | # Invite user to the IAM Access Group 15 | printf "\n## Inviting user \"$email\" to the Acces Group \"$ACCESS_GROUP_NAME\".\n" 16 | ibmcloud iam access-group-user-add $ACCESS_GROUP_NAME $email 17 | 18 | done 19 | -------------------------------------------------------------------------------- /iam/remove-user-and-space.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # Shell script to remove a list of users and their associated Cloud Foundry space 4 | 5 | # for email in firstname.lastname@fr.ibm.com xx.xxx@gmail.com xx.xxx@gmail.com 6 | 7 | do 8 | ## Extract last name from email 9 | lastname=$(echo $email | awk -F'@' '{print $1}' | sed 's?.*\.??g' | sed 's?.*\_??g' ) 10 | echo $lastname 11 | 12 | ## Delete Cloud Foundry space with the last name 13 | ibmcloud account space-delete $lastname -f 14 | 15 | ## Remove User 16 | ibmcloud account user-remove $email -f 17 | done -------------------------------------------------------------------------------- /iks/allow-ingress-cloudflare-ips.yml: -------------------------------------------------------------------------------- 1 | apiVersion: projectcalico.org/v3 2 | kind: GlobalNetworkPolicy 3 | metadata: 4 | name: allow-ingress-cloudflare-ips 5 | spec: 6 | applyOnForward: true 7 | preDNAT: true 8 | ingress: 9 | - action: Allow 10 | destination: 11 | nets: 12 | # IPs of (ALB) Automatic Load Balancer (a.k.a Ingress) 13 | # CLI: dig .eu-de.containers.appdomain.cloud 14 | - 158.177.180.90/32 15 | - 161.156.120.78/32 16 | ports: 17 | - 80 18 | - 443 19 | protocol: TCP 20 | source: 21 | nets: 22 | # Source: https://www.cloudflare.com/ips/ 23 | - 173.245.48.0/20 24 | - 103.21.244.0/22 25 | - 103.22.200.0/22 26 | - 103.31.4.0/22 27 | - 141.101.64.0/18 28 | - 108.162.192.0/18 29 | - 190.93.240.0/20 30 | - 188.114.96.0/20 31 | - 197.234.240.0/22 32 | - 198.41.128.0/17 33 | - 162.158.0.0/15 34 | - 104.16.0.0/12 35 | - 172.64.0.0/13 36 | - 131.0.72.0/22 37 | selector: ibm.role == 'worker_public' 38 | order: 3000 39 | types: 40 | - Ingress 41 | -------------------------------------------------------------------------------- /iks/allow-traffic-from-my-ip.yml: -------------------------------------------------------------------------------- 1 | apiVersion: projectcalico.org/v3 2 | kind: GlobalNetworkPolicy 3 | metadata: 4 | name: allow-traffic-from-my-ip 5 | # allow traffic from your system's IP to the ALB IP address and port 6 | spec: 7 | applyOnForward: true 8 | preDNAT: true 9 | ingress: 10 | - action: Allow 11 | destination: 12 | nets: 13 | # IPs of (ALB) Automatic Load Balancer (a.k.a Ingress) 14 | # CLI: kubectl get ingress 15 | - 169.50.19.214/32 16 | - 161.156.130.142/32 17 | - 149.81.67.38/32 18 | ports: 19 | - 80 20 | - 443 21 | protocol: TCP 22 | source: 23 | nets: 24 | - 78.207.202.120/32 25 | selector: ibm.role == 'worker_public' 26 | order: 2000 27 | types: 28 | - Ingress -------------------------------------------------------------------------------- /iks/classic-nlb/deploy-nginx.yml: -------------------------------------------------------------------------------- 1 | # Source: https://cloud.ibm.com/docs/containers?topic=containers-loadbalancer-v2 2 | --- 3 | apiVersion: apps/v1 4 | kind: Deployment 5 | metadata: 6 | name: nginx-deployment 7 | spec: 8 | selector: 9 | matchLabels: 10 | app: nginx 11 | replicas: 1 12 | template: 13 | metadata: 14 | labels: 15 | app: nginx 16 | spec: 17 | containers: 18 | - name: nginx 19 | image: nginx:latest 20 | ports: 21 | - containerPort: 80 22 | --- 23 | apiVersion: v1 24 | kind: Service 25 | metadata: 26 | name: nginx-mylb 27 | annotations: 28 | service.kubernetes.io/ibm-load-balancer-cloud-provider-ip-type: public 29 | # service.kubernetes.io/ibm-load-balancer-cloud-provider-ip-type: private 30 | service.kubernetes.io/ibm-load-balancer-cloud-provider-zone: "ams03" 31 | # Public VLAN ID (visible in the URL) 32 | service.kubernetes.io/ibm-load-balancer-cloud-provider-vlan: "3427877" 33 | # Private VLAN ID (visible in the URL) 34 | # service.kubernetes.io/ibm-load-balancer-cloud-provider-vlan: "2004119" 35 | # Annotation to specify a version 2.0 load balancer. 36 | # service.kubernetes.io/ibm-load-balancer-cloud-provider-enable-features: "ipvs" 37 | spec: 38 | type: LoadBalancer 39 | selector: 40 | app: nginx 41 | ports: 42 | - protocol: TCP 43 | port: 8080 44 | targetPort: 8080 45 | # loadBalancerIP: 46 | -------------------------------------------------------------------------------- /iks/cloud-logs/README.md: -------------------------------------------------------------------------------- 1 | # Install Cloud Logs Agent on the cluster 2 | 3 | ## Steps 4 | 5 | 1. Connect to the cluster 6 | 7 | 1. Connect to the RG 8 | 9 | 1. Install agent 10 | 11 | ```sh 12 | ./install-cloud-logs-agent.sh 13 | ``` 14 | 15 | ## Docs 16 | 17 | * (Managing the Logging agent for IKS clusters)[https://cloud.ibm.com/docs/cloud-logs?topic=cloud-logs-agent-std-cluster] 18 | -------------------------------------------------------------------------------- /iks/cloud-logs/install-cloud-logs-agent.sh: -------------------------------------------------------------------------------- 1 | export ICL_AGENT_VERSION=1.2.4 2 | export CLUSTER_TYPE=Kubernetes 3 | export REGION=eu-de 4 | 5 | curl -sSL https://ibm.biz/logs-router-setup | bash -s -- \ 6 | -v $ICL_AGENT_VERSION \ 7 | -m IAMAPIKey \ 8 | -k $APIKEY \ 9 | -t $CLUSTER_TYPE \ 10 | -r $REGION \ 11 | --send-directly-to-icl \ 12 | -h 8f7dab9d-6a0e-4bc0-9e36-7cbe49f61fe0.ingress.eu-de.logs.cloud.ibm.com \ 13 | -p 443 -------------------------------------------------------------------------------- /iks/create-cluster.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | ## Create N clusters 4 | 5 | for i in {1..16} 6 | 7 | do 8 | ibmcloud ks cluster-create \ 9 | --name lab-cluster-${i} \ 10 | --kube-version 1.13.6 \ 11 | --zone fra02 \ 12 | --workers 2 \ 13 | --machine-type u2c.2x4 \ 14 | --hardware shared \ 15 | --public-vlan 2438031 \ 16 | --private-vlan 2438033 17 | 18 | # for i in {31..50} 19 | # ibmcloud ks cluster-create \ 20 | # --name lab-cluster-${i} \ 21 | # --kube-version 1.10.12 \ 22 | # --zone fra04 \ 23 | # --workers 2 \ 24 | # --machine-type u2c.2x4 \ 25 | # --hardware shared \ 26 | # --public-vlan 2361303 \ 27 | # --private-vlan 2361307 28 | done -------------------------------------------------------------------------------- /iks/deny-alb-cfee3.yml: -------------------------------------------------------------------------------- 1 | apiVersion: projectcalico.org/v3 2 | kind: GlobalNetworkPolicy 3 | metadata: 4 | # Deny all incoming TCP traffic from any source IP to the ALB IP address and port 5 | name: deny-alb-traffic 6 | spec: 7 | applyOnForward: true 8 | preDNAT: true 9 | ingress: 10 | - action: Deny 11 | destination: 12 | nets: 13 | # IPs of (ALB) Automatic Load Balancer (a.k.a Ingress) 14 | # CLI: dig .eu-de.containers.appdomain.cloud 15 | - 158.177.180.90/32 16 | - 161.156.120.78/32 17 | ports: 18 | - 80 19 | - 443 20 | protocol: TCP 21 | source: {} 22 | selector: ibm.role == 'worker_public' 23 | order: 4000 24 | types: 25 | - Ingress -------------------------------------------------------------------------------- /iks/deny-alb-traffic.yml: -------------------------------------------------------------------------------- 1 | apiVersion: projectcalico.org/v3 2 | kind: GlobalNetworkPolicy 3 | metadata: 4 | # Deny all incoming TCP traffic from any source IP to the ALB IP address and port 5 | name: deny-alb-traffic 6 | spec: 7 | applyOnForward: true 8 | preDNAT: true 9 | ingress: 10 | - action: Deny 11 | destination: 12 | nets: 13 | # IPs of (ALB) Automatic Load Balancer (a.k.a Ingress) 14 | # CLI: kubectl get ingress 15 | - 158.177.180.90/32 16 | - 161.156.120.78/32 17 | ports: 18 | - 80 19 | - 443 20 | protocol: TCP 21 | source: {} 22 | selector: ibm.role == 'worker_public' 23 | order: 4000 24 | types: 25 | - Ingress -------------------------------------------------------------------------------- /iks/deny-all-ingress.yml: -------------------------------------------------------------------------------- 1 | apiVersion: projectcalico.org/v3 2 | kind: GlobalNetworkPolicy 3 | metadata: 4 | name: deny-all-ingress 5 | spec: 6 | applyOnForward: true 7 | ingress: 8 | - action: Deny 9 | destination: {} 10 | source: {} 11 | order: 3000 12 | selector: ibm.role == 'worker_public' 13 | types: 14 | - Ingress -------------------------------------------------------------------------------- /iks/deny-nodeports.yml: -------------------------------------------------------------------------------- 1 | apiVersion: projectcalico.org/v3 2 | kind: GlobalNetworkPolicy 3 | metadata: 4 | name: deny-nodeports 5 | spec: 6 | applyOnForward: true 7 | preDNAT: true 8 | ingress: 9 | - action: Deny 10 | destination: 11 | ports: 12 | - 30000:32767 13 | protocol: TCP 14 | source: {} 15 | - action: Deny 16 | destination: 17 | ports: 18 | - 30000:32767 19 | protocol: UDP 20 | source: {} 21 | selector: ibm.role == 'worker_public' 22 | order: 1100 23 | types: 24 | - Ingress -------------------------------------------------------------------------------- /iks/nginx/deploy-nginx.yml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: apps/v1 3 | kind: Deployment 4 | metadata: 5 | name: nginx-deployment 6 | spec: 7 | selector: 8 | matchLabels: 9 | app: nginx 10 | replicas: 3 11 | template: 12 | metadata: 13 | labels: 14 | app: nginx 15 | spec: 16 | containers: 17 | - name: nginx 18 | image: nginx:latest 19 | ports: 20 | - containerPort: 80 21 | 22 | --- 23 | # Service to expose frontend 24 | apiVersion: v1 25 | kind: Service 26 | metadata: 27 | name: nginx-service 28 | labels: 29 | app: nginx 30 | spec: 31 | ports: 32 | - protocol: TCP 33 | port: 80 34 | selector: 35 | app: nginx 36 | 37 | --- 38 | apiVersion: networking.k8s.io/v1 39 | kind: Ingress 40 | metadata: 41 | name: nginx-ingress 42 | namespace: default 43 | annotations: 44 | ingress.bluemix.net/redirect-to-https: "True" 45 | spec: 46 | ingressClassName: public-iks-k8s-nginx 47 | # ingressClassName: private-iks-k8s-nginx 48 | tls: 49 | - hosts: 50 | - nginx.icn-chs9gu-iks-7d23ce9b99cc281f754f713c0a27f19a-0000.eu-de.containers.appdomain.cloud 51 | secretName: icn-chs9gu-iks-7d23ce9b99cc281f754f713c0a27f19a-0000 52 | rules: 53 | - host: nginx.icn-chs9gu-iks-7d23ce9b99cc281f754f713c0a27f19a-0000.eu-de.containers.appdomain.cloud 54 | http: 55 | paths: 56 | - path: / 57 | pathType: Prefix 58 | backend: 59 | service: 60 | name: nginx-service 61 | port: 62 | number: 80 -------------------------------------------------------------------------------- /iks/pod-security-policies/nginx-priv.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: nginx-priv 5 | spec: 6 | containers: 7 | - name: nginx-priv 8 | image: nginx:latest 9 | ports: 10 | - containerPort: 80 11 | securityContext: 12 | privileged: true -------------------------------------------------------------------------------- /iks/pod-security-policies/pod-security-policies.md: -------------------------------------------------------------------------------- 1 | Source: https://samos-it.com/posts/Preventing-Privileged-pods-using-Pod-Security-Admission-Standards.html 2 | 3 | ```sh 4 | kubectl label --dry-run=server --overwrite ns default \ 5 | pod-security.kubernetes.io/enforce=baseline 6 | ``` 7 | 8 | Assuming you had no warnings. Let's start by enforcing the baseline standard on the default namespace: 9 | 10 | ```sh 11 | kubectl label --overwrite ns default \ 12 | pod-security.kubernetes.io/enforce=baseline 13 | ``` 14 | 15 | ```sh 16 | kubectl apply -f nginx-priv.yaml 17 | ``` 18 | -------------------------------------------------------------------------------- /iks/proxy-protocol/echo-iks-ingress.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: echo 5 | 6 | --- 7 | 8 | apiVersion: apps/v1 9 | kind: Deployment 10 | metadata: 11 | name: echo-deployment 12 | namespace: echo 13 | labels: 14 | app: echo 15 | spec: 16 | replicas: 1 17 | selector: 18 | matchLabels: 19 | app: echo 20 | template: 21 | metadata: 22 | labels: 23 | app: echo 24 | spec: 25 | containers: 26 | - name: echo 27 | image: lionelmace/http-https-echo 28 | imagePullPolicy: Always 29 | ports: 30 | - containerPort: 8080 31 | - containerPort: 8443 32 | 33 | --- 34 | 35 | apiVersion: v1 36 | kind: Service 37 | metadata: 38 | name: echo-service 39 | namespace: echo 40 | annotations: 41 | service.kubernetes.io/ibm-load-balancer-cloud-provider-enable-features: "proxy-protocol" 42 | spec: 43 | type: LoadBalancer 44 | selector: 45 | app: echo 46 | ports: 47 | - name: http 48 | protocol: TCP 49 | port: 80 50 | targetPort: 8080 51 | - name: https 52 | protocol: TCP 53 | port: 443 54 | targetPort: 8443 -------------------------------------------------------------------------------- /index.html: -------------------------------------------------------------------------------- 1 |

My Welcome Cheatsheet

2 | -------------------------------------------------------------------------------- /infrastructure/is-remove-vols.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Remove the Block Storage volumes after ODF de-installation 4 | 5 | count=0 6 | 7 | for v in `ibmcloud is vols | grep odf | awk 'NR>1 {print $1}' ` 8 | do 9 | # Delete VPC Block Storage Volume 10 | ibmcloud is vold $v -f 11 | ((count=count+1)) 12 | 13 | done 14 | 15 | echo $count 'volumes deleted' 16 | -------------------------------------------------------------------------------- /infrastructure/storage-block-file-cleanup.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # 3 | # Loop to delete file and block storage 4 | 5 | for i in `ibmcloud sl file volume-list | awk '{ print $1 }' ` 6 | do 7 | ibmcloud sl file volume-cancel $i -f 8 | done 9 | 10 | for i in `ibmcloud sl block volume-list | awk '{ print $1 }' ` 11 | do 12 | ibmcloud sl block volume-cancel $i -f 13 | done -------------------------------------------------------------------------------- /local.env.example: -------------------------------------------------------------------------------- 1 | ########################################################## 2 | # Variables that should change per event 3 | ########################################################## 4 | 5 | # Person(s) to invite 6 | export EMAIL="firstname@fr.ibm.com lastname@gmail.com" 7 | 8 | # Region 9 | export IBMCLOUD_REGION=eu-de 10 | 11 | # Resource Group 12 | export RESOURCE_GROUP_NAME= 13 | 14 | # Cluster Name, find it with "ibmcloud ks clusters" 15 | export CLUSTER_NAME= 16 | 17 | # Account ID, find it with "ibmcloud account show" 18 | export ACCOUNT_ID= 19 | 20 | # Your IBM Cloud API key, create one with "ibmcloud iam api-key-create NAME" 21 | export APIKEY= -------------------------------------------------------------------------------- /newfile.md: -------------------------------------------------------------------------------- 1 | # test -------------------------------------------------------------------------------- /odm/README.md: -------------------------------------------------------------------------------- 1 | oc create secret generic odm-db-credentials --from-env-file=odm-db-credentials.env 2 | 3 | helm install odm23-on-roks ibm-helm/ibm-odm-prod --version 23.2.11 -f roks-values-externaldb.yaml -------------------------------------------------------------------------------- /odm/odm-db-credentials.env: -------------------------------------------------------------------------------- 1 | # Databases for PostgresDB (Private) Credentials 2 | db-user= 3 | db-password= -------------------------------------------------------------------------------- /odm/roks-values-externaldb.yaml: -------------------------------------------------------------------------------- 1 | customization: 2 | runAsUser: '' 3 | securitySecretRef: default-ingress-cert # Sticky session 4 | decisionCenter: 5 | enabled: true 6 | # replicaCount: 1 # default value 7 | replicaCount: 2 8 | image: 9 | pullSecrets: 10 | - my-odm-docker-registry 11 | repository: cp.icr.io/cp/cp4a/odm 12 | # internalDatabase: 13 | # persistence: 14 | # enabled: true 15 | # useDynamicProvisioning: true 16 | # populateSampleData: true 17 | # runAsUser: '' 18 | externalDatabase: 19 | type: postgresql 20 | port: 32046 21 | secretCredentials: odm-db-credentials 22 | databaseName: ibmclouddb 23 | serverName: ad64635e-93e7-4285-b7ed-aac7cfda5dcc.bc28ac43cf10402584b5f01db462d330.databases.appdomain.cloud 24 | populateSampleData: true 25 | license: true 26 | service: 27 | enableRoute: true 28 | usersPassword: odmAdmin -------------------------------------------------------------------------------- /odm/roks-values-internaldb.yaml: -------------------------------------------------------------------------------- 1 | customization: 2 | runAsUser: '' 3 | image: 4 | pullSecrets: 5 | - my-odm-docker-registry 6 | repository: cp.icr.io/cp/cp4a/odm 7 | internalDatabase: 8 | persistence: 9 | enabled: true 10 | useDynamicProvisioning: true 11 | populateSampleData: true 12 | runAsUser: '' 13 | license: true 14 | service: 15 | enableRoute: true 16 | usersPassword: odmAdmin -------------------------------------------------------------------------------- /openshift/3scale/registry-secret.sh: -------------------------------------------------------------------------------- 1 | 2 | 3 | Test the connection to the 4 | docker login registry.redhat.io 5 | 6 | oc create secret docker-registry threescale-registry-auth \ 7 | --docker-server=registry.redhat.io \ 8 | --docker-username="" \ 9 | --docker-password="XXXX" \ 10 | --docker-email="" -------------------------------------------------------------------------------- /openshift/api-create-vpc-openshift.json: -------------------------------------------------------------------------------- 1 | { 2 | "cosInstanceCRN": "crn:v1:bluemix:public:cloud-object-storage:global:a/0b5a00334eaf9eb9339d2ab48f7326b4:69284256-ead9-43f7-a069-4cf707c9f6cc::", 3 | "cseACLEnabled": true, 4 | "defaultWorkerPoolEntitlement": "string", 5 | "disablePublicServiceEndpoint": false, 6 | "infrastructureTopology": "string", 7 | "kubeVersion": "4.14.8_1545_openshift", 8 | "name": "new-roks", 9 | "podSubnet": "172.17.0.0/18", 10 | "previews": [ 11 | "string" 12 | ], 13 | "provider": "vpc-gen2", 14 | "requestSecure": false, 15 | "securityGroupIDs": [ 16 | "string" 17 | ], 18 | "serviceSubnet": "string", 19 | "workerPool": { 20 | "diskEncryption": true, 21 | "flavor": "bx2.4x16", 22 | "hostPoolID": "string", 23 | "isolation": "string", 24 | "kmsAccountID": "string", 25 | "kmsInstanceID": "string", 26 | "labels": { 27 | "additionalProp1": "string", 28 | "additionalProp2": "string", 29 | "additionalProp3": "string" 30 | }, 31 | "name": "string", 32 | "operatingSystem": "string", 33 | "secondaryStorageOption": "string", 34 | "vpcID": "r010-68dfdcd1-a8ca-4302-83a1-a14d7408ab7c", 35 | "workerCount": 1, 36 | "workerVolumeCRKID": "string", 37 | "zones": [ 38 | { 39 | "id": "eu-de-1", 40 | "subnetID": "02b7-b2c7c714-2376-4f55-ba65-fd905eda89ec" 41 | } 42 | ] 43 | } 44 | } -------------------------------------------------------------------------------- /openshift/ingress-route/test-public-lb.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Create a namespace 3 | apiVersion: v1 4 | kind: Namespace 5 | metadata: 6 | name: ns-route 7 | labels: 8 | environment: production 9 | 10 | --- 11 | apiVersion: apps/v1 12 | kind: Deployment 13 | metadata: 14 | name: test 15 | namespace: ns-route 16 | labels: 17 | app: test 18 | spec: 19 | replicas: 1 20 | selector: 21 | matchLabels: 22 | app: test 23 | template: 24 | metadata: 25 | labels: 26 | app: test 27 | spec: 28 | containers: 29 | - name: mtls-test 30 | # image: ibmcom/hello 31 | image: openshift/hello-openshift 32 | imagePullPolicy: Always 33 | resources: 34 | requests: 35 | cpu: 250m 36 | memory: 128Mi 37 | limits: 38 | cpu: 500m 39 | memory: 384Mi 40 | ports: 41 | - name: http 42 | containerPort: 8080 43 | protocol: TCP 44 | 45 | --- 46 | apiVersion: v1 47 | kind: Service 48 | metadata: 49 | name: myloadbalancer 50 | namespace: ns-route 51 | labels: 52 | app: test 53 | annotations: 54 | service.kubernetes.io/ibm-load-balancer-cloud-provider-vpc-lb-name: "my-public-lb" 55 | service.kubernetes.io/ibm-load-balancer-cloud-provider-ip-type: "public" 56 | # service.kubernetes.io/ibm-load-balancer-cloud-provider-ip-type: "private" 57 | spec: 58 | type: LoadBalancer 59 | selector: 60 | app: test 61 | ports: 62 | - port: 80 63 | targetPort: 8080 64 | protocol: TCP 65 | name: http -------------------------------------------------------------------------------- /openshift/mirror-registry/README.md: -------------------------------------------------------------------------------- 1 | # Test 2 | 3 | ```sh 4 | cat ./pull-secret.txt | jq . > ./registry.redhat.io.pull.secret.json 5 | ``` 6 | -------------------------------------------------------------------------------- /openshift/nlb/nlb-tcp-public.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # Create a namespace 3 | apiVersion: v1 4 | kind: Namespace 5 | metadata: 6 | name: test-nlb 7 | labels: 8 | environment: production 9 | 10 | --- 11 | apiVersion: apps/v1 12 | kind: Deployment 13 | metadata: 14 | name: test-public 15 | namespace: test-nlb 16 | labels: 17 | app: test 18 | spec: 19 | replicas: 1 20 | selector: 21 | matchLabels: 22 | app: test 23 | template: 24 | metadata: 25 | labels: 26 | app: test 27 | spec: 28 | containers: 29 | - name: mtls-test 30 | image: openshift/hello-openshift 31 | imagePullPolicy: Always 32 | resources: 33 | requests: 34 | cpu: 250m 35 | memory: 128Mi 36 | limits: 37 | cpu: 500m 38 | memory: 384Mi 39 | ports: 40 | - name: http 41 | containerPort: 8080 42 | protocol: TCP 43 | 44 | --- 45 | apiVersion: v1 46 | kind: Service 47 | metadata: 48 | name: public-nlb-eu-de-1 49 | namespace: test-nlb 50 | annotations: 51 | service.kubernetes.io/ibm-load-balancer-cloud-provider-enable-features: "nlb" 52 | service.kubernetes.io/ibm-load-balancer-cloud-provider-ip-type: "public" 53 | # service.kubernetes.io/ibm-load-balancer-cloud-provider-vpc-security-group: "r010-326cfb84-24e9-4fdc-a252-d1d5b738c1e7" 54 | labels: 55 | app: test-public 56 | spec: 57 | type: LoadBalancer 58 | selector: 59 | app: test 60 | ports: 61 | - name: 8080-tcp 62 | port: 8080 63 | protocol: TCP 64 | targetPort: 8080 65 | -------------------------------------------------------------------------------- /openshift/nlb/nlb-udp.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: nlb-udp 6 | # namespace: default 7 | annotations: 8 | service.kubernetes.io/ibm-load-balancer-cloud-provider-enable-features: "nlb" 9 | service.kubernetes.io/ibm-load-balancer-cloud-provider-ip-type: "public" 10 | # Optional Annotations: 11 | # service.kubernetes.io/ibm-load-balancer-cloud-provider-vpc-node-selector: "=" 12 | service.kubernetes.io/ibm-load-balancer-cloud-provider-vpc-node-selector: "ibm-cloud.kubernetes.io/internal-ip=10.242.64.15" 13 | # service.kubernetes.io/ibm-load-balancer-cloud-provider-vpc-subnets: "0797-91785612-96be-48eb-a42b-448c79975ef7" 14 | # service.kubernetes.io/ibm-load-balancer-cloud-provider-zone: "eu-gb-2" 15 | service.kubernetes.io/ibm-load-balancer-cloud-provider-vpc-health-check-udp: "8080" 16 | labels: 17 | app: mytodo 18 | tier: frontend 19 | spec: 20 | type: LoadBalancer 21 | selector: 22 | app: mytodo 23 | tier: frontend 24 | ports: 25 | - name: 4500-udp 26 | port: 4500 27 | protocol: UDP 28 | targetPort: 4500 29 | -------------------------------------------------------------------------------- /openshift/nsxt/nsxt-containers.yaml: -------------------------------------------------------------------------------- 1 | # NSX-T, Kubernetes and Microsegmentation 2 | # https://www.virtualthoughts.co.uk/2018/08/01/nsx-t-kubernetes-and-microsegmentation/ 3 | --- 4 | apiVersion: apps/v1 5 | kind: Deployment 6 | metadata: 7 | name: web-frontend 8 | namespace: vt-web 9 | spec: 10 | replicas: 2 11 | selector: 12 | matchLabels: 13 | app: vt-webapp 14 | tier: webtier 15 | template: 16 | metadata: 17 | labels: 18 | app: vt-webapp 19 | tier: webtier 20 | spec: 21 | containers: 22 | - name: web-frontend 23 | # image: nginx:latest 24 | image: nginxinc/nginx-unprivileged 25 | imagePullPolicy: Always 26 | ports: 27 | - containerPort: 80 28 | --- 29 | apiVersion: apps/v1 30 | kind: Deployment 31 | metadata: 32 | name: web-midtier 33 | namespace: vt-web 34 | spec: 35 | replicas: 2 36 | selector: 37 | matchLabels: 38 | app: web-midtier 39 | tier: apptier 40 | template: 41 | metadata: 42 | labels: 43 | app: web-midtier 44 | tier: apptier 45 | spec: 46 | containers: 47 | - name: web-midtier 48 | # image: nginx:latest 49 | image: nginxinc/nginx-unprivileged 50 | ports: 51 | - containerPort: 80 52 | -------------------------------------------------------------------------------- /openshift/nsxt/nsxt-lb.yaml: -------------------------------------------------------------------------------- 1 | # NSX-T, Kubernetes and Microsegmentation 2 | # https://www.virtualthoughts.co.uk/2018/08/01/nsx-t-kubernetes-and-microsegmentation/ 3 | 4 | --- 5 | apiVersion: v1 6 | kind: Service 7 | metadata: 8 | name: web-loadbalancer 9 | # labels: 10 | namespace: vt-web 11 | spec: 12 | type: LoadBalancer 13 | ports: 14 | - port: 80 15 | protocol: TCP 16 | targetPort: 80 17 | selector: 18 | app: web-frontend 19 | tier: frontend 20 | --- 21 | apiVersion: v1 22 | kind: Service 23 | metadata: 24 | name: app-loadbalancer 25 | labels: 26 | namespace: vt-web 27 | spec: 28 | type: LoadBalancer 29 | ports: 30 | - port: 8080 31 | protocol: TCP 32 | targetPort: 80 33 | selector: 34 | app: web-midtier 35 | tier: midtier 36 | -------------------------------------------------------------------------------- /openshift/openshift-banner.yml: -------------------------------------------------------------------------------- 1 | apiVersion: console.openshift.io/v1 2 | kind: ConsoleNotification 3 | metadata: 4 | name: banner-main 5 | spec: 6 | backgroundColor: blue 7 | color: ‘#fff’ 8 | location: BannerTop 9 | text: >- 10 | You are logged on a Sandbox (Non Production) cluster. -------------------------------------------------------------------------------- /openshift/openshift-nginx-pvc.yml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Pod 4 | metadata: 5 | name: nginx-pod 6 | labels: 7 | name: nginx-pod 8 | spec: 9 | containers: 10 | - name: nginx-pod 11 | image: gcr.io/google_containers/nginx-slim:0.8 12 | resources: 13 | requests: 14 | cpu: 250m 15 | memory: 128Mi 16 | limits: 17 | cpu: 500m 18 | memory: 384Mi 19 | ports: 20 | - name: web 21 | containerPort: 80 22 | securityContext: 23 | privileged: true 24 | volumeMounts: 25 | - name: gluster-vol1 26 | mountPath: /usr/share/nginx/html 27 | volumes: 28 | - name: gluster-vol1 29 | persistentVolumeClaim: 30 | claimName: gluster1 31 | --- 32 | apiVersion: v1 33 | kind: PersistentVolumeClaim 34 | metadata: 35 | name: gluster1 36 | spec: 37 | accessModes: 38 | - ReadWriteOnce 39 | resources: 40 | requests: 41 | storage: 10Gi 42 | storageClassName: ibmc-vpc-block-general-purpose -------------------------------------------------------------------------------- /openshift/openshift-nginx2-pvc.yml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: apps/v1 3 | kind: Deployment 4 | metadata: 5 | name: nginx-pod 6 | labels: 7 | name: nginx-pod 8 | spec: 9 | replicas: 2 10 | selector: 11 | matchLabels: 12 | app: nginx-pod 13 | template: 14 | metadata: 15 | labels: 16 | app: nginx-pod 17 | tier: frontend 18 | containers: 19 | - name: nginx-pod 20 | image: gcr.io/google_containers/nginx-slim:0.8 21 | resources: 22 | requests: 23 | cpu: 250m 24 | memory: 128Mi 25 | limits: 26 | cpu: 500m 27 | memory: 384Mi 28 | ports: 29 | - name: web 30 | containerPort: 80 31 | securityContext: 32 | privileged: true 33 | volumeMounts: 34 | - name: gluster-vol1 35 | mountPath: /usr/share/nginx/html 36 | volumes: 37 | - name: gluster-vol1 38 | persistentVolumeClaim: 39 | claimName: gluster1 40 | --- 41 | apiVersion: v1 42 | kind: PersistentVolumeClaim 43 | metadata: 44 | name: gluster1 45 | spec: 46 | accessModes: 47 | - ReadWriteOnce 48 | resources: 49 | requests: 50 | storage: 10Gi 51 | storageClassName: ibmc-vpc-block-general-purpose -------------------------------------------------------------------------------- /openshift/openshift-rbac1-clusterrolebinding.yml: -------------------------------------------------------------------------------- 1 | kind: ClusterRoleBinding 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | metadata: 4 | name: operators-view 5 | subjects: 6 | - kind: User 7 | apiGroup: rbac.authorization.k8s.io 8 | name: 'IAM#first.last@gmail.com' 9 | roleRef: 10 | apiGroup: rbac.authorization.k8s.io 11 | kind: ClusterRole 12 | name: aggregate-olm-view -------------------------------------------------------------------------------- /openshift/openshift-rbac2-clusterrole.yml: -------------------------------------------------------------------------------- 1 | kind: ClusterRole 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | metadata: 4 | name: aggregate-olm-edit2 5 | labels: 6 | rbac.authorization.k8s.io/aggregate-to-admin: 'true' 7 | rbac.authorization.k8s.io/aggregate-to-edit: 'true' 8 | rules: 9 | - verbs: 10 | - create 11 | - update 12 | - patch 13 | - delete 14 | apiGroups: 15 | - operators.coreos.com 16 | resources: 17 | - subscriptions 18 | - operatorgroups 19 | - verbs: 20 | - delete 21 | apiGroups: 22 | - operators.coreos.com 23 | resources: 24 | - clusterserviceversions 25 | - catalogsources 26 | - installplans 27 | - subscriptions -------------------------------------------------------------------------------- /openshift/openshift-rbac3-rolebinding.yml: -------------------------------------------------------------------------------- 1 | kind: RoleBinding 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | metadata: 4 | name: operators-edit2 5 | namespace: lab-mace 6 | subjects: 7 | - kind: User 8 | apiGroup: rbac.authorization.k8s.io 9 | name: 'IAM#first.last@gmail.com' 10 | roleRef: 11 | apiGroup: rbac.authorization.k8s.io 12 | kind: ClusterRole 13 | name: aggregate-olm-edit2 -------------------------------------------------------------------------------- /openshift/prometheus/prometheus-example-app.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: ns1 5 | --- 6 | apiVersion: apps/v1 7 | kind: Deployment 8 | metadata: 9 | labels: 10 | app: prometheus-example-app 11 | name: prometheus-example-app 12 | namespace: ns1 13 | spec: 14 | replicas: 1 15 | selector: 16 | matchLabels: 17 | app: prometheus-example-app 18 | template: 19 | metadata: 20 | labels: 21 | app: prometheus-example-app 22 | spec: 23 | containers: 24 | - image: ghcr.io/rhobs/prometheus-example-app:0.4.2 25 | imagePullPolicy: IfNotPresent 26 | name: prometheus-example-app 27 | --- 28 | apiVersion: v1 29 | kind: Service 30 | metadata: 31 | labels: 32 | app: prometheus-example-app 33 | name: prometheus-example-app 34 | namespace: ns1 35 | spec: 36 | ports: 37 | - port: 8080 38 | protocol: TCP 39 | targetPort: 8080 40 | name: web 41 | selector: 42 | app: prometheus-example-app 43 | type: ClusterIP 44 | --- 45 | apiVersion: route.openshift.io/v1 46 | kind: Route 47 | metadata: 48 | annotations: 49 | haproxy.router.openshift.io/hsts_header: max-age=31536000;includeSubDomains;preload 50 | labels: 51 | app: test 52 | name: test 53 | namespace: ns1 54 | spec: 55 | host: icn-aznxnp-roks-5348c99e82c5c6b8edeec6aa250d032f-0000.eu-de.containers.appdomain.cloud 56 | port: 57 | targetPort: 8080 58 | tls: 59 | termination: edge 60 | to: 61 | kind: Service 62 | name: prometheus-example-app 63 | weight: 100 64 | wildcardPolicy: None -------------------------------------------------------------------------------- /openshift/prometheus/prometheus-example-monitor.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: monitoring.coreos.com/v1 2 | kind: ServiceMonitor 3 | metadata: 4 | name: prometheus-example-monitor 5 | namespace: ns1 6 | spec: 7 | endpoints: 8 | - interval: 30s 9 | port: web 10 | scheme: http 11 | selector: 12 | matchLabels: 13 | app: prometheus-example-app 14 | -------------------------------------------------------------------------------- /openshift/pvc/ephemeral-volume-pod.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: ephemeral-volume-pod 5 | spec: 6 | containers: 7 | - name: busybox 8 | image: busybox 9 | command: [ "sh", "-c", "echo Hello from ephemeral volume > /data/hello.txt && sleep 3600" ] 10 | volumeMounts: 11 | - mountPath: /data 12 | name: ephemeral-volume 13 | volumes: 14 | - name: ephemeral-volume 15 | ephemeral: 16 | volumeClaimTemplate: 17 | metadata: 18 | labels: 19 | type: ephemeral 20 | spec: 21 | accessModes: [ "ReadWriteOnce" ] 22 | storageClassName: ibmc-vpc-block-5iops-tier 23 | resources: 24 | requests: 25 | storage: 20Gi 26 | -------------------------------------------------------------------------------- /openshift/tcpdump/ksniff-wireshark.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lionelmace/ibmcloud-utils/a34e03a070df4bcd2a8b5fd8a6954ec9b25af83d/openshift/tcpdump/ksniff-wireshark.png -------------------------------------------------------------------------------- /openshift/test-pvc-app.yml: -------------------------------------------------------------------------------- 1 | --- 2 | kind: PersistentVolumeClaim 3 | apiVersion: v1 4 | metadata: 5 | name: odf-pvc 6 | namespace: default 7 | spec: 8 | accessModes: 9 | - ReadWriteOnce 10 | resources: 11 | requests: 12 | storage: 20Mi 13 | storageClassName: ibmc-vpc-block-5iops-tier 14 | 15 | --- 16 | apiVersion: v1 17 | kind: Pod 18 | metadata: 19 | name: odf-test 20 | spec: 21 | containers: 22 | - name: test-odf 23 | image: nginx 24 | command: ["/bin/sh"] 25 | args: ["-c", "while true; do echo $(date -u) >> /test/test.txt; sleep 600; done"] 26 | volumeMounts: 27 | - name: persistent-storage 28 | mountPath: "/test" 29 | restartPolicy: "Never" 30 | volumes: 31 | - name: persistent-storage 32 | persistentVolumeClaim: 33 | claimName: odf-pvc -------------------------------------------------------------------------------- /resource-groups/reclamation-delete.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # Uncommment to verbose 3 | # set -x 4 | 5 | export RG_NAME="mytodo" 6 | 7 | echo "Enter the Resource Group name: " 8 | read rg_name 9 | 10 | ibmcloud target -g $rg_name 11 | 12 | # List all resource reclamations under account 0b5a00334eaf9eb9339d2ab48f7326b4 as lionel.mace@fr.ibm.com... 13 | # OK 14 | 15 | # ID Resource Instance ID Entity CRN State Target Time 16 | # 283fc4d2-55ab-4476-baaf-db977fb9d1c3 2f64e0a8-7711-4f5a-9705-5ae4f5f26e7b crn:v1:bluemix:public:sysdig-monitor:eu-de:a/0b5a00334eaf9eb9339d2ab48f7326b4:2f64e0a8-7711-4f5a-9705-5ae4f5f26e7b:: RECLAIM_FAILED 2022-02-10T09:43:41Z 17 | # 29264108-474f-4699-ac01-792f85d1f022 2db25486-5f4f-45c3-920e-3025ab8a3422 crn:v1:bluemix:public:sysdig-monitor:eu-de:a/0b5a00334eaf9eb9339d2ab48f7326b4:2db25486-5f4f-45c3-920e-3025ab8a3422:: RECLAIM_FAILED 2022-02-08T17:24:53Z 18 | # 21efc4ae-334f-40e4-960f-7f791bef1d0c b506d098-45ec-422d-b5c3-48eb76e96c41 crn:v1:bluemix:public:sysdig-monitor:eu-de:a/0b5a00334eaf9eb9339d2ab48f7326b4:b506d098-45ec-422d-b5c3-48eb76e96c41:: RECLAIM_FAILED 2022-02-09T15:59:39Z 19 | 20 | # Start reading at 4th line to extract the first string of each line 21 | for rr in $(ibmcloud resource reclamations | awk '(NR>4) {print $1}') 22 | do 23 | #echo $rr 24 | ibmcloud resource reclamation-delete $rr -f 25 | done -------------------------------------------------------------------------------- /satellite/agent-env-files/connector.env: -------------------------------------------------------------------------------- 1 | SATELLITE_CONNECTOR_ID=U2F0ZWxsaXRlQ29ubmVjdG9yOiJjanM4cnRzZjFsN2c0M3U4cmp1MCI 2 | SATELLITE_CONNECTOR_IAM_APIKEY=/agent-env-files/apikey 3 | SATELLITE_CONNECTOR_REGION=eu-de 4 | SATELLITE_CONNECTOR_TAGS=test -------------------------------------------------------------------------------- /satellite/agent-env-files/readme.md: -------------------------------------------------------------------------------- 1 | 2 | # Satellite Connector 3 | 4 | ## Installation Steps 5 | 6 | 1. Login to IBM Cloud Container Registry 7 | 8 | ```sh 9 | ibmcloud cr region-set icr.io 10 | ``` 11 | 12 | ```sh 13 | export IBMCLOUD_API_KEY=XXXXXX 14 | ``` 15 | 16 | ```sh 17 | podman login -u iamapikey -p $IBMCLOUD_API_KEY icr.io 18 | or 19 | docker login -u iamapikey -p $IBMCLOUD_API_KEY icr.io 20 | ``` 21 | 22 | 1. Pull the docker image 23 | 24 | ```sh 25 | podman pull icr.io/ibm/satellite-connector/satellite-connector-agent:latest 26 | or 27 | docker pull icr.io/ibm/satellite-connector/satellite-connector-agent:latest 28 | ``` 29 | 30 | 1. Start the docker agent 31 | 32 | ```sh 33 | podman run -d --env-file ./agent-env-files/connector.env -v ~/mygit/ibmcloud-utils/satellite/agent-env-files:/agent-env-files icr.io/ibm/satellite-connector/satellite-connector-agent:latest 34 | ``` 35 | 36 | 2. Verify the tunnel gets established 37 | 38 | ```sh 39 | podman logs CONTAINER-ID 40 | ``` 41 | 42 | 3. Check available images 43 | 44 | ```sh 45 | ibmcloud cr images --include-ibm|grep connector 46 | ``` 47 | 48 | ## Resources 49 | 50 | * [Doc Running a Connector agent](https://cloud.ibm.com/docs/satellite?topic=satellite-run-agent-locally&interface=ui) -------------------------------------------------------------------------------- /satellite/architecture.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lionelmace/ibmcloud-utils/a34e03a070df4bcd2a8b5fd8a6954ec9b25af83d/satellite/architecture.png -------------------------------------------------------------------------------- /satellite/baremetal/README.md: -------------------------------------------------------------------------------- 1 | 2 | ic is images | grep ibm-redhat-8-8 | grep -v "deprecated" 3 | 4 | r010-857d6027-1add-4350-baac-e44ca9921ec8 ibm-redhat-8-8-minimal-amd64-2 5 | 6 | ibmcloud is bare-metal-server-create \ 7 | --name bm-fra-3 \ 8 | --pnic-subnet eu-de-subnet-2 \ 9 | --zone eu-de-2 \ 10 | --profile bx2-metal-96x384 \ 11 | --image r010-857d6027-1add-4350-baac-e44ca9921ec8 \ 12 | --keys r010-c2c6f4a2-dd52-4697-97b2-19b8173734e2,r010-7bfe0de2-4bad-4934-a557-81513de8ed26 -------------------------------------------------------------------------------- /satellite/sat-architecture.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lionelmace/ibmcloud-utils/a34e03a070df4bcd2a8b5fd8a6954ec9b25af83d/satellite/sat-architecture.png -------------------------------------------------------------------------------- /satellite/satellite.env: -------------------------------------------------------------------------------- 1 | 2 | ########################################################## 3 | # Satellite 4 | ########################################################## 5 | 6 | export LOCATION_NAME=test8 7 | 8 | export SAT_MANAGED_FROM=fra 9 | 10 | # Minimum vCPU/RAM size 11 | # CLI to retrieve profiles: ibmcloud is in-prs 12 | export VSI_PROFILE=bx2-4x16 13 | 14 | # OS: ibm-redhat-8-6-minimal-amd64-4 15 | # List OS: ibmcloud is images 16 | export VSI_IMAGE_ID=r010-1bfee58e-0170-4a57-9592-c3da671983f8 17 | 18 | # Number of control planes/workers 19 | export COUNT_START=01 20 | export COUNT_END=03 21 | 22 | # Region to provision the VSIs 23 | export VPC_ZONE=eu-de -------------------------------------------------------------------------------- /satellite/satellite.env.template: -------------------------------------------------------------------------------- 1 | 2 | ########################################################## 3 | # Satellite 4 | ########################################################## 5 | 6 | export LOCATION_NAME=YOUR_LOCATION_NAME 7 | 8 | export SAT_MANAGED_FROM=lon 9 | 10 | # Minimum vCPU/RAM size 11 | export VSI_PROFILE=bx2-4x16 12 | 13 | # Operationg System: ibm-redhat-7-0-64-minimal-for-vsi 14 | export VSI_IMAGE_ID=a573bfb9-4e55-481f-9060-31d757155ded 15 | 16 | # Number of control planes/workers 17 | export COUNT_START=01 18 | export COUNT_END=03 19 | 20 | # Region to provision the VSIs 21 | export VPC_ZONE=eu-de -------------------------------------------------------------------------------- /sysdig/sysdig-benchmark-runner-configmap.yaml: -------------------------------------------------------------------------------- 1 | # Source: https://github.com/draios/sysdig-cloud-scripts/blob/master/agent_deploy/kubernetes/sysdig-benchmark-runner-configmap.yaml 2 | --- 3 | apiVersion: v1 4 | kind: ConfigMap 5 | metadata: 6 | name: sysdig-benchmark-runner 7 | data: 8 | debug: "false" 9 | 10 | # Set and customize the following to enable proxy support 11 | # http_proxy: "http://proxy_server:8080" 12 | # https_proxy: "https://proxy_server:8080" 13 | # no_proxy: "127.0.0.1,localhost,192.168.0.0/16,172.16.0.0/12,10.0.0.0/8" 14 | 15 | # The endpoint to the Sysdig collector 16 | # Required: yes 17 | collector_endpoint: https://eu-de.monitoring.cloud.ibm.com 18 | -------------------------------------------------------------------------------- /sysdig/sysdig-host-analyzer-configmap.yaml: -------------------------------------------------------------------------------- 1 | # source: https://github.com/draios/sysdig-cloud-scripts/blob/master/agent_deploy/kubernetes/sysdig-host-analyzer-configmap.yaml 2 | --- 3 | apiVersion: v1 4 | kind: ConfigMap 5 | metadata: 6 | name: sysdig-host-analyzer 7 | data: 8 | debug: "false" 9 | 10 | # Set the following to choose your scanning schedule 11 | schedule: "@dailydefault" 12 | 13 | # Set and customize the following to enable proxy support 14 | # http_proxy: "http://proxy_server:8080" 15 | # https_proxy: "https://proxy_server:8080" 16 | # no_proxy: "127.0.0.1,localhost,192.168.0.0/16,172.16.0.0/12,10.0.0.0/8" 17 | 18 | # analyze_at_startup: "false" 19 | 20 | # The endpoint to the Scanning Analysis collector 21 | # Required: yes 22 | collector_endpoint: https://eu-de.monitoring.cloud.ibm.com/internal/scanning/scanning-analysis-collector 23 | 24 | # uncomment the following line to use a self-signed cert for backend communication 25 | # ssl_verify_certificate: "false" 26 | dirs_to_scan: "/etc,/var/lib/dpkg,/usr/local,/usr/lib/sysimage/rpm,/var/lib/rpm,/lib/apk/db" -------------------------------------------------------------------------------- /sysdig/sysdig-image-analyzer-configmap.yaml: -------------------------------------------------------------------------------- 1 | # Source: https://github.com/draios/sysdig-cloud-scripts/blob/master/agent_deploy/kubernetes/sysdig-image-analyzer-configmap.yaml 2 | --- 3 | apiVersion: v1 4 | kind: ConfigMap 5 | metadata: 6 | name: sysdig-image-analyzer 7 | data: 8 | debug: "false" 9 | 10 | # Set and customize the following to enable proxy support 11 | # http_proxy: "http://proxy_server:8080" 12 | # https_proxy: "https://proxy_server:8080" 13 | # no_proxy: "127.0.0.1,localhost,192.168.0.0/16,172.16.0.0/12,10.0.0.0/8" 14 | 15 | # The endpoint to the Scanning Analysis collector 16 | # Required: yes 17 | collector_endpoint: https://eu-de.monitoring.cloud.ibm.com/internal/scanning/scanning-analysis-collector -------------------------------------------------------------------------------- /sysdig/sysdig-img-analyzer.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lionelmace/ibmcloud-utils/a34e03a070df4bcd2a8b5fd8a6954ec9b25af83d/sysdig/sysdig-img-analyzer.png -------------------------------------------------------------------------------- /terraform/appid-federation/app-id.tf: -------------------------------------------------------------------------------- 1 | resource "ibm_resource_instance" "app-id" { 2 | resource_group_id = ibm_resource_group.resource_group.id 3 | name = "${var.prefix}-app-id" 4 | service = "appid" 5 | plan = "graduated-tier" 6 | location = var.region 7 | tags = var.tags 8 | } -------------------------------------------------------------------------------- /terraform/appid-federation/clean-state.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | rm -rf .terraform 4 | rm .terraform.lock.hcl 5 | rm terraform.tfstate* 6 | 7 | echo 'All terraform states have been removed' 8 | -------------------------------------------------------------------------------- /terraform/appid-federation/iam.tf: -------------------------------------------------------------------------------- 1 | 2 | # Authorization policy between MySQL and Key Protect 3 | # resource "ibm_iam_authorization_policy" "mysql-kms" { 4 | # source_service_name = "databases-for-mysql" 5 | # target_service_name = "kms" 6 | # roles = ["Reader", "Authorization Delegator"] 7 | # } 8 | -------------------------------------------------------------------------------- /terraform/appid-federation/provider.tf: -------------------------------------------------------------------------------- 1 | ############################################################################## 2 | # IBM Cloud Provider 3 | # > Remove for use in schematics 4 | ############################################################################## 5 | 6 | terraform { 7 | required_version = ">= 1.0.11" 8 | required_providers { 9 | ibm = { 10 | source = "IBM-Cloud/ibm" 11 | version = "1.42.0" 12 | } 13 | } 14 | } 15 | 16 | provider "ibm" { 17 | ibmcloud_api_key = var.ibmcloud_api_key 18 | region = var.region 19 | ibmcloud_timeout = 60 20 | } 21 | 22 | ############################################################################## -------------------------------------------------------------------------------- /terraform/appid-federation/resource-group.tf: -------------------------------------------------------------------------------- 1 | 2 | ############################################################################## 3 | # Resource Group where Cloud Resources will be created 4 | ############################################################################## 5 | 6 | resource "ibm_resource_group" "resource_group" { 7 | name = var.resource_group 8 | } 9 | -------------------------------------------------------------------------------- /terraform/appid-federation/testing.tfvars: -------------------------------------------------------------------------------- 1 | ## terraform apply -var-file="testing.tfvars" 2 | 3 | ############################################################################## 4 | ## Global Variables 5 | ############################################################################## 6 | #ibmcloud_api_key = "" # Set the variable export TF_VAR_ibmcloud_api_key= 7 | prefix = "tf" 8 | region = "eu-de" # eu-de for Frankfurt MZR 9 | resource_group = "tf-federation" 10 | tags = ["tf", "federation"] 11 | 12 | ############################################################################## 13 | ## XX XX 14 | ############################################################################## 15 | -------------------------------------------------------------------------------- /terraform/appid-federation/variables.tf: -------------------------------------------------------------------------------- 1 | ############################################################################## 2 | # Account Variables 3 | ############################################################################## 4 | 5 | variable "ibmcloud_api_key" { 6 | description = "The IBM Cloud platform API key needed to deploy IAM enabled resources" 7 | } 8 | 9 | variable "prefix" { 10 | description = "A unique identifier need to provision resources. Must begin with a letter" 11 | type = string 12 | default = "" 13 | } 14 | 15 | variable "region" { 16 | description = "IBM Cloud region where all resources will be provisioned" 17 | default = "" 18 | } 19 | 20 | variable "resource_group" { 21 | description = "Name of resource group where all infrastructure will be provisioned" 22 | default = "" 23 | 24 | validation { 25 | error_message = "Unique ID must begin and end with a letter and contain only letters, numbers, and - characters." 26 | condition = can(regex("^([a-z]|[a-z][-a-z0-9]*[a-z0-9])$", var.resource_group)) 27 | } 28 | } 29 | 30 | variable "tags" { 31 | description = "List of Tags" 32 | type = list(string) 33 | default = ["tf", "federation"] 34 | } 35 | 36 | 37 | 38 | ############################################################################## 39 | # XX 40 | ############################################################################## 41 | 42 | -------------------------------------------------------------------------------- /terraform/cbr/outputs.tf: -------------------------------------------------------------------------------- 1 | output "vsi_private_ip" { 2 | value = ibm_is_instance.vsi.primary_network_interface.0.primary_ip.0.address 3 | } 4 | 5 | output "vsi_public_ip" { 6 | description = "The public Floating IP attached to the VSI" 7 | value = ibm_is_floating_ip.public_ip.0.address 8 | } 9 | 10 | output "ssh_connection_string" { 11 | value = "ssh -i ./rsakey.pem root@VSI-FLOATING-IP" 12 | } -------------------------------------------------------------------------------- /terraform/cbr/provider.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">=1.4" 3 | required_providers { 4 | ibm = { 5 | source = "IBM-Cloud/ibm" 6 | version = "1.70.1" 7 | } 8 | tls = { 9 | source = "hashicorp/tls" 10 | version = "~> 4.0.4" 11 | } 12 | } 13 | } 14 | 15 | provider "ibm" { 16 | ibmcloud_api_key = var.ibmcloud_api_key 17 | region = var.region 18 | } 19 | -------------------------------------------------------------------------------- /terraform/cloud-logs/account-rg.tf: -------------------------------------------------------------------------------- 1 | ############################################################################## 2 | # Create a resource group or reuse an existing one 3 | ############################################################################## 4 | 5 | variable "existing_resource_group_name" { 6 | default = "" 7 | description = "(Optional) Name of an existing resource group where to create resources" 8 | } 9 | 10 | resource "ibm_resource_group" "group" { 11 | count = var.existing_resource_group_name != "" ? 0 : 1 12 | name = "${local.basename}-group" 13 | tags = var.tags 14 | } 15 | 16 | data "ibm_resource_group" "group" { 17 | count = var.existing_resource_group_name != "" ? 1 : 0 18 | name = var.existing_resource_group_name 19 | } 20 | 21 | locals { 22 | resource_group_id = var.existing_resource_group_name != "" ? data.ibm_resource_group.group.0.id : ibm_resource_group.group.0.id 23 | } 24 | 25 | # output "resource_group_name" { 26 | # value = ibm_resource_group.group.name 27 | # } -------------------------------------------------------------------------------- /terraform/cloud-logs/observability-logs-at-routing.tf: -------------------------------------------------------------------------------- 1 | 2 | # Activity Tracker Event Routing 3 | ############################################################################## 4 | resource "ibm_atracker_route" "atracker_route" { 5 | name = format("%s-%s", local.basename, "at-route") 6 | rules { 7 | target_ids = [ibm_atracker_target.atracker_cloudlogs_target.id] 8 | locations = [var.region, "global"] 9 | } 10 | lifecycle { 11 | # Recommended to ensure that if a target ID is removed here and destroyed in a plan, this is updated first 12 | create_before_destroy = true 13 | } 14 | depends_on = [ibm_iam_authorization_policy.iam-auth-atracker-2-logs] 15 | } 16 | 17 | resource "ibm_atracker_target" "atracker_cloudlogs_target" { 18 | cloudlogs_endpoint { 19 | target_crn = ibm_resource_instance.logs_instance.id 20 | } 21 | name = format("%s-%s", local.basename, "cloudlogs-target") 22 | target_type = "cloud_logs" 23 | region = var.region 24 | } 25 | -------------------------------------------------------------------------------- /terraform/cloud-logs/observability-logs-iam-authorizations.tf: -------------------------------------------------------------------------------- 1 | # IAM S2S Service to Service Authorization 2 | ############################################################################## 3 | 4 | # S2S Authorization from Cloud Logs to COS 5 | resource "ibm_iam_authorization_policy" "cloud-logs-cos" { 6 | source_service_name = "logs" 7 | # source_resource_instance_id = ibm_resource_instance.logs_instance.guid 8 | target_service_name = "cloud-object-storage" 9 | # target_resource_instance_id = ibm_resource_instance.cos-for-logs.guid 10 | roles = ["Writer"] 11 | } 12 | 13 | # S2S Authorization from Logs Router to Cloud Logs 14 | resource "ibm_iam_authorization_policy" "cloud-logs-router" { 15 | source_service_name = "logs-router" 16 | target_service_name = "logs" 17 | roles = ["Sender"] 18 | } 19 | 20 | ############################################################################## 21 | resource "ibm_iam_authorization_policy" "iam-auth-kms-cos-for-logs" { 22 | source_service_name = "cloud-object-storage" 23 | source_resource_instance_id = ibm_resource_instance.cos-for-logs.guid 24 | target_service_name = "kms" 25 | target_resource_instance_id = ibm_resource_instance.key-protect.guid 26 | roles = ["Reader"] 27 | } 28 | 29 | ############################################################################## 30 | resource "ibm_iam_authorization_policy" "iam-auth-atracker-2-logs" { 31 | source_service_name = "atracker" 32 | target_service_name = "logs" 33 | target_resource_instance_id = ibm_resource_instance.logs_instance.guid 34 | roles = ["Sender"] 35 | } -------------------------------------------------------------------------------- /terraform/cloud-logs/observability-logs-instance.tf: -------------------------------------------------------------------------------- 1 | 2 | ############################################################################## 3 | # Cloud Logs Services 4 | ############################################################################## 5 | 6 | 7 | # Cloud Logs Instance 8 | ############################################################################## 9 | 10 | resource "ibm_resource_instance" "logs_instance" { 11 | resource_group_id = local.resource_group_id 12 | name = format("%s-%s", local.basename, "cloud-logs") 13 | service = "logs" 14 | plan = "standard" 15 | location = var.region 16 | tags = var.tags 17 | service_endpoints = "private" 18 | 19 | parameters = { 20 | logs_bucket_crn = ibm_cos_bucket.logs-bucket-data.crn 21 | logs_bucket_endpoint = ibm_cos_bucket.logs-bucket-data.s3_endpoint_direct 22 | metrics_bucket_crn = ibm_cos_bucket.logs-bucket-metrics.crn 23 | metrics_bucket_endpoint = ibm_cos_bucket.logs-bucket-metrics.s3_endpoint_direct 24 | retention_period = 7 25 | } 26 | depends_on = [ibm_iam_authorization_policy.cloud-logs-cos] 27 | } 28 | 29 | output "logs-extensions" { 30 | description = "The Cloud Logs Extensions" 31 | value = ibm_resource_instance.logs_instance.extensions 32 | } -------------------------------------------------------------------------------- /terraform/cloud-logs/observability-logs-routing.tf: -------------------------------------------------------------------------------- 1 | 2 | # Cloud Logs Routing 3 | ############################################################################## 4 | resource "ibm_logs_router_tenant" "logs_router_tenant_instance" { 5 | name = format("%s-%s", local.basename, "cloud-logs-router") 6 | region = var.region 7 | targets { 8 | log_sink_crn = ibm_resource_instance.logs_instance.id 9 | name = "my-cloud-logs-target" 10 | parameters { 11 | # Private Endpoint is not supported yet. 12 | # host = ibm_resource_instance.logs_instance.extensions.external_ingress_private 13 | host = ibm_resource_instance.logs_instance.extensions.external_ingress 14 | port = 443 15 | } 16 | } 17 | # targets { 18 | # log_sink_crn = module.log_analysis.crn 19 | # name = "my-log-analysis-target" 20 | # parameters { 21 | # host = "logs.private.${var.region}.logging.cloud.ibm.com" 22 | # port = 443 23 | # access_credential = module.log_analysis.ingestion_key 24 | # } 25 | # } 26 | } 27 | -------------------------------------------------------------------------------- /terraform/cloud-logs/provider.tf: -------------------------------------------------------------------------------- 1 | ############################################################################## 2 | # IBM Cloud Provider 3 | ############################################################################## 4 | 5 | terraform { 6 | required_version = ">=1.6" 7 | required_providers { 8 | ibm = { 9 | source = "IBM-Cloud/ibm" 10 | version = "1.70.1" 11 | } 12 | # logdna = { 13 | # source = "logdna/logdna" 14 | # version = ">= 1.16.0" 15 | # } 16 | } 17 | } 18 | 19 | provider "ibm" { 20 | ibmcloud_api_key = var.ibmcloud_api_key 21 | region = var.region 22 | } 23 | 24 | ############################################################################## -------------------------------------------------------------------------------- /terraform/cloud-logs/security-key-protect.tf: -------------------------------------------------------------------------------- 1 | ############################################################################## 2 | ## Key Protect 3 | ############################################################################## 4 | resource "ibm_resource_instance" "key-protect" { 5 | resource_group_id = local.resource_group_id 6 | name = format("%s-%s", local.basename, "key-protect") 7 | service = "kms" 8 | plan = "tiered-pricing" 9 | location = var.region 10 | tags = var.tags 11 | service_endpoints = "private" 12 | } 13 | 14 | resource "ibm_kms_instance_policies" "instance_policy" { 15 | instance_id = ibm_resource_instance.key-protect.guid 16 | rotation { 17 | enabled = true 18 | interval_month = 3 19 | } 20 | # A instance with dual authorization policy enabled cannot be destroyed by using Terraform. 21 | dual_auth_delete { 22 | enabled = false 23 | } 24 | metrics { 25 | enabled = true 26 | } 27 | key_create_import_access { 28 | enabled = true 29 | } 30 | } 31 | 32 | resource "ibm_kms_key" "key" { 33 | instance_id = ibm_resource_instance.key-protect.guid 34 | key_name = "${local.basename}-root-key" 35 | standard_key = false 36 | force_delete = true 37 | } 38 | 39 | resource "ibm_kms_key_policies" "key_policy" { 40 | instance_id = ibm_resource_instance.key-protect.guid 41 | key_id = ibm_kms_key.key.key_id 42 | rotation { 43 | enabled = true 44 | interval_month = 3 45 | } 46 | # A instance with dual authorization policy enabled cannot be destroyed by using Terraform. 47 | dual_auth_delete { 48 | enabled = false 49 | } 50 | } -------------------------------------------------------------------------------- /terraform/cloud-logs/testing.auto.tfvars: -------------------------------------------------------------------------------- 1 | ############################################################################## 2 | ## Global Variables 3 | ############################################################################## 4 | 5 | #region = "eu-de" # eu-de for Frankfurt MZR 6 | # existing_resource_group_name = "" 7 | 8 | 9 | ## Observability: Log Analysis (Mezmo) 10 | ############################################################################## 11 | # Available Plans: lite, 7-day, 14-day, 30-day 12 | log_plan = "7-day" 13 | log_enable_platform_logs = false 14 | -------------------------------------------------------------------------------- /terraform/cloud-logs/variables.tf: -------------------------------------------------------------------------------- 1 | ############################################################################## 2 | # Account Variables 3 | ############################################################################## 4 | 5 | variable "ibmcloud_api_key" { 6 | description = "APIkey that's associated with the account to provision resources to" 7 | type = string 8 | default = "" 9 | sensitive = true 10 | } 11 | 12 | variable "prefix" { 13 | type = string 14 | default = "" 15 | description = "A prefix for all resources to be created. If none provided a random prefix will be created" 16 | } 17 | 18 | resource "random_string" "random" { 19 | count = var.prefix == "" ? 1 : 0 20 | 21 | length = 6 22 | special = false 23 | } 24 | 25 | locals { 26 | basename = lower(var.prefix == "" ? "icl-${random_string.random.0.result}" : var.prefix) 27 | } 28 | 29 | variable "region" { 30 | description = "IBM Cloud region where all resources will be provisioned (e.g. eu-de)" 31 | default = "eu-de" 32 | } 33 | 34 | variable "tags" { 35 | description = "List of Tags" 36 | type = list(string) 37 | default = ["tf", "logs"] 38 | } -------------------------------------------------------------------------------- /terraform/cloudfoundry/appcode/get-started-node-master.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lionelmace/ibmcloud-utils/a34e03a070df4bcd2a8b5fd8a6954ec9b25af83d/terraform/cloudfoundry/appcode/get-started-node-master.zip -------------------------------------------------------------------------------- /terraform/cos/account-iam-ag.tf: -------------------------------------------------------------------------------- 1 | # Create Access Group 2 | resource "ibm_iam_access_group" "accgrp" { 3 | name = format("%s-%s", local.basename, "ag") 4 | tags = var.tags 5 | } 6 | 7 | # Visibility on the Resource Group 8 | resource "ibm_iam_access_group_policy" "iam-rg-viewer" { 9 | access_group_id = ibm_iam_access_group.accgrp.id 10 | roles = ["Viewer"] 11 | resources { 12 | resource_type = "resource-group" 13 | resource = local.resource_group_id 14 | } 15 | } 16 | 17 | # Authorization policy between SCC (Source) and COS Bucket (Target) 18 | # Requires by the new SCC to store SCC evaluation results into a COS bucket 19 | resource "ibm_iam_authorization_policy" "iam-auth-scc-cos" { 20 | source_service_name = "compliance" 21 | target_service_name = "cloud-object-storage" 22 | target_resource_instance_id = ibm_resource_instance.cos.guid 23 | roles = ["Writer"] 24 | } 25 | 26 | resource "ibm_iam_authorization_policy" "iam-auth-kms-cos" { 27 | source_service_name = "cloud-object-storage" 28 | source_resource_instance_id = ibm_resource_instance.cos.guid 29 | target_service_name = "kms" 30 | target_resource_instance_id = ibm_resource_instance.key-protect.guid 31 | roles = ["Reader"] 32 | } 33 | 34 | -------------------------------------------------------------------------------- /terraform/cos/account-rg.tf: -------------------------------------------------------------------------------- 1 | 2 | ############################################################################## 3 | # Create a resource group or reuse an existing one 4 | ############################################################################## 5 | 6 | resource "ibm_resource_group" "group" { 7 | name = "${local.basename}-group" 8 | tags = var.tags 9 | } 10 | 11 | output "resource_group_name" { 12 | value = ibm_resource_group.group.name 13 | } -------------------------------------------------------------------------------- /terraform/cos/provider.tf: -------------------------------------------------------------------------------- 1 | ############################################################################## 2 | # IBM Cloud Provider 3 | ############################################################################## 4 | 5 | terraform { 6 | required_version = ">=1.5" 7 | required_providers { 8 | ibm = { 9 | source = "IBM-Cloud/ibm" 10 | version = "1.64.0" 11 | } 12 | } 13 | } 14 | 15 | provider "ibm" { 16 | ibmcloud_api_key = var.ibmcloud_api_key 17 | region = var.region 18 | } 19 | 20 | ############################################################################## -------------------------------------------------------------------------------- /terraform/cos/variables.tf: -------------------------------------------------------------------------------- 1 | ############################################################################## 2 | # Account Variables 3 | ############################################################################## 4 | 5 | variable "ibmcloud_api_key" { 6 | description = "APIkey that's associated with the account to provision resources to" 7 | type = string 8 | default = "" 9 | sensitive = true 10 | } 11 | 12 | variable "prefix" { 13 | type = string 14 | default = "" 15 | description = "A prefix for all resources to be created. If none provided a random prefix will be created" 16 | } 17 | 18 | resource "random_string" "random" { 19 | count = var.prefix == "" ? 1 : 0 20 | 21 | length = 6 22 | special = false 23 | } 24 | 25 | locals { 26 | basename = lower(var.prefix == "" ? "mycos-${random_string.random.0.result}" : var.prefix) 27 | } 28 | 29 | variable "region" { 30 | description = "IBM Cloud region where all resources will be provisioned (e.g. eu-de)" 31 | default = "eu-de" 32 | } 33 | 34 | variable "tags" { 35 | description = "List of Tags" 36 | type = list(string) 37 | default = ["tf", "cos"] 38 | } 39 | 40 | # Account ID is required for the SCC Scope 41 | ############################################################################## 42 | data "ibm_iam_account_settings" "account_settings" { 43 | } 44 | 45 | locals { 46 | account_id = data.ibm_iam_account_settings.account_settings.account_id 47 | } 48 | -------------------------------------------------------------------------------- /terraform/enterprise-apptio/README.md: -------------------------------------------------------------------------------- 1 | # Integrate Enterprise Account with Apptio 2 | 3 | Run this terraform script from Schematics in the Enterprise account to enable Apptio use to retrieve Usage Billing report in COS bucket https://cloud.ibm.com/billing/settings. -------------------------------------------------------------------------------- /terraform/enterprise/account-rg.tf: -------------------------------------------------------------------------------- 1 | 2 | ############################################################################## 3 | # Create a resource group or reuse an existing one 4 | ############################################################################## 5 | 6 | resource "ibm_resource_group" "group" { 7 | name = "${local.basename}-group" 8 | tags = var.tags 9 | } 10 | 11 | output "resource_group_name" { 12 | value = ibm_resource_group.group.name 13 | } -------------------------------------------------------------------------------- /terraform/enterprise/enterprise-child-account.tf.onhold: -------------------------------------------------------------------------------- 1 | 2 | resource "ibm_enterprise_account" "coreit" { 3 | name = "new-child-account" 4 | parent = data.ibm_enterprise_account_groups.enterprise_country_ch.account_groups.0.crn 5 | owner_iam_id = data.ibm_enterprise_account_groups.enterprise_country_ch.account_groups.0.primary_contact_iam_id 6 | traits { 7 | enterprise_iam_managed = true 8 | } 9 | options { 10 | create_iam_service_id_with_apikey_and_owner_policies = true 11 | } 12 | } 13 | 14 | # resource "ibm_enterprise_account" "child_account" { 15 | # # parent = data.ibm_enterprise_accounts.accounts.accounts.0.crn // Failed 16 | # name = "new-child-tf-account" 17 | # owner_iam_id = "first.last@fr.ibm.com" 18 | # } 19 | -------------------------------------------------------------------------------- /terraform/enterprise/enterprise-child-cos.tf.onhold: -------------------------------------------------------------------------------- 1 | 2 | # Object Storage to backup the OpenShift Internal Registry 3 | ############################################################################## 4 | resource "ibm_resource_instance" "cos_in_child_account" { 5 | provider = alias.child 6 | name = "cos_in_child_account" 7 | resource_group_id = ibm_resource_group.group.id 8 | service = "cloud-object-storage" 9 | plan = "standard" 10 | location = "global" 11 | tags = var.tags 12 | } 13 | 14 | -------------------------------------------------------------------------------- /terraform/enterprise/enterprise-top-account.tf: -------------------------------------------------------------------------------- 1 | # Top level Enterprise Account with label "Enterprise" in the Console 2 | # Failing: Unable to find it... 3 | # data "ibm_enterprises" "top-enterprise" { 4 | # name = "top-account" 5 | # } 6 | 7 | # output "top-enterprise-crn" { 8 | # value = data.ibm_enterprises.top-enterprise.enterprises.0.crn 9 | # } 10 | 11 | # Enterprise Account where resources can be provisioned. 12 | data "ibm_enterprise_accounts" "top-enterprise-account" { 13 | name = "top-account" 14 | } 15 | 16 | output "top-enterprise-account-crn" { 17 | value = data.ibm_enterprise_accounts.top-enterprise-account.accounts.0.crn 18 | } 19 | 20 | output "is_enterprise_account" { 21 | value = data.ibm_enterprise_accounts.top-enterprise-account.accounts.0.is_enterprise_account 22 | } 23 | 24 | data "ibm_enterprise_account_groups" "enterprise_country_ch" { 25 | name = "Country Switzerland" // My existing account group 26 | } 27 | 28 | -------------------------------------------------------------------------------- /terraform/enterprise/provider.tf: -------------------------------------------------------------------------------- 1 | ############################################################################## 2 | # IBM Cloud Provider 3 | ############################################################################## 4 | 5 | terraform { 6 | required_version = ">=1.5" 7 | required_providers { 8 | ibm = { 9 | source = "IBM-Cloud/ibm" 10 | version = "1.64.1" 11 | } 12 | } 13 | } 14 | 15 | provider "ibm" { 16 | alias = "child" 17 | # how do I get the API Key after account creation? 18 | ibmcloud_api_key = var.ibmcloud_api_key 19 | region = var.region 20 | } 21 | 22 | provider "ibm" { 23 | alias = "enterprise" 24 | ibmcloud_api_key = var.ibmcloud_api_key 25 | region = var.region 26 | } 27 | ############################################################################## -------------------------------------------------------------------------------- /terraform/enterprise/testing.auto.tfvars: -------------------------------------------------------------------------------- 1 | ibmcloud_api_key = "" -------------------------------------------------------------------------------- /terraform/enterprise/variables.tf: -------------------------------------------------------------------------------- 1 | ############################################################################## 2 | # Account Variables 3 | ############################################################################## 4 | 5 | variable "ibmcloud_api_key" { 6 | description = "APIkey that's associated with the account to provision resources to" 7 | type = string 8 | default = "" 9 | sensitive = true 10 | } 11 | 12 | variable "prefix" { 13 | type = string 14 | default = "" 15 | description = "A prefix for all resources to be created. If none provided a random prefix will be created" 16 | } 17 | 18 | resource "random_string" "random" { 19 | count = var.prefix == "" ? 1 : 0 20 | 21 | length = 6 22 | special = false 23 | } 24 | 25 | locals { 26 | basename = lower(var.prefix == "" ? "ham-${random_string.random.0.result}" : var.prefix) 27 | } 28 | 29 | variable "region" { 30 | description = "IBM Cloud region where all resources will be provisioned (e.g. eu-de)" 31 | default = "eu-de" 32 | } 33 | 34 | variable "tags" { 35 | description = "List of Tags" 36 | type = list(string) 37 | default = ["tf", "enterprise"] 38 | } 39 | 40 | # Account ID is required for the SCC Scope 41 | ############################################################################## 42 | data "ibm_iam_account_settings" "account_settings" { 43 | } 44 | 45 | locals { 46 | account_id = data.ibm_iam_account_settings.account_settings.account_id 47 | } 48 | -------------------------------------------------------------------------------- /terraform/event-streams/account-rg.tf: -------------------------------------------------------------------------------- 1 | ############################################################################## 2 | # Create a resource group or reuse an existing one 3 | ############################################################################## 4 | 5 | variable "existing_resource_group_name" { 6 | default = "" 7 | description = "(Optional) Name of an existing resource group where to create resources" 8 | } 9 | 10 | resource "ibm_resource_group" "group" { 11 | count = var.existing_resource_group_name != "" ? 0 : 1 12 | name = "${local.basename}-group" 13 | tags = var.tags 14 | } 15 | 16 | data "ibm_resource_group" "group" { 17 | count = var.existing_resource_group_name != "" ? 1 : 0 18 | name = var.existing_resource_group_name 19 | } 20 | 21 | locals { 22 | resource_group_id = var.existing_resource_group_name != "" ? data.ibm_resource_group.group.0.id : ibm_resource_group.group.0.id 23 | } 24 | 25 | # output "resource_group_name" { 26 | # value = ibm_resource_group.group.name 27 | # } -------------------------------------------------------------------------------- /terraform/event-streams/event-streams.tf: -------------------------------------------------------------------------------- 1 | 2 | resource "ibm_resource_instance" "event-streams" { 3 | name = format("%s-%s", local.basename, "event-streams") 4 | service = "messagehub" 5 | # Lite plan is not available in Frankfurt Region. 6 | plan = "lite" 7 | location = "us-south" 8 | resource_group_id = local.resource_group_id 9 | } 10 | 11 | resource "ibm_event_streams_topic" "test" { 12 | resource_instance_id = ibm_resource_instance.event-streams.id 13 | name = "test" 14 | partitions = 1 15 | } -------------------------------------------------------------------------------- /terraform/event-streams/provider.tf: -------------------------------------------------------------------------------- 1 | ############################################################################## 2 | # IBM Cloud Provider 3 | ############################################################################## 4 | 5 | terraform { 6 | required_version = ">=1.10" 7 | required_providers { 8 | ibm = { 9 | source = "IBM-Cloud/ibm" 10 | version = "1.78.2" 11 | } 12 | } 13 | } 14 | 15 | provider "ibm" { 16 | ibmcloud_api_key = var.ibmcloud_api_key 17 | region = var.region 18 | } 19 | 20 | ############################################################################## -------------------------------------------------------------------------------- /terraform/event-streams/testing.auto.tfvars: -------------------------------------------------------------------------------- 1 | ############################################################################## 2 | ## Global Variables 3 | ############################################################################## 4 | 5 | #region = "eu-de" # eu-de for Frankfurt MZR 6 | # existing_resource_group_name = "" 7 | 8 | -------------------------------------------------------------------------------- /terraform/event-streams/variables.tf: -------------------------------------------------------------------------------- 1 | ############################################################################## 2 | # Account Variables 3 | ############################################################################## 4 | 5 | variable "ibmcloud_api_key" { 6 | description = "APIkey that's associated with the account to provision resources to" 7 | type = string 8 | default = "" 9 | sensitive = true 10 | } 11 | 12 | variable "prefix" { 13 | type = string 14 | default = "" 15 | description = "A prefix for all resources to be created. If none provided a random prefix will be created" 16 | } 17 | 18 | resource "random_string" "random" { 19 | count = var.prefix == "" ? 1 : 0 20 | 21 | length = 6 22 | special = false 23 | } 24 | 25 | locals { 26 | basename = lower(var.prefix == "" ? "event-${random_string.random.0.result}" : var.prefix) 27 | } 28 | 29 | variable "region" { 30 | description = "IBM Cloud region where all resources will be provisioned (e.g. eu-de)" 31 | default = "eu-de" 32 | } 33 | 34 | variable "tags" { 35 | description = "List of Tags" 36 | type = list(string) 37 | default = ["tf", "logs"] 38 | } -------------------------------------------------------------------------------- /terraform/http-full/provider.tf: -------------------------------------------------------------------------------- 1 | ############################################################################## 2 | # IBM Cloud Provider 3 | ############################################################################## 4 | 5 | terraform { 6 | required_version = ">=1.5" 7 | required_providers { 8 | ibm = { 9 | source = "IBM-Cloud/ibm" 10 | version = "1.62.0" 11 | } 12 | http-full = { 13 | source = "salrashid123/http-full" 14 | } 15 | } 16 | } 17 | 18 | provider "http-full" {} 19 | 20 | provider "ibm" { 21 | ibmcloud_api_key = var.ibmcloud_api_key 22 | region = var.region 23 | } 24 | 25 | ############################################################################## -------------------------------------------------------------------------------- /terraform/hyperprotect/clean-state.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | rm -rf .terraform 4 | rm .terraform.lock.hcl 5 | rm terraform.tfstate* 6 | 7 | echo 'All terraform states have been removed' 8 | -------------------------------------------------------------------------------- /terraform/hyperprotect/hp-dbaas.tf: -------------------------------------------------------------------------------- 1 | data "ibm_resource_group" "group" { 2 | name = "default" 3 | } 4 | 5 | resource "ibm_resource_instance" "hp-postgres" { 6 | name = "hp-dbaas-postgresql" 7 | service = "hyperp-dbaas-postgresql" 8 | plan = "postgresql-flexible" 9 | location = "eu-de" 10 | resource_group_id = data.local.resource_group_id 11 | 12 | //User can increase timeouts 13 | timeouts { 14 | create = "15m" 15 | update = "15m" 16 | delete = "15m" 17 | } 18 | 19 | parameters = { 20 | name : "cluster01", 21 | admin_name : "admin", 22 | password : "Hyperprotectdbaas0001" 23 | confirm_password : "Hyperprotectdbaas0001", 24 | db_version : "13" 25 | cpu : "1", 26 | # kms_instance: "crn:v1:staging:public:kms:us-south:a/23a24a3e3fe7a115473f07be1c44bdb5:9eeb285a-88e4-4378-b7cf-dbdcd97b5e4e::", 27 | # kms_key: "ee742940-d87c-48de-abc9-d26a6184ba5a", 28 | memory : "2gib", 29 | private_endpoint_type : "vpe", 30 | service-endpoints : "public-and-private", 31 | storage : "5gib" 32 | } 33 | } 34 | 35 | -------------------------------------------------------------------------------- /terraform/hyperprotect/provider.tf: -------------------------------------------------------------------------------- 1 | ############################################################################## 2 | # IBM Cloud Provider 3 | # > Remove for use in schematics 4 | ############################################################################## 5 | 6 | terraform { 7 | required_version = ">= 1.0.11" 8 | required_providers { 9 | ibm = { 10 | source = "IBM-Cloud/ibm" 11 | version = "1.38.0" 12 | } 13 | } 14 | } 15 | 16 | provider "ibm" { 17 | ibmcloud_api_key = var.ibmcloud_api_key 18 | region = var.region 19 | ibmcloud_timeout = 60 20 | } 21 | 22 | ############################################################################## -------------------------------------------------------------------------------- /terraform/hyperprotect/variables.tf: -------------------------------------------------------------------------------- 1 | ############################################################################## 2 | # Account Variables 3 | ############################################################################## 4 | 5 | variable "ibmcloud_api_key" { 6 | description = "The IBM Cloud platform API key needed to deploy IAM enabled resources" 7 | } 8 | 9 | variable "prefix" { 10 | description = "A unique identifier need to provision resources. Must begin with a letter" 11 | type = string 12 | default = "" 13 | } 14 | 15 | variable "region" { 16 | description = "IBM Cloud region where all resources will be provisioned" 17 | default = "" 18 | } 19 | 20 | variable "resource_group" { 21 | description = "Name of resource group where all infrastructure will be provisioned" 22 | default = "" 23 | } 24 | 25 | variable "tags" { 26 | description = "List of Tags" 27 | type = list(string) 28 | default = ["tf", "mytodo"] 29 | } 30 | -------------------------------------------------------------------------------- /terraform/iam/account-rg.tf: -------------------------------------------------------------------------------- 1 | 2 | ############################################################################## 3 | # Create a resource group or reuse an existing one 4 | ############################################################################## 5 | 6 | resource "ibm_resource_group" "group" { 7 | name = "test-group" 8 | tags = var.tags 9 | } 10 | 11 | output "resource_group_name" { 12 | value = ibm_resource_group.group.name 13 | } 14 | 15 | resource "ibm_resource_group" "rg-vmware-lab" { 16 | name = "vmware-lab" 17 | tags = var.tags 18 | } 19 | -------------------------------------------------------------------------------- /terraform/iam/iam-users.tf: -------------------------------------------------------------------------------- 1 | 2 | # invite the users in the account and attach them to their access group 3 | resource "ibm_iam_user_invite" "invite_user" { 4 | users = ["first.last@gmail.com"] 5 | access_groups = [ibm_iam_access_group.ag-vmware-lab.id] 6 | } 7 | 8 | 9 | # Update the policies of existing users 10 | # Assign Access Group to an existing user 11 | resource "ibm_iam_access_group_members" "assign-vmware-ag-to-user" { 12 | access_group_id = ibm_iam_access_group.ag-vmware-lab.id 13 | ibm_ids = ["first.last@gmail.com"] 14 | } 15 | 16 | resource "ibm_iam_user_invite" "assign-existing-user-to-classic-infra" { 17 | users = ["first.last@gmail.com"] 18 | classic_infra_roles { 19 | # permission_set = "superuser" 20 | permission_set = "noacess" 21 | } 22 | } 23 | 24 | # Not supported by Terraform yet 25 | # resource "ibm_iam_user_policy" "policy" { 26 | # ibm_ids = ["lionel.mace@gmail.com"] 27 | # classic_infra_roles { 28 | # # permission_set = "superuser" 29 | # permission_set = "noacess" 30 | # } 31 | # } -------------------------------------------------------------------------------- /terraform/iam/provider.tf: -------------------------------------------------------------------------------- 1 | ############################################################################## 2 | # IBM Cloud Provider 3 | ############################################################################## 4 | 5 | terraform { 6 | required_version = ">=1.6" 7 | required_providers { 8 | ibm = { 9 | source = "IBM-Cloud/ibm" 10 | version = "1.67.1" 11 | } 12 | } 13 | } 14 | 15 | provider "ibm" { 16 | ibmcloud_api_key = var.ibmcloud_api_key 17 | region = var.region 18 | } 19 | 20 | ############################################################################## -------------------------------------------------------------------------------- /terraform/iam/variables.tf: -------------------------------------------------------------------------------- 1 | ############################################################################## 2 | # Account Variables 3 | ############################################################################## 4 | 5 | variable "ibmcloud_api_key" { 6 | description = "APIkey that's associated with the account to provision resources to" 7 | type = string 8 | default = "" 9 | sensitive = true 10 | } 11 | 12 | variable "region" { 13 | description = "IBM Cloud region where all resources will be provisioned (e.g. eu-de)" 14 | default = "eu-de" 15 | } 16 | 17 | variable "tags" { 18 | description = "List of Tags" 19 | type = list(string) 20 | default = ["tf", "iam"] 21 | } -------------------------------------------------------------------------------- /terraform/icd-mongo/account-iam-ag.tf: -------------------------------------------------------------------------------- 1 | # Create Access Group 2 | resource "ibm_iam_access_group" "accgrp" { 3 | name = format("%s-%s", local.basename, "ag") 4 | tags = var.tags 5 | } 6 | 7 | # Visibility on the Resource Group 8 | resource "ibm_iam_access_group_policy" "iam-rg-viewer" { 9 | access_group_id = ibm_iam_access_group.accgrp.id 10 | roles = ["Viewer"] 11 | resources { 12 | resource_type = "resource-group" 13 | resource = local.resource_group_id 14 | } 15 | } 16 | -------------------------------------------------------------------------------- /terraform/icd-mongo/account-rg.tf: -------------------------------------------------------------------------------- 1 | 2 | ############################################################################## 3 | # Create a resource group or reuse an existing one 4 | ############################################################################## 5 | 6 | resource "ibm_resource_group" "group" { 7 | name = "${local.basename}-group" 8 | tags = var.tags 9 | } 10 | 11 | output "resource_group_name" { 12 | value = ibm_resource_group.group.name 13 | } -------------------------------------------------------------------------------- /terraform/icd-mongo/provider.tf: -------------------------------------------------------------------------------- 1 | ############################################################################## 2 | # IBM Cloud Provider 3 | ############################################################################## 4 | 5 | terraform { 6 | required_version = ">=1.5" 7 | required_providers { 8 | ibm = { 9 | source = "IBM-Cloud/ibm" 10 | version = "1.59.1" 11 | } 12 | } 13 | } 14 | 15 | provider "ibm" { 16 | ibmcloud_api_key = var.ibmcloud_api_key 17 | region = var.region 18 | } 19 | 20 | ############################################################################## -------------------------------------------------------------------------------- /terraform/icd-mongo/testing.auto.tfvars: -------------------------------------------------------------------------------- 1 | ############################################################################## 2 | ## Global Variables 3 | ############################################################################## 4 | 5 | #region = "eu-de" # eu-de for Frankfurt MZR 6 | 7 | ############################################################################## 8 | ## VPC 9 | ############################################################################## 10 | vpc_classic_access = false 11 | vpc_address_prefix_management = "manual" 12 | vpc_enable_public_gateway = true 13 | 14 | 15 | ############################################################################## 16 | ## ICD Mongo 17 | ############################################################################## 18 | # Available Plans: standard, enterprise 19 | icd_mongo_plan = "standard" 20 | # expected length in the range (10 - 32) - must not contain special characters 21 | icd_mongo_adminpassword = "AdministratorPassw0rd01" 22 | icd_mongo_db_version = "5.0" 23 | icd_mongo_service_endpoints = "private" 24 | # VPE can only be used if Mongo Private endpoint is enabled 25 | icd_mongo_use_vpe = "true" 26 | 27 | # Minimum parameter for Enterprise Edition 28 | # icd_mongo_ram_allocation = 14336 29 | # icd_mongo_disk_allocation = 20480 30 | # icd_mongo_core_allocation = 6 31 | 32 | # Minimum parameter for Standard Edition 33 | icd_mongo_ram_allocation = 1024 34 | icd_mongo_disk_allocation = 20480 35 | icd_mongo_core_allocation = 0 36 | 37 | icd_mongo_users = [{ 38 | name = "user123" 39 | password = "password12" 40 | }] 41 | -------------------------------------------------------------------------------- /terraform/icd-mongo/variables.tf: -------------------------------------------------------------------------------- 1 | ############################################################################## 2 | # Account Variables 3 | ############################################################################## 4 | 5 | variable "ibmcloud_api_key" { 6 | description = "APIkey that's associated with the account to provision resources to" 7 | type = string 8 | default = "" 9 | sensitive = true 10 | } 11 | 12 | variable "prefix" { 13 | type = string 14 | default = "" 15 | description = "A prefix for all resources to be created. If none provided a random prefix will be created" 16 | } 17 | 18 | resource "random_string" "random" { 19 | count = var.prefix == "" ? 1 : 0 20 | 21 | length = 6 22 | special = false 23 | } 24 | 25 | locals { 26 | basename = lower(var.prefix == "" ? "icd-${random_string.random.0.result}" : var.prefix) 27 | } 28 | 29 | variable "region" { 30 | description = "IBM Cloud region where all resources will be provisioned (e.g. eu-de)" 31 | default = "eu-de" 32 | } 33 | 34 | variable "tags" { 35 | description = "List of Tags" 36 | type = list(string) 37 | default = ["tf", "cn"] 38 | } 39 | 40 | variable "emails" { 41 | description = "List of Emails to invite" 42 | type = list(string) 43 | default = [] 44 | } -------------------------------------------------------------------------------- /terraform/icd-postgres-modules/account-rg.tf: -------------------------------------------------------------------------------- 1 | 2 | ############################################################################## 3 | # Create a resource group or reuse an existing one 4 | ############################################################################## 5 | 6 | resource "ibm_resource_group" "group" { 7 | name = "${local.basename}-group" 8 | tags = var.tags 9 | } 10 | 11 | output "resource_group_name" { 12 | value = ibm_resource_group.group.name 13 | } -------------------------------------------------------------------------------- /terraform/icd-postgres-modules/provider.tf: -------------------------------------------------------------------------------- 1 | ############################################################################## 2 | # IBM Cloud Provider 3 | ############################################################################## 4 | 5 | terraform { 6 | required_version = ">=1.9" 7 | required_providers { 8 | ibm = { 9 | source = "IBM-Cloud/ibm" 10 | version = "1.74.0" 11 | } 12 | } 13 | } 14 | 15 | provider "ibm" { 16 | ibmcloud_api_key = var.ibmcloud_api_key 17 | region = var.region 18 | } 19 | 20 | ############################################################################## -------------------------------------------------------------------------------- /terraform/icd-postgres-modules/testing.auto.tfvars: -------------------------------------------------------------------------------- 1 | ############################################################################## 2 | ## Global Variables 3 | ############################################################################## 4 | 5 | #region = "eu-de" # eu-de for Frankfurt MZR 6 | 7 | 8 | ############################################################################## 9 | ## ICD Postgres 10 | ############################################################################## 11 | # Available Plans: standard, enterprise 12 | icd_pg_plan = "standard" 13 | # expected length in the range (10 - 32) - must not contain special characters 14 | icd_pg_admin_pass = "AdministratorPassw0rd01" 15 | icd_pg_version = "16" 16 | icd_pg_service_endpoints = "private" 17 | # VPE can only be used if Mongo Private endpoint is enabled 18 | icd_pg_use_vpe = "true" 19 | 20 | icd_pg_users = [{ 21 | name = "user123" 22 | password = "password12" 23 | }] 24 | -------------------------------------------------------------------------------- /terraform/icd-postgres-modules/variables.tf: -------------------------------------------------------------------------------- 1 | ############################################################################## 2 | # Account Variables 3 | ############################################################################## 4 | 5 | variable "ibmcloud_api_key" { 6 | description = "APIkey that's associated with the account to provision resources to" 7 | type = string 8 | default = "" 9 | sensitive = true 10 | } 11 | 12 | variable "prefix" { 13 | type = string 14 | default = "" 15 | description = "A prefix for all resources to be created. If none provided a random prefix will be created" 16 | } 17 | 18 | resource "random_string" "random" { 19 | count = var.prefix == "" ? 1 : 0 20 | 21 | length = 6 22 | special = false 23 | } 24 | 25 | locals { 26 | basename = lower(var.prefix == "" ? "icd-${random_string.random.0.result}" : var.prefix) 27 | } 28 | 29 | variable "region" { 30 | description = "IBM Cloud region where all resources will be provisioned (e.g. eu-de)" 31 | default = "eu-de" 32 | } 33 | 34 | variable "tags" { 35 | description = "List of Tags" 36 | type = list(string) 37 | default = ["tf", "icd"] 38 | } 39 | -------------------------------------------------------------------------------- /terraform/icd-postgres/account-iam-ag.tf: -------------------------------------------------------------------------------- 1 | # Create Access Group 2 | resource "ibm_iam_access_group" "accgrp" { 3 | name = format("%s-%s", local.basename, "ag") 4 | tags = var.tags 5 | } 6 | 7 | # Visibility on the Resource Group 8 | resource "ibm_iam_access_group_policy" "iam-rg-viewer" { 9 | access_group_id = ibm_iam_access_group.accgrp.id 10 | roles = ["Viewer"] 11 | resources { 12 | resource_type = "resource-group" 13 | resource = ibm_resource_group.group.id 14 | } 15 | } 16 | -------------------------------------------------------------------------------- /terraform/icd-postgres/account-rg.tf: -------------------------------------------------------------------------------- 1 | 2 | ############################################################################## 3 | # Create a resource group or reuse an existing one 4 | ############################################################################## 5 | 6 | resource "ibm_resource_group" "group" { 7 | name = "${local.basename}-group" 8 | tags = var.tags 9 | } 10 | 11 | output "resource_group_name" { 12 | value = ibm_resource_group.group.name 13 | } -------------------------------------------------------------------------------- /terraform/icd-postgres/provider.tf: -------------------------------------------------------------------------------- 1 | ############################################################################## 2 | # IBM Cloud Provider 3 | ############################################################################## 4 | 5 | terraform { 6 | required_version = ">=1.6" 7 | required_providers { 8 | ibm = { 9 | source = "IBM-Cloud/ibm" 10 | version = "1.74.0" 11 | } 12 | } 13 | } 14 | 15 | provider "ibm" { 16 | ibmcloud_api_key = var.ibmcloud_api_key 17 | region = var.region 18 | } 19 | 20 | ############################################################################## -------------------------------------------------------------------------------- /terraform/icd-postgres/testing.auto.tfvars: -------------------------------------------------------------------------------- 1 | ############################################################################## 2 | ## Global Variables 3 | ############################################################################## 4 | 5 | #region = "eu-de" # eu-de for Frankfurt MZR 6 | 7 | ############################################################################## 8 | ## VPC 9 | ############################################################################## 10 | vpc_address_prefix_management = "manual" 11 | vpc_enable_public_gateway = true 12 | 13 | 14 | ############################################################################## 15 | ## ICD Postgres 16 | ############################################################################## 17 | # Available Plans: standard, enterprise 18 | icd_postgres_plan = "standard" 19 | # expected length in the range (10 - 32) - must not contain special characters 20 | icd_postgres_adminpassword = "AdministratorPassw0rd01" 21 | icd_postgres_db_version = "16" 22 | icd_postgres_service_endpoints = "private" 23 | # VPE can only be used if Mongo Private endpoint is enabled 24 | icd_postgres_use_vpe = "true" 25 | 26 | # Minimum parameter for Enterprise Edition 27 | # icd_postgres_ram_allocation = 14336 28 | # icd_postgres_disk_allocation = 20480 29 | # icd_postgres_core_allocation = 6 30 | 31 | # Minimum parameter for Standard Edition 32 | icd_postgres_ram_allocation = 4096 33 | icd_postgres_disk_allocation = 5120 34 | icd_postgres_core_allocation = 2 35 | 36 | icd_postgres_users = [{ 37 | name = "user123" 38 | password = "password12" 39 | }] 40 | -------------------------------------------------------------------------------- /terraform/icd-postgres/variables.tf: -------------------------------------------------------------------------------- 1 | ############################################################################## 2 | # Account Variables 3 | ############################################################################## 4 | 5 | variable "ibmcloud_api_key" { 6 | description = "APIkey that's associated with the account to provision resources to" 7 | type = string 8 | default = "" 9 | sensitive = true 10 | } 11 | 12 | variable "prefix" { 13 | type = string 14 | default = "" 15 | description = "A prefix for all resources to be created. If none provided a random prefix will be created" 16 | } 17 | 18 | resource "random_string" "random" { 19 | count = var.prefix == "" ? 1 : 0 20 | 21 | length = 6 22 | special = false 23 | } 24 | 25 | locals { 26 | basename = lower(var.prefix == "" ? "icd-${random_string.random.0.result}" : var.prefix) 27 | } 28 | 29 | variable "region" { 30 | description = "IBM Cloud region where all resources will be provisioned (e.g. eu-de)" 31 | default = "eu-de" 32 | } 33 | 34 | variable "tags" { 35 | description = "List of Tags" 36 | type = list(string) 37 | default = ["tf", "cn"] 38 | } 39 | 40 | variable "emails" { 41 | description = "List of Emails to invite" 42 | type = list(string) 43 | default = [] 44 | } -------------------------------------------------------------------------------- /terraform/iks/account-rg.tf: -------------------------------------------------------------------------------- 1 | 2 | ############################################################################## 3 | # Create a resource group or reuse an existing one 4 | ############################################################################## 5 | 6 | resource "ibm_resource_group" "group" { 7 | name = "${local.basename}-group" 8 | tags = var.tags 9 | } 10 | 11 | output "resource_group_name" { 12 | value = ibm_resource_group.group.name 13 | } -------------------------------------------------------------------------------- /terraform/iks/provider.tf: -------------------------------------------------------------------------------- 1 | ############################################################################## 2 | # IBM Cloud Provider 3 | ############################################################################## 4 | 5 | terraform { 6 | required_version = ">=1.5" 7 | required_providers { 8 | ibm = { 9 | source = "IBM-Cloud/ibm" 10 | version = "1.59.0" 11 | } 12 | logdna = { 13 | source = "logdna/logdna" 14 | version = ">= 1.14.2" 15 | } 16 | http-full = { 17 | source = "salrashid123/http-full" 18 | } 19 | } 20 | } 21 | 22 | provider "http-full" {} 23 | 24 | provider "ibm" { 25 | ibmcloud_api_key = var.ibmcloud_api_key 26 | region = var.region 27 | } 28 | 29 | ############################################################################## -------------------------------------------------------------------------------- /terraform/iks/variables.tf: -------------------------------------------------------------------------------- 1 | ############################################################################## 2 | # Account Variables 3 | ############################################################################## 4 | 5 | variable "ibmcloud_api_key" { 6 | description = "APIkey that's associated with the account to provision resources to" 7 | type = string 8 | default = "" 9 | sensitive = true 10 | } 11 | 12 | variable "prefix" { 13 | type = string 14 | default = "" 15 | description = "A prefix for all resources to be created. If none provided a random prefix will be created" 16 | } 17 | 18 | resource "random_string" "random" { 19 | count = var.prefix == "" ? 1 : 0 20 | 21 | length = 6 22 | special = false 23 | } 24 | 25 | locals { 26 | basename = lower(var.prefix == "" ? "iks-${random_string.random.0.result}" : var.prefix) 27 | } 28 | 29 | variable "region" { 30 | description = "IBM Cloud region where all resources will be provisioned (e.g. eu-de)" 31 | default = "eu-de" 32 | } 33 | 34 | variable "tags" { 35 | description = "List of Tags" 36 | type = list(string) 37 | default = ["tf", "icn"] 38 | } 39 | 40 | # Account ID is required for CBR (Context Based Restrictions) and SCC scope 41 | ############################################################################## 42 | data "ibm_iam_auth_token" "tokendata" {} 43 | data "ibm_iam_account_settings" "account_settings" {} 44 | 45 | locals { 46 | account_id = data.ibm_iam_account_settings.account_settings.account_id 47 | } -------------------------------------------------------------------------------- /terraform/infracost-test/account-rg.tf: -------------------------------------------------------------------------------- 1 | 2 | ############################################################################## 3 | # Create a resource group or reuse an existing one 4 | ############################################################################## 5 | 6 | resource "ibm_resource_group" "group" { 7 | name = "${local.basename}-group" 8 | tags = var.tags 9 | } 10 | 11 | output "resource_group_name" { 12 | value = ibm_resource_group.group.name 13 | } -------------------------------------------------------------------------------- /terraform/infracost-test/provider.tf: -------------------------------------------------------------------------------- 1 | ############################################################################## 2 | # IBM Cloud Provider 3 | ############################################################################## 4 | 5 | terraform { 6 | required_version = ">=1.5" 7 | required_providers { 8 | ibm = { 9 | source = "IBM-Cloud/ibm" 10 | version = "1.63.0" 11 | } 12 | logdna = { 13 | source = "logdna/logdna" 14 | version = ">= 1.16.0" 15 | } 16 | http-full = { 17 | source = "salrashid123/http-full" 18 | version = "1.3.1" 19 | } 20 | } 21 | } 22 | 23 | provider "http-full" {} 24 | 25 | provider "ibm" { 26 | ibmcloud_api_key = var.ibmcloud_api_key 27 | region = var.region 28 | } 29 | 30 | ############################################################################## -------------------------------------------------------------------------------- /terraform/infracost-test/variables.tf: -------------------------------------------------------------------------------- 1 | ############################################################################## 2 | # Account Variables 3 | ############################################################################## 4 | 5 | variable "ibmcloud_api_key" { 6 | description = "APIkey that's associated with the account to provision resources to" 7 | type = string 8 | default = "" 9 | sensitive = true 10 | } 11 | 12 | variable "prefix" { 13 | type = string 14 | default = "" 15 | description = "A prefix for all resources to be created. If none provided a random prefix will be created" 16 | } 17 | 18 | resource "random_string" "random" { 19 | count = var.prefix == "" ? 1 : 0 20 | 21 | length = 6 22 | special = false 23 | } 24 | 25 | locals { 26 | basename = lower(var.prefix == "" ? "infracost-${random_string.random.0.result}" : var.prefix) 27 | } 28 | 29 | variable "region" { 30 | description = "IBM Cloud region where all resources will be provisioned (e.g. eu-de)" 31 | default = "eu-de" 32 | } 33 | 34 | variable "icr_region" { 35 | description = "IBM Container Registry Region (e.g. de.icr.io)" 36 | default = "de.icr.io" 37 | } 38 | 39 | variable "tags" { 40 | description = "List of Tags" 41 | type = list(string) 42 | default = ["tf", "icn"] 43 | } 44 | 45 | # Account ID is required for CBR (Context Based Restrictions) and SCC scope 46 | ############################################################################## 47 | data "ibm_iam_auth_token" "tokendata" {} 48 | data "ibm_iam_account_settings" "account_settings" {} 49 | 50 | locals { 51 | account_id = data.ibm_iam_account_settings.account_settings.account_id 52 | } -------------------------------------------------------------------------------- /terraform/internet-services/internet-services.tf: -------------------------------------------------------------------------------- 1 | 2 | data "ibm_cis" "cis_instance" { 3 | name = "cis-lionelmace" 4 | } 5 | 6 | data "ibm_cis_domain" "cis_instance_domain" { 7 | domain = "lionelmace.com" 8 | cis_id = data.ibm_cis.cis_instance.id 9 | } 10 | 11 | # resource "ibm_cis_certificate_order" "test" { 12 | # cis_id = data.ibm_cis.cis_instance.id 13 | # domain_id = data.ibm_cis_domain.cis_instance_domain.domain_id 14 | # hosts = ["test.lionelmace.com"] 15 | # # certificate_authority = "lets_encrypt" 16 | # } 17 | 18 | output "cis_instance_name" { 19 | value = data.ibm_cis.cis_instance.name 20 | } 21 | 22 | output "cis_instance_status" { 23 | value = data.ibm_cis_domain.cis_instance_domain.status 24 | } 25 | 26 | ## Workaround to order advanced certificate by API 27 | ############################################################################## 28 | data "ibm_iam_auth_token" "tokendata" {} 29 | 30 | data "http" "cis_certificate_order" { 31 | provider = http-full 32 | 33 | url = "https://api.cis.cloud.ibm.com/v2/${data.ibm_cis.cis_instance.id}/zones/${data.ibm_cis_domain.cis_instance_domain.domain_id}/ssl/certificate_packs/order" 34 | method = "POST" 35 | 36 | request_headers = { 37 | x-auth-user-token = data.ibm_iam_auth_token.tokendata.iam_access_token 38 | content-type = "application/json" 39 | accept = "application/json" 40 | } 41 | 42 | request_body = jsonencode( 43 | { 44 | type = "advanced" 45 | hosts = ["test.lionelmace.com"] 46 | validation_method = "txt" 47 | validity_days = 90 48 | certificate_authority = "lets_encrypt" 49 | } 50 | ) 51 | } -------------------------------------------------------------------------------- /terraform/internet-services/provider.tf: -------------------------------------------------------------------------------- 1 | ############################################################################## 2 | # IBM Cloud Provider 3 | ############################################################################## 4 | 5 | terraform { 6 | required_version = ">=1.4" 7 | required_providers { 8 | ibm = { 9 | source = "IBM-Cloud/ibm" 10 | version = "1.58.1" 11 | } 12 | http-full = { 13 | source = "salrashid123/http-full" 14 | } 15 | } 16 | } 17 | 18 | provider "http-full" {} 19 | 20 | provider "ibm" { 21 | ibmcloud_api_key = var.ibmcloud_api_key 22 | region = var.region 23 | } 24 | 25 | ############################################################################## -------------------------------------------------------------------------------- /terraform/internet-services/variables.tf: -------------------------------------------------------------------------------- 1 | ############################################################################## 2 | # Account Variables 3 | ############################################################################## 4 | 5 | variable "ibmcloud_api_key" { 6 | description = "APIkey that's associated with the account to provision resources to" 7 | type = string 8 | default = "" 9 | sensitive = true 10 | } 11 | 12 | variable "prefix" { 13 | type = string 14 | default = "" 15 | description = "A prefix for all resources to be created. If none provided a random prefix will be created" 16 | } 17 | 18 | resource "random_string" "random" { 19 | count = var.prefix == "" ? 1 : 0 20 | 21 | length = 6 22 | special = false 23 | } 24 | 25 | locals { 26 | basename = lower(var.prefix == "" ? "cis-${random_string.random.0.result}" : var.prefix) 27 | } 28 | 29 | variable "region" { 30 | description = "IBM Cloud region where all resources will be provisioned (e.g. eu-de)" 31 | default = "eu-de" 32 | } 33 | 34 | variable "tags" { 35 | description = "List of Tags" 36 | type = list(string) 37 | default = ["tf", "cn"] 38 | } -------------------------------------------------------------------------------- /terraform/labinabox-roks/account-rg.tf: -------------------------------------------------------------------------------- 1 | ############################################################################## 2 | # Create a resource group or reuse an existing one 3 | ############################################################################## 4 | 5 | variable "existing_resource_group_name" { 6 | default = "" 7 | description = "(Optional) Name of an existing resource group where to create resources" 8 | } 9 | 10 | resource "ibm_resource_group" "group" { 11 | count = var.existing_resource_group_name != "" ? 0 : 1 12 | name = "${local.basename}-group" 13 | tags = var.tags 14 | } 15 | 16 | data "ibm_resource_group" "group" { 17 | count = var.existing_resource_group_name != "" ? 1 : 0 18 | name = var.existing_resource_group_name 19 | } 20 | 21 | locals { 22 | resource_group_id = var.existing_resource_group_name != "" ? data.ibm_resource_group.group.0.id : ibm_resource_group.group.0.id 23 | } 24 | 25 | # output "resource_group_name" { 26 | # value = ibm_resource_group.group.name 27 | # } -------------------------------------------------------------------------------- /terraform/labinabox-roks/devops-notifications.tf: -------------------------------------------------------------------------------- 1 | resource "ibm_resource_instance" "event-notifications" { 2 | name = format("%s-%s", local.basename, "event-notifications") 3 | service = "event-notifications" 4 | plan = "lite" 5 | location = var.region 6 | resource_group_id = local.resource_group_id 7 | } -------------------------------------------------------------------------------- /terraform/labinabox-roks/observability-logs-iam.tf: -------------------------------------------------------------------------------- 1 | # IAM S2S Service to Service Authorization 2 | ############################################################################## 3 | 4 | # S2S Authorization from Cloud Logs to COS 5 | resource "ibm_iam_authorization_policy" "cloud-logs-cos" { 6 | source_service_name = "logs" 7 | # source_resource_instance_id = ibm_resource_instance.logs_instance.guid 8 | target_service_name = "cloud-object-storage" 9 | target_resource_instance_id = ibm_resource_instance.cos-for-logs.guid 10 | roles = ["Writer"] 11 | } 12 | 13 | # S2S Authorization from Logs Router to Cloud Logs 14 | resource "ibm_iam_authorization_policy" "cloud-logs-router" { 15 | source_service_name = "logs-router" 16 | target_service_name = "logs" 17 | target_resource_instance_id = ibm_resource_instance.logs_instance.guid 18 | roles = ["Sender"] 19 | } 20 | 21 | ############################################################################## 22 | resource "ibm_iam_authorization_policy" "iam-auth-kms-cos-for-logs" { 23 | source_service_name = "cloud-object-storage" 24 | source_resource_instance_id = ibm_resource_instance.cos-for-logs.guid 25 | target_service_name = "kms" 26 | target_resource_instance_id = ibm_resource_instance.key-protect.guid 27 | roles = ["Reader"] 28 | } 29 | 30 | ############################################################################## 31 | resource "ibm_iam_authorization_policy" "iam-auth-atracker-2-logs" { 32 | source_service_name = "atracker" 33 | target_service_name = "logs" 34 | target_resource_instance_id = ibm_resource_instance.logs_instance.guid 35 | roles = ["Sender"] 36 | } -------------------------------------------------------------------------------- /terraform/labinabox-roks/provider.tf: -------------------------------------------------------------------------------- 1 | ############################################################################## 2 | # IBM Cloud Provider 3 | ############################################################################## 4 | 5 | terraform { 6 | required_version = ">=1.6" 7 | required_providers { 8 | ibm = { 9 | source = "IBM-Cloud/ibm" 10 | version = "1.71.1" 11 | } 12 | logdna = { 13 | source = "logdna/logdna" 14 | version = ">= 1.16.0" 15 | } 16 | http-full = { 17 | source = "salrashid123/http-full" 18 | version = "1.3.1" 19 | } 20 | } 21 | } 22 | 23 | provider "http-full" {} 24 | 25 | provider "ibm" { 26 | ibmcloud_api_key = var.ibmcloud_api_key 27 | region = var.region 28 | } 29 | 30 | provider "helm" { 31 | kubernetes { 32 | host = data.ibm_container_cluster_config.roks_cluster_config.host 33 | token = data.ibm_container_cluster_config.roks_cluster_config.token 34 | cluster_ca_certificate = data.ibm_container_cluster_config.roks_cluster_config.ca_certificate 35 | } 36 | # IBM Cloud credentials are required to authenticate to the helm repo 37 | registry { 38 | url = "oci://icr.io/ibm/observe/logs-agent-helm" 39 | username = "iamapikey" 40 | password = var.ibmcloud_api_key # replace with an IBM cloud apikey 41 | } 42 | } 43 | 44 | # Init cluster config for helm 45 | # ############################################################################ 46 | data "ibm_container_cluster_config" "roks_cluster_config" { 47 | # update this value with the cluster ID where these agents will be provisioned 48 | cluster_name_id = ibm_container_vpc_cluster.roks_cluster.id 49 | resource_group_id = local.resource_group_id 50 | } -------------------------------------------------------------------------------- /terraform/labinabox-roks/security-scc-instance.tf: -------------------------------------------------------------------------------- 1 | ## SCC Instance 2 | ############################################################################## 3 | resource "ibm_resource_instance" "scc_instance" { 4 | name = format("%s-%s", local.basename, "scc") 5 | service = "compliance" 6 | plan = "security-compliance-center-standard-plan" 7 | location = var.region 8 | resource_group_id = local.resource_group_id 9 | } 10 | 11 | resource "ibm_scc_instance_settings" "scc_instance_settings" { 12 | instance_id = ibm_resource_instance.scc_instance.guid 13 | event_notifications { 14 | instance_crn = ibm_resource_instance.event-notifications.crn 15 | } 16 | object_storage { 17 | instance_crn = ibm_resource_instance.cos-scc.crn 18 | bucket = ibm_cos_bucket.scc-bucket.bucket_name 19 | } 20 | } 21 | -------------------------------------------------------------------------------- /terraform/labinabox-roks/variables.tf: -------------------------------------------------------------------------------- 1 | ############################################################################## 2 | # Account Variables 3 | ############################################################################## 4 | 5 | variable "ibmcloud_api_key" { 6 | description = "APIkey that's associated with the account to provision resources to" 7 | type = string 8 | default = "" 9 | sensitive = true 10 | } 11 | 12 | variable "prefix" { 13 | type = string 14 | default = "" 15 | description = "A prefix for all resources to be created. If none provided a random prefix will be created" 16 | } 17 | 18 | resource "random_string" "random" { 19 | count = var.prefix == "" ? 1 : 0 20 | 21 | length = 6 22 | special = false 23 | } 24 | 25 | locals { 26 | basename = lower(var.prefix == "" ? "icn-${random_string.random.0.result}" : var.prefix) 27 | } 28 | 29 | variable "region" { 30 | description = "IBM Cloud region where all resources will be provisioned (e.g. eu-de)" 31 | default = "eu-de" 32 | } 33 | 34 | variable "icr_region" { 35 | description = "IBM Container Registry Region (e.g. de.icr.io)" 36 | default = "de.icr.io" 37 | } 38 | 39 | variable "tags" { 40 | description = "List of Tags" 41 | type = list(string) 42 | default = ["tf", "icn"] 43 | } 44 | 45 | # Account ID is required for CBR (Context Based Restrictions) and SCC scope 46 | ############################################################################## 47 | data "ibm_iam_auth_token" "tokendata" {} 48 | data "ibm_iam_account_settings" "account_settings" {} 49 | 50 | locals { 51 | account_id = data.ibm_iam_account_settings.account_settings.account_id 52 | } -------------------------------------------------------------------------------- /terraform/mysql/clean-state.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | rm -rf .terraform 4 | rm .terraform.lock.hcl 5 | rm terraform.tfstate* 6 | 7 | echo 'All terraform states have been removed' 8 | -------------------------------------------------------------------------------- /terraform/mysql/iam.tf: -------------------------------------------------------------------------------- 1 | 2 | # Authorization policy between MySQL and Key Protect 3 | # Require to encrypt MySQL DB with Key in Key Protect 4 | resource "ibm_iam_authorization_policy" "mysql-kms" { 5 | source_service_name = "databases-for-mysql" 6 | target_service_name = "kms" 7 | roles = ["Reader", "Authorization Delegator"] 8 | } 9 | -------------------------------------------------------------------------------- /terraform/mysql/key-protect.tf: -------------------------------------------------------------------------------- 1 | ############################################################################## 2 | ## Key Protect 3 | ############################################################################## 4 | resource "ibm_resource_instance" "key-protect" { 5 | resource_group_id = ibm_resource_group.resource_group.id 6 | name = "${var.prefix}-key-protect" 7 | service = "kms" 8 | plan = "tiered-pricing" 9 | location = var.region 10 | tags = var.tags 11 | } 12 | 13 | resource "ibm_kp_key" "key" { 14 | key_protect_id = ibm_resource_instance.kp_instance.guid 15 | key_name = "${var.prefix}-encryption-key" 16 | standard_key = false 17 | force_delete = true 18 | } -------------------------------------------------------------------------------- /terraform/mysql/mysql.tf: -------------------------------------------------------------------------------- 1 | ############################################################################## 2 | ## ICD MySQL 3 | ############################################################################## 4 | resource "ibm_database" "icd_mysql" { 5 | name = "${var.prefix}-mysql" 6 | plan = var.icd_mysql_plan 7 | location = var.region 8 | version = var.icd_mysql_db_version 9 | service = "databases-for-mysql" 10 | resource_group_id = ibm_resource_group.resource_group.id 11 | tags = var.tags 12 | 13 | # Encrypt DB (comment to use IBM-provided Automatic Key) 14 | key_protect_instance = ibm_resource_instance.key-protect.id 15 | key_protect_key = ibm_kp_key.key.id 16 | backup_encryption_key_crn = ibm_kp_key.key.id 17 | depends_on = [ # require when using encryption key otherwise provisioning failed 18 | ibm_iam_authorization_policy.mysql-kms, 19 | ] 20 | 21 | # DB Settings 22 | adminpassword = var.icd_mysql_adminpassword 23 | members_memory_allocation_mb = 3072 # 1GB per member 24 | members_disk_allocation_mb = 61440 # 20GB per member 25 | # users { 26 | # name = "user123" 27 | # password = "password12" 28 | # } 29 | # whitelist { 30 | # address = "172.168.1.1/32" 31 | # description = "desc" 32 | # } 33 | } 34 | -------------------------------------------------------------------------------- /terraform/mysql/provider.tf: -------------------------------------------------------------------------------- 1 | ############################################################################## 2 | # IBM Cloud Provider 3 | # > Remove for use in schematics 4 | ############################################################################## 5 | 6 | terraform { 7 | required_version = ">= 1.0.11" 8 | required_providers { 9 | ibm = { 10 | source = "IBM-Cloud/ibm" 11 | version = "1.38.0" 12 | } 13 | } 14 | } 15 | 16 | provider "ibm" { 17 | ibmcloud_api_key = var.ibmcloud_api_key 18 | region = var.region 19 | ibmcloud_timeout = 60 20 | } 21 | 22 | ############################################################################## -------------------------------------------------------------------------------- /terraform/mysql/resource-group.tf: -------------------------------------------------------------------------------- 1 | 2 | ############################################################################## 3 | # Resource Group where Cloud Resources will be created 4 | ############################################################################## 5 | 6 | resource "ibm_resource_group" "resource_group" { 7 | name = var.resource_group 8 | } 9 | -------------------------------------------------------------------------------- /terraform/mysql/testing.tfvars: -------------------------------------------------------------------------------- 1 | ## terraform apply -var-file="testing.tfvars" 2 | 3 | ############################################################################## 4 | ## Global Variables 5 | ############################################################################## 6 | #ibmcloud_api_key = "" # Set the variable export TF_VAR_ibmcloud_api_key= 7 | prefix = "tf" 8 | region = "eu-de" # eu-de for Frankfurt MZR 9 | resource_group = "tf-mysql" 10 | tags = ["tf", "mysql"] 11 | 12 | ############################################################################## 13 | ## ICD MySQL 14 | ############################################################################## 15 | icd_mysql_plan = "standard" 16 | # expected length in the range (10 - 32) - must not contain special characters 17 | icd_mysql_adminpassword = "Passw0rd01" 18 | icd_mysql_db_version = "5.7" -------------------------------------------------------------------------------- /terraform/observability/README.md: -------------------------------------------------------------------------------- 1 | # Resources 2 | 3 | * [Observability Instances Terraform Modules](https://registry.terraform.io/modules/terraform-ibm-modules/observability-instances/ibm/latest) 4 | * [Example](https://github.com/terraform-ibm-modules/terraform-ibm-observability-instances/tree/main/examples/observability_archive) -------------------------------------------------------------------------------- /terraform/observability/account-iam-ag.tf: -------------------------------------------------------------------------------- 1 | # Create Access Group 2 | resource "ibm_iam_access_group" "accgrp" { 3 | name = format("%s-%s", local.basename, "ag") 4 | tags = var.tags 5 | } 6 | 7 | # Visibility on the Resource Group 8 | resource "ibm_iam_access_group_policy" "iam-rg-viewer" { 9 | access_group_id = ibm_iam_access_group.accgrp.id 10 | roles = ["Viewer"] 11 | resources { 12 | resource_type = "resource-group" 13 | resource = local.resource_group_id 14 | } 15 | } 16 | 17 | # Create a policy to all Kubernetes/OpenShift clusters within the Resource Group 18 | resource "ibm_iam_access_group_policy" "policy-k8s" { 19 | access_group_id = ibm_iam_access_group.accgrp.id 20 | roles = ["Manager", "Writer", "Editor", "Operator", "Viewer", "Administrator"] 21 | 22 | resources { 23 | service = "containers-kubernetes" 24 | resource_group_id = local.resource_group_id 25 | } 26 | } 27 | 28 | # Assign Administrator platform access role to enable the creation of API Key 29 | # Pre-Req to provision IKS/ROKS clusters within a Resource Group 30 | resource "ibm_iam_access_group_policy" "policy-k8s-identity-administrator" { 31 | access_group_id = ibm_iam_access_group.accgrp.id 32 | roles = ["Administrator", "User API key creator", "Service ID creator"] 33 | 34 | resources { 35 | service = "iam-identity" 36 | } 37 | } 38 | -------------------------------------------------------------------------------- /terraform/observability/account-rg.tf: -------------------------------------------------------------------------------- 1 | 2 | ############################################################################## 3 | # Create a resource group or reuse an existing one 4 | ############################################################################## 5 | 6 | resource "ibm_resource_group" "group" { 7 | name = "${local.basename}-group" 8 | tags = var.tags 9 | } 10 | 11 | output "resource_group_name" { 12 | value = ibm_resource_group.group.name 13 | } -------------------------------------------------------------------------------- /terraform/observability/provider.tf: -------------------------------------------------------------------------------- 1 | ############################################################################## 2 | # IBM Cloud Provider 3 | ############################################################################## 4 | 5 | terraform { 6 | required_version = ">=1.4" 7 | required_providers { 8 | ibm = { 9 | source = "IBM-Cloud/ibm" 10 | version = "1.58.0-beta0" 11 | } 12 | logdna = { 13 | source = "logdna/logdna" 14 | version = ">= 1.14.0" 15 | } 16 | } 17 | } 18 | 19 | provider "ibm" { 20 | ibmcloud_api_key = var.ibmcloud_api_key 21 | region = var.region 22 | } 23 | 24 | ############################################################################## -------------------------------------------------------------------------------- /terraform/observability/testing.auto.tfvars: -------------------------------------------------------------------------------- 1 | ############################################################################## 2 | ## Global Variables 3 | ############################################################################## 4 | 5 | #region = "eu-de" # eu-de for Frankfurt MZR 6 | 7 | 8 | ############################################################################## 9 | ## Observability: Log Analysis (Mezmo) & Monitoring (Sysdig) 10 | ############################################################################## 11 | # Available Plans: lite, 7-day, 14-day, 30-day 12 | log_plan = "7-day" 13 | log_enable_platform_logs = false 14 | 15 | sysdig_plan = "graduated-tier" 16 | sysdig_enable_platform_metrics = false 17 | 18 | -------------------------------------------------------------------------------- /terraform/observability/variables.tf: -------------------------------------------------------------------------------- 1 | ############################################################################## 2 | # Account Variables 3 | ############################################################################## 4 | 5 | variable "ibmcloud_api_key" { 6 | description = "APIkey that's associated with the account to provision resources to" 7 | type = string 8 | default = "" 9 | sensitive = true 10 | } 11 | 12 | variable "prefix" { 13 | type = string 14 | default = "" 15 | description = "A prefix for all resources to be created. If none provided a random prefix will be created" 16 | } 17 | 18 | resource "random_string" "random" { 19 | count = var.prefix == "" ? 1 : 0 20 | 21 | length = 6 22 | special = false 23 | } 24 | 25 | locals { 26 | basename = lower(var.prefix == "" ? "log-${random_string.random.0.result}" : var.prefix) 27 | } 28 | 29 | variable "region" { 30 | description = "IBM Cloud region where all resources will be provisioned (e.g. eu-de)" 31 | default = "eu-de" 32 | } 33 | 34 | variable "tags" { 35 | description = "List of Tags" 36 | type = list(string) 37 | default = ["tf", "cn"] 38 | } -------------------------------------------------------------------------------- /terraform/odmonroks/account-rg.tf: -------------------------------------------------------------------------------- 1 | ############################################################################## 2 | # Create a resource group or reuse an existing one 3 | ############################################################################## 4 | 5 | variable "existing_resource_group_name" { 6 | default = "" 7 | description = "(Optional) Name of an existing resource group where to create resources" 8 | } 9 | 10 | resource "ibm_resource_group" "group" { 11 | count = var.existing_resource_group_name != "" ? 0 : 1 12 | name = "${local.basename}-group" 13 | tags = var.tags 14 | } 15 | 16 | data "ibm_resource_group" "group" { 17 | count = var.existing_resource_group_name != "" ? 1 : 0 18 | name = var.existing_resource_group_name 19 | } 20 | 21 | locals { 22 | resource_group_id = var.existing_resource_group_name != "" ? data.ibm_resource_group.group.0.id : ibm_resource_group.group.0.id 23 | } 24 | 25 | # output "resource_group_name" { 26 | # value = ibm_resource_group.group.name 27 | # } -------------------------------------------------------------------------------- /terraform/odmonroks/iam-users.tf: -------------------------------------------------------------------------------- 1 | 2 | # invite the users in the account and attach them to their access group 3 | resource "ibm_iam_user_invite" "invite_user" { 4 | users = ["mathias.mouly@fr.ibm.com"] 5 | access_groups = [ibm_iam_access_group.accgrp.id] 6 | } 7 | -------------------------------------------------------------------------------- /terraform/odmonroks/provider.tf: -------------------------------------------------------------------------------- 1 | ############################################################################## 2 | # IBM Cloud Provider 3 | ############################################################################## 4 | 5 | terraform { 6 | required_version = ">=1.5" 7 | required_providers { 8 | ibm = { 9 | source = "IBM-Cloud/ibm" 10 | version = "1.66.0" 11 | } 12 | } 13 | } 14 | 15 | provider "ibm" { 16 | ibmcloud_api_key = var.ibmcloud_api_key 17 | region = var.region 18 | } -------------------------------------------------------------------------------- /terraform/odmonroks/variables.tf: -------------------------------------------------------------------------------- 1 | ############################################################################## 2 | # Account Variables 3 | ############################################################################## 4 | 5 | variable "ibmcloud_api_key" { 6 | description = "APIkey that's associated with the account to provision resources to" 7 | type = string 8 | default = "" 9 | sensitive = true 10 | } 11 | 12 | variable "prefix" { 13 | type = string 14 | default = "" 15 | description = "A prefix for all resources to be created. If none provided a random prefix will be created" 16 | } 17 | 18 | resource "random_string" "random" { 19 | count = var.prefix == "" ? 1 : 0 20 | 21 | length = 6 22 | special = false 23 | } 24 | 25 | locals { 26 | basename = lower(var.prefix == "" ? "odm-${random_string.random.0.result}" : var.prefix) 27 | } 28 | 29 | variable "region" { 30 | description = "IBM Cloud region where all resources will be provisioned (e.g. eu-de)" 31 | default = "eu-de" 32 | } 33 | 34 | variable "tags" { 35 | description = "List of Tags" 36 | type = list(string) 37 | default = ["tf", "odm"] 38 | } -------------------------------------------------------------------------------- /terraform/poc-openshift/attach-secrets-manager.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # APIKEY= 3 | # REGION= 4 | # CLUSTER_ID= 5 | # SECRETS_MANAGER_ID= 6 | set -e -o pipefail 7 | 8 | # install IBM Cloud CLI (not required if running in Schematics) 9 | # curl -fsSL https://clis.cloud.ibm.com/install/linux | sh 10 | 11 | # use IBM Cloud CLI to interact with Secrets Manager 12 | ibmcloud login --apikey $APIKEY -r $REGION 13 | ibmcloud plugin install secrets-manager -f 14 | 15 | # retrieve the URL of the Secrets Manager instance 16 | secrets_manager_json=$(ibmcloud resource service-instance $SECRETS_MANAGER_ID --output json | jq '.[0]') 17 | secrets_manager_url=https://$(echo $secrets_manager_json | jq -r '.extensions.virtual_private_endpoints | .dns_hosts[0]').${REGION}.secrets-manager.appdomain.cloud 18 | echo "Secrets Manager URL is $secrets_manager_url" 19 | 20 | # create a secret group 21 | # echo "Creating a secret group..." 22 | # ibmcloud secrets-manager secret-group-create \ 23 | # --resources='[ 24 | # { 25 | # "name": "custom-image-observability", 26 | # "description": "Created by terraform as part of the custom-image example." 27 | # } 28 | # ]' \ 29 | # --output json \ 30 | # --service-url $secrets_manager_url 31 | 32 | # attach the secrets manager instance to the cluster 33 | echo "Attaching the secrets manager..." 34 | ibmcloud ks ingress instance register \ 35 | --cluster $CLUSTER_ID \ 36 | --crn $SECRETS_MANAGER_ID \ 37 | --is-default 38 | 39 | ibmcloud logout -------------------------------------------------------------------------------- /terraform/poc-openshift/clean-state.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | rm -rf .terraform 4 | rm .terraform.lock.hcl 5 | rm terraform.tfstate* 6 | 7 | echo 'All terraform states have been removed' 8 | -------------------------------------------------------------------------------- /terraform/poc-openshift/continuous-delivery.tf: -------------------------------------------------------------------------------- 1 | resource "ibm_resource_instance" "continuous-delivery" { 2 | resource_group_id = ibm_resource_group.resource_group.id 3 | name = "${var.prefix}-continuous-delivery" 4 | service = "continuous-delivery" 5 | plan = "professional" 6 | location = var.region 7 | tags = var.tags 8 | } -------------------------------------------------------------------------------- /terraform/poc-openshift/cos.tf: -------------------------------------------------------------------------------- 1 | 2 | ############################################################################## 3 | # COS Service for OpenShift Internal Registry 4 | ############################################################################## 5 | 6 | module "cos" { 7 | source = "terraform-ibm-modules/cos/ibm//modules/instance" 8 | 9 | resource_group_id = ibm_resource_group.resource_group.id 10 | service_name = "${var.prefix}-openshift-registry" 11 | plan = var.cos_plan 12 | region = var.cos_region 13 | tags = var.tags 14 | key_tags = var.tags 15 | } 16 | 17 | output "cos_instance_crn" { 18 | description = "The CRN of the COS instance" 19 | value = module.cos.cos_instance_id 20 | } -------------------------------------------------------------------------------- /terraform/poc-openshift/invite-users.tf: -------------------------------------------------------------------------------- 1 | resource "ibm_iam_user_invite" "invite_user" { 2 | users = ["first.lastname@ibm.com"] 3 | access_groups = [ibm_iam_access_group.accgrp.id] 4 | } -------------------------------------------------------------------------------- /terraform/poc-openshift/key-protect.tf: -------------------------------------------------------------------------------- 1 | ############################################################################## 2 | ## Key Protect 3 | ############################################################################## 4 | resource "ibm_resource_instance" "key-protect" { 5 | resource_group_id = ibm_resource_group.resource_group.id 6 | name = "${var.prefix}-key-protect" 7 | service = "kms" 8 | plan = "tiered-pricing" 9 | location = var.region 10 | tags = var.tags 11 | service_endpoints = "private" 12 | } 13 | 14 | resource "ibm_kp_key" "key" { 15 | key_protect_id = ibm_resource_instance.key-protect.guid 16 | key_name = "${var.prefix}-root-key" 17 | standard_key = false 18 | force_delete = true 19 | } -------------------------------------------------------------------------------- /terraform/poc-openshift/log-analysis.tf: -------------------------------------------------------------------------------- 1 | ############################################################################## 2 | # Log Analysis Services 3 | ############################################################################## 4 | 5 | module "logging_instance" { 6 | source = "terraform-ibm-modules/observability/ibm//modules/logging-instance" 7 | 8 | resource_group_id = ibm_resource_group.resource_group.id 9 | name = "${var.prefix}-logs" 10 | is_sts_instance = false 11 | service_endpoints = var.logdna_service_endpoints 12 | bind_key = var.logdna_bind_key 13 | key_name = var.logdna_key_name 14 | plan = var.logdna_plan 15 | enable_platform_logs = var.logdna_enable_platform_logs 16 | region = var.region 17 | tags = var.tags 18 | key_tags = var.tags 19 | } 20 | 21 | output "logdna_instance_id" { 22 | description = "The ID of the Log Analysis instance" 23 | value = module.logging_instance.id 24 | } -------------------------------------------------------------------------------- /terraform/poc-openshift/monitoring-sysdig.tf: -------------------------------------------------------------------------------- 1 | 2 | ############################################################################## 3 | # Monitoring Services 4 | ############################################################################## 5 | 6 | module "monitoring_instance" { 7 | source = "terraform-ibm-modules/observability/ibm//modules/monitoring-sysdig" 8 | 9 | resource_group_id = ibm_resource_group.resource_group.id 10 | name = "${var.prefix}-monitoring" 11 | plan = var.sysdig_plan 12 | service_endpoints = var.sysdig_service_endpoints 13 | enable_platform_metrics = var.sysdig_enable_platform_metrics 14 | bind_key = var.sysdig_bind_key 15 | key_name = var.sysdig_key_name 16 | region = var.region 17 | tags = var.tags 18 | key_tags = var.tags 19 | } 20 | 21 | output "monitoring_instance_id" { 22 | description = "The ID of the Cloud Monitoring instance" 23 | value = module.monitoring_instance.id 24 | } -------------------------------------------------------------------------------- /terraform/poc-openshift/provider.tf: -------------------------------------------------------------------------------- 1 | ############################################################################## 2 | # IBM Cloud Provider 3 | ############################################################################## 4 | 5 | terraform { 6 | required_version = ">=1.1" 7 | required_providers { 8 | ibm = { 9 | source = "IBM-Cloud/ibm" 10 | version = "1.46.0" 11 | } 12 | } 13 | } 14 | 15 | provider "ibm" { 16 | ibmcloud_api_key = var.ibmcloud_api_key 17 | region = var.region 18 | #ibmcloud_timeout = 60 19 | } 20 | 21 | ############################################################################## -------------------------------------------------------------------------------- /terraform/poc-openshift/resource-group.tf: -------------------------------------------------------------------------------- 1 | 2 | ############################################################################## 3 | # Resource Group where Cloud Resources will be created 4 | ############################################################################## 5 | 6 | resource "ibm_resource_group" "resource_group" { 7 | name = var.resource_group 8 | } 9 | -------------------------------------------------------------------------------- /terraform/scc/account-iam-ag.tf: -------------------------------------------------------------------------------- 1 | # Create Access Group 2 | resource "ibm_iam_access_group" "accgrp" { 3 | name = format("%s-%s", local.basename, "ag") 4 | tags = var.tags 5 | } 6 | 7 | # Visibility on the Resource Group 8 | resource "ibm_iam_access_group_policy" "iam-rg-viewer" { 9 | access_group_id = ibm_iam_access_group.accgrp.id 10 | roles = ["Viewer"] 11 | resources { 12 | resource_type = "resource-group" 13 | resource = ibm_resource_group.group.id 14 | } 15 | } 16 | 17 | # Authorization policy between SCC (Source) and COS Bucket (Target) 18 | # Requires by the new SCC to store SCC evaluation results into a COS bucket 19 | resource "ibm_iam_authorization_policy" "iam-auth-scc-cos" { 20 | source_service_name = "compliance" 21 | target_service_name = "cloud-object-storage" 22 | target_resource_instance_id = ibm_resource_instance.cos-scc.guid 23 | roles = ["Writer"] 24 | } 25 | 26 | resource "ibm_iam_authorization_policy" "iam-auth-kms-cos" { 27 | source_service_name = "cloud-object-storage" 28 | source_resource_instance_id = ibm_resource_instance.cos-scc.guid 29 | target_service_name = "kms" 30 | target_resource_instance_id = ibm_resource_instance.key-protect.guid 31 | roles = ["Reader"] 32 | } -------------------------------------------------------------------------------- /terraform/scc/account-rg.tf: -------------------------------------------------------------------------------- 1 | 2 | ############################################################################## 3 | # Create a resource group or reuse an existing one 4 | ############################################################################## 5 | 6 | resource "ibm_resource_group" "group" { 7 | name = "${local.basename}-group" 8 | tags = var.tags 9 | } 10 | 11 | output "resource_group_name" { 12 | value = ibm_resource_group.group.name 13 | } -------------------------------------------------------------------------------- /terraform/scc/devops-notifications.tf: -------------------------------------------------------------------------------- 1 | resource "ibm_resource_instance" "event-notifications" { 2 | name = format("%s-%s", local.basename, "event-notifications") 3 | service = "event-notifications" 4 | plan = "lite" 5 | location = var.region 6 | resource_group_id = ibm_resource_group.group.id 7 | } -------------------------------------------------------------------------------- /terraform/scc/provider.tf: -------------------------------------------------------------------------------- 1 | ############################################################################## 2 | # IBM Cloud Provider 3 | ############################################################################## 4 | 5 | terraform { 6 | required_version = ">=1.6" 7 | required_providers { 8 | ibm = { 9 | source = "IBM-Cloud/ibm" 10 | version = "1.71.3" 11 | } 12 | http-full = { 13 | source = "salrashid123/http-full" 14 | } 15 | } 16 | } 17 | 18 | provider "http-full" {} 19 | 20 | provider "ibm" { 21 | ibmcloud_api_key = var.ibmcloud_api_key 22 | region = var.region 23 | } 24 | 25 | ############################################################################## -------------------------------------------------------------------------------- /terraform/scc/security-scc-instance.tf: -------------------------------------------------------------------------------- 1 | ## SCC Instance 2 | ############################################################################## 3 | resource "ibm_resource_instance" "scc_instance" { 4 | name = format("%s-%s", local.basename, "scc") 5 | service = "compliance" 6 | plan = "security-compliance-center-standard-plan" 7 | location = var.region 8 | resource_group_id = ibm_resource_group.group.id 9 | } 10 | 11 | resource "ibm_scc_instance_settings" "scc_instance_settings" { 12 | instance_id = ibm_resource_instance.scc_instance.guid 13 | event_notifications { 14 | instance_crn = ibm_resource_instance.event-notifications.crn 15 | source_name = format("%s-%s", local.basename, "scc-notifications") 16 | } 17 | object_storage { 18 | instance_crn = ibm_resource_instance.cos-scc.crn 19 | bucket = ibm_cos_bucket.scc-bucket.bucket_name 20 | } 21 | } 22 | -------------------------------------------------------------------------------- /terraform/scc/variables.tf: -------------------------------------------------------------------------------- 1 | ############################################################################## 2 | # Account Variables 3 | ############################################################################## 4 | 5 | variable "ibmcloud_api_key" { 6 | description = "APIkey that's associated with the account to provision resources to" 7 | type = string 8 | default = "" 9 | sensitive = true 10 | } 11 | 12 | variable "prefix" { 13 | type = string 14 | default = "" 15 | description = "A prefix for all resources to be created. If none provided a random prefix will be created" 16 | } 17 | 18 | resource "random_string" "random" { 19 | count = var.prefix == "" ? 1 : 0 20 | 21 | length = 6 22 | special = false 23 | } 24 | 25 | locals { 26 | basename = lower(var.prefix == "" ? "scc-${random_string.random.0.result}" : var.prefix) 27 | } 28 | 29 | variable "region" { 30 | description = "IBM Cloud region where all resources will be provisioned (e.g. eu-de)" 31 | default = "eu-de" 32 | } 33 | 34 | variable "tags" { 35 | description = "List of Tags" 36 | type = list(string) 37 | default = ["tf", "scc"] 38 | } 39 | 40 | # Account ID is required for the SCC Scope 41 | ############################################################################## 42 | data "ibm_iam_account_settings" "account_settings" { 43 | } 44 | 45 | locals { 46 | account_id = data.ibm_iam_account_settings.account_settings.account_id 47 | } 48 | -------------------------------------------------------------------------------- /terraform/secrets-manager/account-rg.tf: -------------------------------------------------------------------------------- 1 | 2 | ############################################################################## 3 | # Create a resource group or reuse an existing one 4 | ############################################################################## 5 | 6 | resource "ibm_resource_group" "group" { 7 | name = "${local.basename}-group" 8 | tags = var.tags 9 | } 10 | 11 | output "resource_group_name" { 12 | value = ibm_resource_group.group.name 13 | } -------------------------------------------------------------------------------- /terraform/secrets-manager/networking-vpn-secrets.tf: -------------------------------------------------------------------------------- 1 | 2 | # variable "existing_secrets_manager_guid" { 3 | # description = "GUID of an existing Secrets Manager instance located in the same region" 4 | # type = string 5 | # default = "" 6 | # } 7 | 8 | resource "ibm_sm_secret_group" "secret_group" { 9 | # instance_id = var.existing_secrets_manager_guid 10 | instance_id = local.secrets_manager_guid 11 | name = "${local.basename}-vpn-group" 12 | region = var.region 13 | description = "Created by terraform as part of the client VPN example." 14 | } 15 | 16 | 17 | -------------------------------------------------------------------------------- /terraform/secrets-manager/provider.tf: -------------------------------------------------------------------------------- 1 | ############################################################################## 2 | # IBM Cloud Provider 3 | ############################################################################## 4 | 5 | terraform { 6 | required_version = ">=1.6" 7 | required_providers { 8 | ibm = { 9 | source = "IBM-Cloud/ibm" 10 | version = "1.68.1" 11 | } 12 | } 13 | } 14 | 15 | provider "ibm" { 16 | ibmcloud_api_key = var.ibmcloud_api_key 17 | region = var.region 18 | } 19 | 20 | ############################################################################## -------------------------------------------------------------------------------- /terraform/secrets-manager/testing.auto.tfvars: -------------------------------------------------------------------------------- 1 | ############################################################################## 2 | ## Global Variables 3 | ############################################################################## 4 | 5 | #region = "eu-de" # eu-de for Frankfurt MZR 6 | #icr_region = "de.icr.io" 7 | 8 | ############################################################################## 9 | ## VPC 10 | ############################################################################## 11 | # vpc_classic_access = false 12 | # vpc_address_prefix_management = "manual" 13 | # vpc_enable_public_gateway = true 14 | 15 | 16 | ############################################################################## 17 | ## Secrets Manager 18 | ############################################################################## 19 | existing_secrets_manager_name = "secrets-manager" -------------------------------------------------------------------------------- /terraform/secrets-manager/variables.tf: -------------------------------------------------------------------------------- 1 | ############################################################################## 2 | # Account Variables 3 | ############################################################################## 4 | 5 | variable "ibmcloud_api_key" { 6 | description = "APIkey that's associated with the account to provision resources to" 7 | type = string 8 | default = "" 9 | sensitive = true 10 | } 11 | 12 | variable "prefix" { 13 | type = string 14 | default = "" 15 | description = "A prefix for all resources to be created. If none provided a random prefix will be created" 16 | } 17 | 18 | resource "random_string" "random" { 19 | count = var.prefix == "" ? 1 : 0 20 | 21 | length = 6 22 | special = false 23 | } 24 | 25 | locals { 26 | basename = lower(var.prefix == "" ? "sm-${random_string.random.0.result}" : var.prefix) 27 | } 28 | 29 | variable "region" { 30 | description = "IBM Cloud region where all resources will be provisioned (e.g. eu-de)" 31 | default = "eu-de" 32 | } 33 | 34 | variable "icr_region" { 35 | description = "IBM Container Registry Region (e.g. de.icr.io)" 36 | default = "de.icr.io" 37 | } 38 | 39 | variable "tags" { 40 | description = "List of Tags" 41 | type = list(string) 42 | default = ["tf", "icn"] 43 | } 44 | 45 | # Account ID is required for CBR (Context Based Restrictions) and SCC scope 46 | ############################################################################## 47 | data "ibm_iam_auth_token" "tokendata" {} 48 | data "ibm_iam_account_settings" "account_settings" {} 49 | 50 | locals { 51 | account_id = data.ibm_iam_account_settings.account_settings.account_id 52 | } -------------------------------------------------------------------------------- /terraform/sysdig/main.tf: -------------------------------------------------------------------------------- 1 | provider "ibm" { 2 | ibmcloud_api_key = var.ibmcloud_api_key 3 | region = var.location 4 | } 5 | 6 | data "ibm_resource_group" "sysDig_group" { 7 | name = var.rg_name 8 | } 9 | 10 | resource "ibm_resource_instance" "sys_dig" { 11 | name = var.instance_name 12 | service = "sysdig-monitor" 13 | plan = "graduated-tier" 14 | location = var.location 15 | resource_group_id = data.ibm_resource_group.id 16 | 17 | //User can increase timeouts 18 | timeouts { 19 | create = "15m" 20 | update = "15m" 21 | delete = "15m" 22 | } 23 | } -------------------------------------------------------------------------------- /terraform/sysdig/variables.tf: -------------------------------------------------------------------------------- 1 | variable "ibmcloud_api_key" { 2 | type = string 3 | } 4 | 5 | variable "location" { 6 | default = "eu-de" 7 | } 8 | 9 | variable "instance_name" { 10 | default = "sysdig-eude-1" 11 | } 12 | 13 | variable "rg_name" { 14 | default = "dev" 15 | } -------------------------------------------------------------------------------- /terraform/terraformer/provider.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">=1.6" 3 | required_providers { 4 | ibm = { 5 | source = "IBM-Cloud/ibm" 6 | version = "1.60.0" 7 | } 8 | } 9 | } 10 | 11 | provider "ibm" { 12 | ibmcloud_api_key = var.ibmcloud_api_key 13 | region = var.region 14 | } 15 | -------------------------------------------------------------------------------- /terraform/terraformer/terraformer-generated.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lionelmace/ibmcloud-utils/a34e03a070df4bcd2a8b5fd8a6954ec9b25af83d/terraform/terraformer/terraformer-generated.png -------------------------------------------------------------------------------- /terraform/terraformer/variables.tf: -------------------------------------------------------------------------------- 1 | variable "ibmcloud_api_key" { 2 | type = string 3 | } 4 | 5 | variable "region" { 6 | type = string 7 | default = "eu-de" 8 | description = "Region where to deploy the resources" 9 | } -------------------------------------------------------------------------------- /terraform/transit-gateway/account-rg.tf: -------------------------------------------------------------------------------- 1 | 2 | ############################################################################## 3 | # Create a resource group or reuse an existing one 4 | ############################################################################## 5 | 6 | resource "ibm_resource_group" "group" { 7 | name = "${local.basename}-group" 8 | tags = var.tags 9 | } 10 | 11 | output "resource_group_name" { 12 | value = ibm_resource_group.group.name 13 | } -------------------------------------------------------------------------------- /terraform/transit-gateway/provider.tf: -------------------------------------------------------------------------------- 1 | ############################################################################## 2 | # IBM Cloud Provider 3 | ############################################################################## 4 | 5 | terraform { 6 | required_version = ">=1.4" 7 | required_providers { 8 | ibm = { 9 | source = "IBM-Cloud/ibm" 10 | version = "1.58.1" 11 | } 12 | http-full = { 13 | source = "salrashid123/http-full" 14 | } 15 | } 16 | } 17 | 18 | provider "http-full" {} 19 | 20 | provider "ibm" { 21 | ibmcloud_api_key = var.ibmcloud_api_key 22 | region = var.region 23 | } 24 | 25 | ############################################################################## -------------------------------------------------------------------------------- /terraform/transit-gateway/transit-gateway.tf: -------------------------------------------------------------------------------- 1 | 2 | resource "ibm_tg_gateway" "my_tgw" { 3 | name = "transit-gateway-1" 4 | location = "eu-de" 5 | global = false 6 | resource_group = local.resource_group_id 7 | } 8 | 9 | resource "ibm_tg_connection" "test_ibm_tg_connection" { 10 | gateway = ibm_tg_gateway.my_tgw.id 11 | network_type = "vpc" 12 | name = "myconnection" 13 | network_id = ibm_is_vpc.vpc.crn 14 | } 15 | 16 | resource "ibm_tg_connection" "test_ibm_tg_connection2" { 17 | gateway = ibm_tg_gateway.my_tgw.id 18 | network_type = "vpc" 19 | name = "myconnection2" 20 | network_id = ibm_is_vpc.vpc2.crn 21 | } 22 | 23 | ## Workaround to tag transit gateway 24 | ## To be removed once TGW supports tagging via Terraform 25 | ## RFE: https://github.com/IBM-Cloud/terraform-provider-ibm/issues/4856 26 | ############################################################################## 27 | data "ibm_iam_auth_token" "tokendata" {} 28 | 29 | data "http" "tag_resource" { 30 | provider = http-full 31 | 32 | url = "https://tags.global-search-tagging.cloud.ibm.com/v3/tags/attach?tag_type=user" 33 | method = "POST" 34 | 35 | request_headers = { 36 | authorization = data.ibm_iam_auth_token.tokendata.iam_access_token 37 | content-type = "application/json" 38 | accept = "application/json" 39 | } 40 | 41 | request_body = jsonencode( 42 | { 43 | resources = [{ resource_id = "${ibm_tg_gateway.my_tgw.crn}" }] 44 | tag_names = ["tf", "tag_2"] 45 | } 46 | ) 47 | } -------------------------------------------------------------------------------- /terraform/transit-gateway/variables.tf: -------------------------------------------------------------------------------- 1 | ############################################################################## 2 | # Account Variables 3 | ############################################################################## 4 | 5 | variable "ibmcloud_api_key" { 6 | description = "APIkey that's associated with the account to provision resources to" 7 | type = string 8 | default = "" 9 | sensitive = true 10 | } 11 | 12 | variable "prefix" { 13 | type = string 14 | default = "" 15 | description = "A prefix for all resources to be created. If none provided a random prefix will be created" 16 | } 17 | 18 | resource "random_string" "random" { 19 | count = var.prefix == "" ? 1 : 0 20 | 21 | length = 6 22 | special = false 23 | } 24 | 25 | locals { 26 | basename = lower(var.prefix == "" ? "tgw-${random_string.random.0.result}" : var.prefix) 27 | } 28 | 29 | variable "region" { 30 | description = "IBM Cloud region where all resources will be provisioned (e.g. eu-de)" 31 | default = "eu-de" 32 | } 33 | 34 | variable "tags" { 35 | description = "List of Tags" 36 | type = list(string) 37 | default = ["tf", "tgw"] 38 | } -------------------------------------------------------------------------------- /terraform/vpc-cluster-module/clean-state.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | rm -rf .terraform 4 | rm .terraform.lock.hcl 5 | rm terraform.tfstate* 6 | 7 | echo 'All terraform states have been removed' 8 | -------------------------------------------------------------------------------- /terraform/vpc-cluster-module/cos.tf: -------------------------------------------------------------------------------- 1 | 2 | ############################################################################## 3 | # COS Service for OpenShift Internal Registry 4 | ############################################################################## 5 | 6 | module "cos" { 7 | source = "terraform-ibm-modules/cos/ibm//modules/instance" 8 | 9 | resource_group_id = ibm_resource_group.resource_group.id 10 | service_name = "${var.prefix}-openshift-registry" 11 | plan = var.cos_plan 12 | region = var.cos_region 13 | tags = var.tags 14 | key_tags = var.tags 15 | # service_endpoints = var.service_endpoints 16 | # resource_key_name = var.resource_key_name 17 | # role = var.role 18 | # bind_resource_key = var.bind_resource_key 19 | # key_parameters = var.key_parameters 20 | } 21 | 22 | output "cos_instance_crn" { 23 | description = "The CRN of the COS instance" 24 | value = module.cos.cos_instance_id 25 | } -------------------------------------------------------------------------------- /terraform/vpc-cluster-module/iam.tf: -------------------------------------------------------------------------------- 1 | resource "ibm_iam_access_group" "accgrp" { 2 | name = "${var.prefix}-ag" 3 | tags = var.tags 4 | } 5 | 6 | # Create a policy to all Kubernetes instances within the Resource Group 7 | resource "ibm_iam_access_group_policy" "policy-k8s" { 8 | access_group_id = ibm_iam_access_group.accgrp.id 9 | roles = ["Viewer"] 10 | 11 | resources { 12 | service = "containers-kubernetes" 13 | resource_group_id = ibm_resource_group.resource_group.id 14 | } 15 | } 16 | 17 | -------------------------------------------------------------------------------- /terraform/vpc-cluster-module/log-analysis.tf: -------------------------------------------------------------------------------- 1 | ############################################################################## 2 | # Log Analysis Services 3 | ############################################################################## 4 | 5 | module "logging_instance" { 6 | source = "terraform-ibm-modules/observability/ibm//modules/logging-instance" 7 | 8 | resource_group_id = ibm_resource_group.resource_group.id 9 | name = "${var.prefix}-logs" 10 | is_sts_instance = false 11 | service_endpoints = var.logdna_service_endpoints 12 | bind_key = var.logdna_bind_key 13 | key_name = var.logdna_key_name 14 | plan = var.logdna_plan 15 | enable_platform_logs = var.logdna_enable_platform_logs 16 | region = var.region 17 | tags = var.tags 18 | key_tags = var.tags 19 | # role = var.logdna_role 20 | } 21 | 22 | output "logdna_instance_id" { 23 | description = "The ID of the Log Analysis instance" 24 | value = module.logging_instance.id 25 | } -------------------------------------------------------------------------------- /terraform/vpc-cluster-module/monitoring-sysdig.tf: -------------------------------------------------------------------------------- 1 | 2 | ############################################################################## 3 | # Monitoring Services 4 | ############################################################################## 5 | 6 | module "monitoring_instance" { 7 | source = "terraform-ibm-modules/observability/ibm//modules/monitoring-sysdig" 8 | 9 | resource_group_id = ibm_resource_group.resource_group.id 10 | name = "${var.prefix}-monitoring" 11 | plan = var.sysdig_plan 12 | service_endpoints = var.sysdig_service_endpoints 13 | enable_platform_metrics = var.sysdig_enable_platform_metrics 14 | bind_key = var.sysdig_bind_key 15 | key_name = var.sysdig_key_name 16 | region = var.region 17 | tags = var.tags 18 | key_tags = var.tags 19 | } 20 | 21 | output "monitoring_instance_id" { 22 | description = "The ID of the Cloud Monitoring instance" 23 | value = module.monitoring_instance.id 24 | } -------------------------------------------------------------------------------- /terraform/vpc-cluster-module/provider.tf: -------------------------------------------------------------------------------- 1 | ############################################################################## 2 | # IBM Cloud Provider 3 | ############################################################################## 4 | 5 | terraform { 6 | required_version = ">=1.0" 7 | required_providers { 8 | ibm = { 9 | source = "IBM-Cloud/ibm" 10 | version = "1.39.1" 11 | } 12 | } 13 | } 14 | 15 | provider "ibm" { 16 | ibmcloud_api_key = var.ibmcloud_api_key 17 | region = var.region 18 | ibmcloud_timeout = 60 19 | } 20 | 21 | ############################################################################## -------------------------------------------------------------------------------- /terraform/vpc-cluster-module/resource-group.tf: -------------------------------------------------------------------------------- 1 | 2 | ############################################################################## 3 | # Resource Group where Cloud Resources will be created 4 | ############################################################################## 5 | 6 | resource "ibm_resource_group" "resource_group" { 7 | name = var.resource_group 8 | } 9 | -------------------------------------------------------------------------------- /terraform/vpc/bastion/variables.tf: -------------------------------------------------------------------------------- 1 | variable "zone1" { 2 | default = "eu-de-1" 3 | } 4 | 5 | variable "ssh_public_key" { 6 | default = "~/.ssh/id_rsa.pub" 7 | } 8 | 9 | variable "image" { 10 | default = "cc8debe0-1b30-6e37-2e13-744bfb2a0c11" #Centos 11 | } 12 | 13 | variable "profile" { 14 | default = "bc1-2x8" #2CPUs and 8GB RAM 15 | } 16 | 17 | variable "ibmcloud_api_key" { 18 | #default = "XXXXXXXXXXXXXXXXXXXX" 19 | } 20 | 21 | -------------------------------------------------------------------------------- /terraform/vpc/bastion/versions.tf: -------------------------------------------------------------------------------- 1 | 2 | terraform { 3 | required_version = ">= 0.12" 4 | } 5 | -------------------------------------------------------------------------------- /terraform/vpc/multizone-vpc/clean-state.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | rm -rf .terraform 4 | rm .terraform.lock.hcl 5 | rm terraform.tfstate* 6 | 7 | echo 'All terraform states have been removed' 8 | -------------------------------------------------------------------------------- /terraform/vpc/multizone-vpc/provider.tf: -------------------------------------------------------------------------------- 1 | ############################################################################## 2 | # IBM Cloud Provider 3 | ############################################################################## 4 | 5 | terraform { 6 | required_version = ">=1.0" 7 | required_providers { 8 | ibm = { 9 | source = "IBM-Cloud/ibm" 10 | version = "1.38.1" 11 | } 12 | } 13 | } 14 | 15 | provider "ibm" { 16 | ibmcloud_api_key = var.ibmcloud_api_key 17 | region = var.region 18 | ibmcloud_timeout = 60 19 | } 20 | 21 | ############################################################################## -------------------------------------------------------------------------------- /terraform/vpc/multizone-vpc/testing.tfvars: -------------------------------------------------------------------------------- 1 | #ibmcloud_api_key = "" # Set the variable export TF_VAR_ibmcloud_api_key= 2 | prefix = "multizone" 3 | region = "eu-de" # eu-de for Frankfurt MZR 4 | tags = ["tf", "multizone"] 5 | 6 | vpc_classic_access = false 7 | vpc_address_prefix_management = "manual" 8 | vpc_enable_public_gateway = true 9 | # vpc_locations = ["eu-de-1", "eu-de-2", "eu-de-3"] 10 | # vpc_number_of_addresses = 256 11 | 12 | 13 | -------------------------------------------------------------------------------- /terraform/vpc/simple-vpc/clean-state.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | rm -rf .terraform 4 | rm .terraform.lock.hcl 5 | rm terraform.tfstate* 6 | 7 | echo 'All terraform states have been removed' 8 | -------------------------------------------------------------------------------- /terraform/vpc/simple-vpc/provider.tf: -------------------------------------------------------------------------------- 1 | ############################################################################## 2 | # IBM Cloud Provider 3 | ############################################################################## 4 | 5 | terraform { 6 | required_version = ">=1.0" 7 | required_providers { 8 | ibm = { 9 | source = "IBM-Cloud/ibm" 10 | version = "1.38.1" 11 | } 12 | } 13 | } 14 | 15 | provider "ibm" { 16 | ibmcloud_api_key = var.ibmcloud_api_key 17 | region = var.region 18 | ibmcloud_timeout = 60 19 | } 20 | 21 | ############################################################################## -------------------------------------------------------------------------------- /terraform/vpc/simple-vpc/variables.tf: -------------------------------------------------------------------------------- 1 | ############################################################################## 2 | # Account Variables 3 | ############################################################################## 4 | 5 | variable "ibmcloud_api_key" { 6 | description = "The IBM Cloud platform API key needed to deploy IAM enabled resources" 7 | } 8 | 9 | variable "region" { 10 | description = "IBM Cloud region where all resources will be provisioned" 11 | default = "us-south" 12 | } 13 | 14 | variable "zone" { 15 | description = "Availability Zone where all resources will be provisioned" 16 | default = "us-south-1" 17 | } -------------------------------------------------------------------------------- /terraform/vpn-only/account-rg.tf: -------------------------------------------------------------------------------- 1 | 2 | ############################################################################## 3 | # Create a resource group or reuse an existing one 4 | ############################################################################## 5 | 6 | variable "rg_name" { 7 | type = string 8 | default = "" 9 | description = "Name of Resource Group" 10 | } 11 | 12 | data "ibm_resource_group" "group" { 13 | name = var.rg_name 14 | } -------------------------------------------------------------------------------- /terraform/vpn-only/networking-vpc.tf: -------------------------------------------------------------------------------- 1 | 2 | variable "vpc_name" { 3 | type = string 4 | default = "" 5 | description = "Name of VPC" 6 | } 7 | 8 | ############################################################################## 9 | 10 | data "ibm_is_vpc" "vpc" { 11 | name = var.vpc_name 12 | } -------------------------------------------------------------------------------- /terraform/vpn-only/provider.tf: -------------------------------------------------------------------------------- 1 | ############################################################################## 2 | # IBM Cloud Provider 3 | ############################################################################## 4 | 5 | terraform { 6 | required_version = ">=1.5" 7 | required_providers { 8 | ibm = { 9 | source = "IBM-Cloud/ibm" 10 | version = "1.64.0" 11 | } 12 | logdna = { 13 | source = "logdna/logdna" 14 | version = ">= 1.14.0" 15 | } 16 | # http-full = { 17 | # source = "salrashid123/http-full" 18 | # } 19 | } 20 | } 21 | 22 | # provider "http-full" {} 23 | 24 | provider "ibm" { 25 | ibmcloud_api_key = var.ibmcloud_api_key 26 | region = var.region 27 | } 28 | 29 | ############################################################################## -------------------------------------------------------------------------------- /terraform/vpn-only/testing.auto.tfvars: -------------------------------------------------------------------------------- 1 | ############################################################################## 2 | ## Global Variables 3 | ############################################################################## 4 | 5 | #region = "eu-de" # eu-de for Frankfurt MZR 6 | 7 | vpc_name = "vpc-eu-de-iks" 8 | rg_name = "demo" 9 | existing_secrets_manager_guid = "d50e00f4-64c4-461a-9ce8-42117e433f73" 10 | 11 | -------------------------------------------------------------------------------- /terraform/vpn-only/variables.tf: -------------------------------------------------------------------------------- 1 | ############################################################################## 2 | # Account Variables 3 | ############################################################################## 4 | 5 | variable "ibmcloud_api_key" { 6 | description = "APIkey that's associated with the account to provision resources to" 7 | type = string 8 | default = "" 9 | sensitive = true 10 | } 11 | 12 | variable "prefix" { 13 | type = string 14 | default = "" 15 | description = "A prefix for all resources to be created. If none provided a random prefix will be created" 16 | } 17 | 18 | resource "random_string" "random" { 19 | count = var.prefix == "" ? 1 : 0 20 | 21 | length = 6 22 | special = false 23 | } 24 | 25 | locals { 26 | basename = lower(var.prefix == "" ? "vpn-only-${random_string.random.0.result}" : var.prefix) 27 | } 28 | 29 | variable "region" { 30 | description = "IBM Cloud region where all resources will be provisioned (e.g. eu-de)" 31 | default = "eu-de" 32 | } 33 | 34 | variable "tags" { 35 | description = "List of Tags" 36 | type = list(string) 37 | default = ["tf", "icn"] 38 | } 39 | 40 | # Account ID is required for CBR (Context Based Restrictions) and SCC scope 41 | ############################################################################## 42 | data "ibm_iam_auth_token" "tokendata" {} 43 | data "ibm_iam_account_settings" "account_settings" {} 44 | 45 | locals { 46 | account_id = data.ibm_iam_account_settings.account_settings.account_id 47 | } -------------------------------------------------------------------------------- /terraform/vpn-postgres-db2/account-rg.tf: -------------------------------------------------------------------------------- 1 | 2 | ############################################################################## 3 | # Create a resource group or reuse an existing one 4 | ############################################################################## 5 | 6 | resource "ibm_resource_group" "group" { 7 | name = "${local.basename}-group" 8 | tags = var.tags 9 | } 10 | 11 | output "resource_group_name" { 12 | value = ibm_resource_group.group.name 13 | } -------------------------------------------------------------------------------- /terraform/vpn-postgres-db2/database-db2oncloud.tf: -------------------------------------------------------------------------------- 1 | 2 | # Variables 3 | ############################################################################## 4 | variable "db2oncloud_plan" { 5 | type = string 6 | description = "The plan type of the Database instance" 7 | default = "standard" 8 | } 9 | 10 | ############################################################################## 11 | ## ICD postgresql 12 | ############################################################################## 13 | resource "ibm_resource_instance" "db2oncloud" { 14 | name = format("%s-%s", local.basename, "db2") 15 | service = "dashdb-for-transactions" 16 | plan = "enterprise" 17 | location = var.region 18 | resource_group_id = local.resource_group_id 19 | service_endpoints = "private" 20 | timeouts { 21 | create = "30m" 22 | } 23 | } 24 | 25 | ## Service Credentials 26 | ############################################################################## 27 | ## Service Credentials 28 | ############################################################################## 29 | resource "ibm_resource_key" "db2oncloud-key" { 30 | name = format("%s-%s", local.basename, "db2-key") 31 | resource_instance_id = ibm_resource_instance.db2oncloud.id 32 | role = "Viewer" 33 | } 34 | 35 | locals { 36 | db2_endpoints = [ 37 | { 38 | name = "db2", 39 | db-host = nonsensitive(ibm_resource_key.db2oncloud-key.credentials["connection.db2.hosts.0.hostname"]) 40 | } 41 | ] 42 | } 43 | 44 | output "db2-credentials" { 45 | value = local.db2_endpoints 46 | } -------------------------------------------------------------------------------- /terraform/vpn-postgres-db2/provider.tf: -------------------------------------------------------------------------------- 1 | ############################################################################## 2 | # IBM Cloud Provider 3 | ############################################################################## 4 | 5 | terraform { 6 | required_version = ">=1.6" 7 | required_providers { 8 | ibm = { 9 | source = "IBM-Cloud/ibm" 10 | version = "1.67.1" 11 | } 12 | logdna = { 13 | source = "logdna/logdna" 14 | version = ">= 1.14.2" 15 | } 16 | http-full = { 17 | source = "salrashid123/http-full" 18 | } 19 | tls = { 20 | source = "hashicorp/tls" 21 | version = "~> 4.0.4" 22 | } 23 | } 24 | } 25 | 26 | provider "http-full" {} 27 | 28 | provider "ibm" { 29 | ibmcloud_api_key = var.ibmcloud_api_key 30 | region = var.region 31 | } 32 | 33 | ############################################################################## -------------------------------------------------------------------------------- /terraform/vpn-postgres-db2/testing.auto.tfvars: -------------------------------------------------------------------------------- 1 | ############################################################################## 2 | ## Global Variables 3 | ############################################################################## 4 | 5 | #region = "eu-de" # eu-de for Frankfurt MZR 6 | 7 | ############################################################################## 8 | ## VPC 9 | ############################################################################## 10 | vpc_classic_access = false 11 | vpc_address_prefix_management = "manual" 12 | vpc_enable_public_gateway = true 13 | 14 | existing_secrets_manager_guid = "f442ce7c-d87c-4555-8a56-4783c0fa8050" 15 | -------------------------------------------------------------------------------- /terraform/vpn-postgres-db2/variables.tf: -------------------------------------------------------------------------------- 1 | ############################################################################## 2 | # Account Variables 3 | ############################################################################## 4 | 5 | variable "ibmcloud_api_key" { 6 | description = "APIkey that's associated with the account to provision resources to" 7 | type = string 8 | default = "" 9 | sensitive = true 10 | } 11 | 12 | variable "prefix" { 13 | type = string 14 | default = "" 15 | description = "A prefix for all resources to be created. If none provided a random prefix will be created" 16 | } 17 | 18 | resource "random_string" "random" { 19 | count = var.prefix == "" ? 1 : 0 20 | 21 | length = 6 22 | special = false 23 | } 24 | 25 | locals { 26 | basename = lower(var.prefix == "" ? "vann-${random_string.random.0.result}" : var.prefix) 27 | } 28 | 29 | variable "region" { 30 | description = "IBM Cloud region where all resources will be provisioned (e.g. eu-de)" 31 | default = "eu-de" 32 | } 33 | 34 | variable "tags" { 35 | description = "List of Tags" 36 | type = list(string) 37 | default = ["tf", "icn"] 38 | } 39 | 40 | # Account ID is required for CBR (Context Based Restrictions) and SCC scope 41 | ############################################################################## 42 | data "ibm_iam_auth_token" "tokendata" {} 43 | data "ibm_iam_account_settings" "account_settings" {} 44 | 45 | locals { 46 | account_id = data.ibm_iam_account_settings.account_settings.account_id 47 | } -------------------------------------------------------------------------------- /terraform/vpn-vpc-vsi/account-rg.tf: -------------------------------------------------------------------------------- 1 | 2 | ############################################################################## 3 | # Create a resource group or reuse an existing one 4 | ############################################################################## 5 | 6 | resource "ibm_resource_group" "group" { 7 | name = "${local.basename}-group" 8 | tags = var.tags 9 | } 10 | 11 | output "resource_group_name" { 12 | value = ibm_resource_group.group.name 13 | } -------------------------------------------------------------------------------- /terraform/vpn-vpc-vsi/provider.tf: -------------------------------------------------------------------------------- 1 | ############################################################################## 2 | # IBM Cloud Provider 3 | ############################################################################## 4 | 5 | terraform { 6 | required_version = ">=1.6" 7 | required_providers { 8 | ibm = { 9 | source = "IBM-Cloud/ibm" 10 | version = "1.69.0" 11 | } 12 | logdna = { 13 | source = "logdna/logdna" 14 | version = ">= 1.14.2" 15 | } 16 | http-full = { 17 | source = "salrashid123/http-full" 18 | } 19 | tls = { 20 | source = "hashicorp/tls" 21 | version = "~> 4.0.4" 22 | } 23 | } 24 | } 25 | 26 | provider "http-full" {} 27 | 28 | provider "ibm" { 29 | ibmcloud_api_key = var.ibmcloud_api_key 30 | region = var.region 31 | } 32 | 33 | ############################################################################## -------------------------------------------------------------------------------- /terraform/vpn-vpc-vsi/testing.auto.tfvars: -------------------------------------------------------------------------------- 1 | ############################################################################## 2 | ## Global Variables 3 | ############################################################################## 4 | 5 | #region = "eu-de" # eu-de for Frankfurt MZR 6 | 7 | ############################################################################## 8 | ## VPC 9 | ############################################################################## 10 | vpc_classic_access = false 11 | vpc_address_prefix_management = "manual" 12 | vpc_enable_public_gateway = true 13 | 14 | # existing_secrets_manager_guid = "d50e00f4-64c4-461a-9ce8-42117e433f73" 15 | existing_secrets_manager_name = "secrets-manager" -------------------------------------------------------------------------------- /terraform/vpn-vpc-vsi/variables.tf: -------------------------------------------------------------------------------- 1 | ############################################################################## 2 | # Account Variables 3 | ############################################################################## 4 | 5 | variable "ibmcloud_api_key" { 6 | description = "APIkey that's associated with the account to provision resources to" 7 | type = string 8 | default = "" 9 | sensitive = true 10 | } 11 | 12 | variable "prefix" { 13 | type = string 14 | default = "" 15 | description = "A prefix for all resources to be created. If none provided a random prefix will be created" 16 | } 17 | 18 | resource "random_string" "random" { 19 | count = var.prefix == "" ? 1 : 0 20 | 21 | length = 6 22 | special = false 23 | } 24 | 25 | locals { 26 | basename = lower(var.prefix == "" ? "vpn-${random_string.random.0.result}" : var.prefix) 27 | } 28 | 29 | variable "region" { 30 | description = "IBM Cloud region where all resources will be provisioned (e.g. eu-de)" 31 | default = "eu-de" 32 | } 33 | 34 | variable "tags" { 35 | description = "List of Tags" 36 | type = list(string) 37 | default = ["tf", "icn"] 38 | } 39 | 40 | # Account ID is required for CBR (Context Based Restrictions) and SCC scope 41 | ############################################################################## 42 | data "ibm_iam_auth_token" "tokendata" {} 43 | data "ibm_iam_account_settings" "account_settings" {} 44 | 45 | locals { 46 | account_id = data.ibm_iam_account_settings.account_settings.account_id 47 | } -------------------------------------------------------------------------------- /terraform/vsi-classic/provider.tf: -------------------------------------------------------------------------------- 1 | variable "softlayer_username" { 2 | description = "Enter your IBM Infrastructure (SoftLayer) full username, you can get this using: https://control.bluemix.net/account/user/profile" 3 | } 4 | 5 | variable "softlayer_api_key" { 6 | description = "Enter your IBM Infrastructure (SoftLayer) API key, you can get this using: https://control.bluemix.net/account/user/profile" 7 | } 8 | 9 | variable "bluemix_api_key" { 10 | description = "Enter your IBM Cloud API Key, you can get your IBM Cloud API key using: https://console.bluemix.net/iam#/apikeys" 11 | } 12 | 13 | provider "ibm" { 14 | softlayer_username = var.softlayer_username 15 | softlayer_api_key = var.softlayer_api_key 16 | bluemix_api_key = var.bluemix_api_key 17 | } 18 | -------------------------------------------------------------------------------- /terraform/vsi-classic/terraform.tfvars: -------------------------------------------------------------------------------- 1 | # Enter your IBM Infrastructure (SoftLayer) full username, you can get this using: https://control.bluemix.net/account/user/profile 2 | softlayer_username = "" 3 | 4 | # Enter your IBM Infrastructure (SoftLayer) API key, you can get this using: https://control.bluemix.net/account/user/profile 5 | softlayer_api_key = "" 6 | 7 | # Enter your IBM Cloud API Key, you can get your IBM Cloud API key using: https://console.bluemix.net/iam#/apikeys 8 | bluemix_api_key = "" 9 | -------------------------------------------------------------------------------- /vmware/images/bastion.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lionelmace/ibmcloud-utils/a34e03a070df4bcd2a8b5fd8a6954ec9b25af83d/vmware/images/bastion.png -------------------------------------------------------------------------------- /vmware/images/cluster-add-storage-pool.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lionelmace/ibmcloud-utils/a34e03a070df4bcd2a8b5fd8a6954ec9b25af83d/vmware/images/cluster-add-storage-pool.png -------------------------------------------------------------------------------- /vmware/images/cluster-pool-match.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lionelmace/ibmcloud-utils/a34e03a070df4bcd2a8b5fd8a6954ec9b25af83d/vmware/images/cluster-pool-match.png -------------------------------------------------------------------------------- /vmware/images/cluster-storage-pool-deploying.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lionelmace/ibmcloud-utils/a34e03a070df4bcd2a8b5fd8a6954ec9b25af83d/vmware/images/cluster-storage-pool-deploying.png -------------------------------------------------------------------------------- /vmware/images/cluster-worker-pool.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lionelmace/ibmcloud-utils/a34e03a070df4bcd2a8b5fd8a6954ec9b25af83d/vmware/images/cluster-worker-pool.png -------------------------------------------------------------------------------- /vmware/images/email-invite.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lionelmace/ibmcloud-utils/a34e03a070df4bcd2a8b5fd8a6954ec9b25af83d/vmware/images/email-invite.png -------------------------------------------------------------------------------- /vmware/images/email-techzone-ready.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lionelmace/ibmcloud-utils/a34e03a070df4bcd2a8b5fd8a6954ec9b25af83d/vmware/images/email-techzone-ready.png -------------------------------------------------------------------------------- /vmware/images/firefox-console.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lionelmace/ibmcloud-utils/a34e03a070df4bcd2a8b5fd8a6954ec9b25af83d/vmware/images/firefox-console.png -------------------------------------------------------------------------------- /vmware/images/firefox-settings.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lionelmace/ibmcloud-utils/a34e03a070df4bcd2a8b5fd8a6954ec9b25af83d/vmware/images/firefox-settings.png -------------------------------------------------------------------------------- /vmware/images/firefox-socks.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lionelmace/ibmcloud-utils/a34e03a070df4bcd2a8b5fd8a6954ec9b25af83d/vmware/images/firefox-socks.png -------------------------------------------------------------------------------- /vmware/images/ibm-cloud-rg.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lionelmace/ibmcloud-utils/a34e03a070df4bcd2a8b5fd8a6954ec9b25af83d/vmware/images/ibm-cloud-rg.png -------------------------------------------------------------------------------- /vmware/images/icp-switch.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lionelmace/ibmcloud-utils/a34e03a070df4bcd2a8b5fd8a6954ec9b25af83d/vmware/images/icp-switch.png -------------------------------------------------------------------------------- /vmware/images/image1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lionelmace/ibmcloud-utils/a34e03a070df4bcd2a8b5fd8a6954ec9b25af83d/vmware/images/image1.png -------------------------------------------------------------------------------- /vmware/images/image10.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lionelmace/ibmcloud-utils/a34e03a070df4bcd2a8b5fd8a6954ec9b25af83d/vmware/images/image10.png -------------------------------------------------------------------------------- /vmware/images/image11.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lionelmace/ibmcloud-utils/a34e03a070df4bcd2a8b5fd8a6954ec9b25af83d/vmware/images/image11.png -------------------------------------------------------------------------------- /vmware/images/image12.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lionelmace/ibmcloud-utils/a34e03a070df4bcd2a8b5fd8a6954ec9b25af83d/vmware/images/image12.png -------------------------------------------------------------------------------- /vmware/images/image13.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lionelmace/ibmcloud-utils/a34e03a070df4bcd2a8b5fd8a6954ec9b25af83d/vmware/images/image13.png -------------------------------------------------------------------------------- /vmware/images/image14.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lionelmace/ibmcloud-utils/a34e03a070df4bcd2a8b5fd8a6954ec9b25af83d/vmware/images/image14.png -------------------------------------------------------------------------------- /vmware/images/image15.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lionelmace/ibmcloud-utils/a34e03a070df4bcd2a8b5fd8a6954ec9b25af83d/vmware/images/image15.png -------------------------------------------------------------------------------- /vmware/images/image16.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lionelmace/ibmcloud-utils/a34e03a070df4bcd2a8b5fd8a6954ec9b25af83d/vmware/images/image16.png -------------------------------------------------------------------------------- /vmware/images/image17.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lionelmace/ibmcloud-utils/a34e03a070df4bcd2a8b5fd8a6954ec9b25af83d/vmware/images/image17.png -------------------------------------------------------------------------------- /vmware/images/image18.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lionelmace/ibmcloud-utils/a34e03a070df4bcd2a8b5fd8a6954ec9b25af83d/vmware/images/image18.png -------------------------------------------------------------------------------- /vmware/images/image19.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lionelmace/ibmcloud-utils/a34e03a070df4bcd2a8b5fd8a6954ec9b25af83d/vmware/images/image19.png -------------------------------------------------------------------------------- /vmware/images/image2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lionelmace/ibmcloud-utils/a34e03a070df4bcd2a8b5fd8a6954ec9b25af83d/vmware/images/image2.png -------------------------------------------------------------------------------- /vmware/images/image20.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lionelmace/ibmcloud-utils/a34e03a070df4bcd2a8b5fd8a6954ec9b25af83d/vmware/images/image20.png -------------------------------------------------------------------------------- /vmware/images/image21.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lionelmace/ibmcloud-utils/a34e03a070df4bcd2a8b5fd8a6954ec9b25af83d/vmware/images/image21.png -------------------------------------------------------------------------------- /vmware/images/image22.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lionelmace/ibmcloud-utils/a34e03a070df4bcd2a8b5fd8a6954ec9b25af83d/vmware/images/image22.png -------------------------------------------------------------------------------- /vmware/images/image24.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lionelmace/ibmcloud-utils/a34e03a070df4bcd2a8b5fd8a6954ec9b25af83d/vmware/images/image24.png -------------------------------------------------------------------------------- /vmware/images/image25.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lionelmace/ibmcloud-utils/a34e03a070df4bcd2a8b5fd8a6954ec9b25af83d/vmware/images/image25.png -------------------------------------------------------------------------------- /vmware/images/image27.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lionelmace/ibmcloud-utils/a34e03a070df4bcd2a8b5fd8a6954ec9b25af83d/vmware/images/image27.png -------------------------------------------------------------------------------- /vmware/images/image29.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lionelmace/ibmcloud-utils/a34e03a070df4bcd2a8b5fd8a6954ec9b25af83d/vmware/images/image29.png -------------------------------------------------------------------------------- /vmware/images/image3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lionelmace/ibmcloud-utils/a34e03a070df4bcd2a8b5fd8a6954ec9b25af83d/vmware/images/image3.png -------------------------------------------------------------------------------- /vmware/images/image31.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lionelmace/ibmcloud-utils/a34e03a070df4bcd2a8b5fd8a6954ec9b25af83d/vmware/images/image31.png -------------------------------------------------------------------------------- /vmware/images/image32.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lionelmace/ibmcloud-utils/a34e03a070df4bcd2a8b5fd8a6954ec9b25af83d/vmware/images/image32.png -------------------------------------------------------------------------------- /vmware/images/image33.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lionelmace/ibmcloud-utils/a34e03a070df4bcd2a8b5fd8a6954ec9b25af83d/vmware/images/image33.png -------------------------------------------------------------------------------- /vmware/images/image35.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lionelmace/ibmcloud-utils/a34e03a070df4bcd2a8b5fd8a6954ec9b25af83d/vmware/images/image35.png -------------------------------------------------------------------------------- /vmware/images/image36.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lionelmace/ibmcloud-utils/a34e03a070df4bcd2a8b5fd8a6954ec9b25af83d/vmware/images/image36.png -------------------------------------------------------------------------------- /vmware/images/image37.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lionelmace/ibmcloud-utils/a34e03a070df4bcd2a8b5fd8a6954ec9b25af83d/vmware/images/image37.png -------------------------------------------------------------------------------- /vmware/images/image38.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lionelmace/ibmcloud-utils/a34e03a070df4bcd2a8b5fd8a6954ec9b25af83d/vmware/images/image38.png -------------------------------------------------------------------------------- /vmware/images/image4.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lionelmace/ibmcloud-utils/a34e03a070df4bcd2a8b5fd8a6954ec9b25af83d/vmware/images/image4.png -------------------------------------------------------------------------------- /vmware/images/image40.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lionelmace/ibmcloud-utils/a34e03a070df4bcd2a8b5fd8a6954ec9b25af83d/vmware/images/image40.png -------------------------------------------------------------------------------- /vmware/images/image41.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lionelmace/ibmcloud-utils/a34e03a070df4bcd2a8b5fd8a6954ec9b25af83d/vmware/images/image41.png -------------------------------------------------------------------------------- /vmware/images/image43.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lionelmace/ibmcloud-utils/a34e03a070df4bcd2a8b5fd8a6954ec9b25af83d/vmware/images/image43.png -------------------------------------------------------------------------------- /vmware/images/image5.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lionelmace/ibmcloud-utils/a34e03a070df4bcd2a8b5fd8a6954ec9b25af83d/vmware/images/image5.png -------------------------------------------------------------------------------- /vmware/images/image6.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lionelmace/ibmcloud-utils/a34e03a070df4bcd2a8b5fd8a6954ec9b25af83d/vmware/images/image6.png -------------------------------------------------------------------------------- /vmware/images/image7.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lionelmace/ibmcloud-utils/a34e03a070df4bcd2a8b5fd8a6954ec9b25af83d/vmware/images/image7.png -------------------------------------------------------------------------------- /vmware/images/image8.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lionelmace/ibmcloud-utils/a34e03a070df4bcd2a8b5fd8a6954ec9b25af83d/vmware/images/image8.png -------------------------------------------------------------------------------- /vmware/images/image9.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lionelmace/ibmcloud-utils/a34e03a070df4bcd2a8b5fd8a6954ec9b25af83d/vmware/images/image9.png -------------------------------------------------------------------------------- /vmware/images/myreservation.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lionelmace/ibmcloud-utils/a34e03a070df4bcd2a8b5fd8a6954ec9b25af83d/vmware/images/myreservation.png -------------------------------------------------------------------------------- /vmware/images/oc-get-nodes.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lionelmace/ibmcloud-utils/a34e03a070df4bcd2a8b5fd8a6954ec9b25af83d/vmware/images/oc-get-nodes.png -------------------------------------------------------------------------------- /vmware/images/odf-issue.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lionelmace/ibmcloud-utils/a34e03a070df4bcd2a8b5fd8a6954ec9b25af83d/vmware/images/odf-issue.png -------------------------------------------------------------------------------- /vmware/images/odf-parameters1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lionelmace/ibmcloud-utils/a34e03a070df4bcd2a8b5fd8a6954ec9b25af83d/vmware/images/odf-parameters1.png -------------------------------------------------------------------------------- /vmware/images/odf-parameters2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lionelmace/ibmcloud-utils/a34e03a070df4bcd2a8b5fd8a6954ec9b25af83d/vmware/images/odf-parameters2.png -------------------------------------------------------------------------------- /vmware/images/odf-parameters3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lionelmace/ibmcloud-utils/a34e03a070df4bcd2a8b5fd8a6954ec9b25af83d/vmware/images/odf-parameters3.png -------------------------------------------------------------------------------- /vmware/images/odf-parameters4.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lionelmace/ibmcloud-utils/a34e03a070df4bcd2a8b5fd8a6954ec9b25af83d/vmware/images/odf-parameters4.png -------------------------------------------------------------------------------- /vmware/images/odf1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lionelmace/ibmcloud-utils/a34e03a070df4bcd2a8b5fd8a6954ec9b25af83d/vmware/images/odf1.png -------------------------------------------------------------------------------- /vmware/images/odf2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lionelmace/ibmcloud-utils/a34e03a070df4bcd2a8b5fd8a6954ec9b25af83d/vmware/images/odf2.png -------------------------------------------------------------------------------- /vmware/images/openshift-create1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lionelmace/ibmcloud-utils/a34e03a070df4bcd2a8b5fd8a6954ec9b25af83d/vmware/images/openshift-create1.png -------------------------------------------------------------------------------- /vmware/images/openshift-worker-pool.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lionelmace/ibmcloud-utils/a34e03a070df4bcd2a8b5fd8a6954ec9b25af83d/vmware/images/openshift-worker-pool.png -------------------------------------------------------------------------------- /vmware/images/openshift-worker-pool2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lionelmace/ibmcloud-utils/a34e03a070df4bcd2a8b5fd8a6954ec9b25af83d/vmware/images/openshift-worker-pool2.png -------------------------------------------------------------------------------- /vmware/images/openshift-worker-pool3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lionelmace/ibmcloud-utils/a34e03a070df4bcd2a8b5fd8a6954ec9b25af83d/vmware/images/openshift-worker-pool3.png -------------------------------------------------------------------------------- /vmware/images/openshift-worker-pool4.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lionelmace/ibmcloud-utils/a34e03a070df4bcd2a8b5fd8a6954ec9b25af83d/vmware/images/openshift-worker-pool4.png -------------------------------------------------------------------------------- /vmware/images/sat-services.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lionelmace/ibmcloud-utils/a34e03a070df4bcd2a8b5fd8a6954ec9b25af83d/vmware/images/sat-services.png -------------------------------------------------------------------------------- /vmware/images/satellite-clusters.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lionelmace/ibmcloud-utils/a34e03a070df4bcd2a8b5fd8a6954ec9b25af83d/vmware/images/satellite-clusters.png -------------------------------------------------------------------------------- /vmware/images/satellite-create-services.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lionelmace/ibmcloud-utils/a34e03a070df4bcd2a8b5fd8a6954ec9b25af83d/vmware/images/satellite-create-services.png -------------------------------------------------------------------------------- /vmware/images/satellite-services.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lionelmace/ibmcloud-utils/a34e03a070df4bcd2a8b5fd8a6954ec9b25af83d/vmware/images/satellite-services.png -------------------------------------------------------------------------------- /vmware/images/satellite-workers.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lionelmace/ibmcloud-utils/a34e03a070df4bcd2a8b5fd8a6954ec9b25af83d/vmware/images/satellite-workers.png -------------------------------------------------------------------------------- /vmware/images/storage-create-config.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lionelmace/ibmcloud-utils/a34e03a070df4bcd2a8b5fd8a6954ec9b25af83d/vmware/images/storage-create-config.png -------------------------------------------------------------------------------- /vmware/images/storage-create-config2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lionelmace/ibmcloud-utils/a34e03a070df4bcd2a8b5fd8a6954ec9b25af83d/vmware/images/storage-create-config2.png -------------------------------------------------------------------------------- /vmware/images/vsphere-console.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lionelmace/ibmcloud-utils/a34e03a070df4bcd2a8b5fd8a6954ec9b25af83d/vmware/images/vsphere-console.png -------------------------------------------------------------------------------- /vmware/images/vsphere-login.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lionelmace/ibmcloud-utils/a34e03a070df4bcd2a8b5fd8a6954ec9b25af83d/vmware/images/vsphere-login.png -------------------------------------------------------------------------------- /vpn/images/sm-import1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lionelmace/ibmcloud-utils/a34e03a070df4bcd2a8b5fd8a6954ec9b25af83d/vpn/images/sm-import1.png -------------------------------------------------------------------------------- /vpn/images/sm-import2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lionelmace/ibmcloud-utils/a34e03a070df4bcd2a8b5fd8a6954ec9b25af83d/vpn/images/sm-import2.png -------------------------------------------------------------------------------- /vpn/images/sm-import3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lionelmace/ibmcloud-utils/a34e03a070df4bcd2a8b5fd8a6954ec9b25af83d/vpn/images/sm-import3.png -------------------------------------------------------------------------------- /vpn/images/tunnelblick-connected.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lionelmace/ibmcloud-utils/a34e03a070df4bcd2a8b5fd8a6954ec9b25af83d/vpn/images/tunnelblick-connected.png -------------------------------------------------------------------------------- /vpn/images/vpn-create1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lionelmace/ibmcloud-utils/a34e03a070df4bcd2a8b5fd8a6954ec9b25af83d/vpn/images/vpn-create1.png -------------------------------------------------------------------------------- /vpn/images/vpn-create2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lionelmace/ibmcloud-utils/a34e03a070df4bcd2a8b5fd8a6954ec9b25af83d/vpn/images/vpn-create2.png -------------------------------------------------------------------------------- /vpn/images/vpn-create3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lionelmace/ibmcloud-utils/a34e03a070df4bcd2a8b5fd8a6954ec9b25af83d/vpn/images/vpn-create3.png -------------------------------------------------------------------------------- /vpn/images/vpn-create4.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lionelmace/ibmcloud-utils/a34e03a070df4bcd2a8b5fd8a6954ec9b25af83d/vpn/images/vpn-create4.png -------------------------------------------------------------------------------- /vpn/images/vpn-create5.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lionelmace/ibmcloud-utils/a34e03a070df4bcd2a8b5fd8a6954ec9b25af83d/vpn/images/vpn-create5.png -------------------------------------------------------------------------------- /vpn/images/vpn-create6.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lionelmace/ibmcloud-utils/a34e03a070df4bcd2a8b5fd8a6954ec9b25af83d/vpn/images/vpn-create6.png -------------------------------------------------------------------------------- /vpn/images/vpn-download.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lionelmace/ibmcloud-utils/a34e03a070df4bcd2a8b5fd8a6954ec9b25af83d/vpn/images/vpn-download.png -------------------------------------------------------------------------------- /vpn/images/vpn-ui.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lionelmace/ibmcloud-utils/a34e03a070df4bcd2a8b5fd8a6954ec9b25af83d/vpn/images/vpn-ui.png -------------------------------------------------------------------------------- /watsonx/watsonx-cos.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lionelmace/ibmcloud-utils/a34e03a070df4bcd2a8b5fd8a6954ec9b25af83d/watsonx/watsonx-cos.png -------------------------------------------------------------------------------- /watsonx/watsonx-private-enndpoint.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lionelmace/ibmcloud-utils/a34e03a070df4bcd2a8b5fd8a6954ec9b25af83d/watsonx/watsonx-private-enndpoint.png -------------------------------------------------------------------------------- /watsonx/watsonx-regions.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lionelmace/ibmcloud-utils/a34e03a070df4bcd2a8b5fd8a6954ec9b25af83d/watsonx/watsonx-regions.png --------------------------------------------------------------------------------