├── .github └── workflows │ ├── test.yml │ └── validate_terraform.yml ├── .gitignore ├── .pre-commit-config.yaml ├── .secrets.baseline ├── CHANGELOG.md ├── CONTRIBUTING.md ├── LICENSE ├── README.md ├── examples ├── .DS_Store ├── classic-free │ ├── README.md │ ├── input.tfvars │ ├── main.tf │ ├── variables.tf │ └── versions.tf ├── classic-kubernetes-e2e │ ├── README.md │ ├── cluster.tf │ ├── logging.tf │ ├── monitoring.tf │ ├── variables.tf │ └── versions.tf ├── classic-kubernetes-multi-zone │ ├── README.md │ ├── input.tfvars │ ├── main.tf │ ├── variables.tf │ └── versions.tf ├── classic-kubernetes-single-zone │ ├── README.md │ ├── input.tfvars │ ├── main.tf │ ├── variables.tf │ └── versions.tf ├── classic-openshift-multi-zone │ ├── README.md │ ├── input.tfvars │ ├── main.tf │ ├── variables.tf │ └── versions.tf ├── classic-openshift-single-zone │ ├── README.md │ ├── input.tfvars │ ├── main.tf │ ├── variables.tf │ └── versions.tf ├── configure-addons │ ├── README.md │ ├── input.tfvars │ ├── main.tf │ ├── variables.tf │ └── versions.tf ├── configure-alb-cert │ ├── README.md │ ├── main.tf │ ├── variables.tf │ └── versions.tf ├── configure-alb │ ├── README.md │ ├── main.tf │ ├── variables.tf │ └── versions.tf ├── configure-classic-worker-pool │ ├── README.md │ ├── input.tfvars │ ├── main.tf │ ├── variables.tf │ └── versions.tf ├── configure-logdna │ ├── README.md │ ├── main.tf │ ├── variables.tf │ └── versions.tf ├── configure-sysdig-monitor │ ├── README.md │ ├── main.tf │ ├── variables.tf │ └── versions.tf ├── configure-vpc-alb │ ├── README.md │ ├── main.tf │ ├── variables.tf │ └── versions.tf ├── configure-vpc-worker-pool │ ├── README.md │ ├── input.tfvars │ ├── main.tf │ ├── variables.tf │ └── versions.tf ├── iks-integration │ ├── README.md │ ├── main.tf │ ├── provider.tf │ ├── variables.tf │ └── versions.tf ├── openshift-route │ ├── README.md │ ├── main.tf │ ├── output.tf │ ├── variables.tf │ └── versions.tf ├── secure-roks-cluster │ ├── README.md │ ├── activity-tracker.tf │ ├── cos.tf │ ├── diagrams │ │ └── secure-cluster.drawio │ ├── iam.tf │ ├── kms.tf │ ├── locals.tf │ ├── logging.tf │ ├── main.tf │ ├── monitoring.tf │ ├── network.tf │ ├── provider.tf │ ├── variables.tf │ └── versions.tf ├── vpc-kubernetes │ ├── README.md │ ├── input.tfvars │ ├── main.tf │ ├── variables.tf │ └── versions.tf └── vpc-openshift │ ├── README.md │ ├── input.tfvars │ ├── main.tf │ ├── variables.tf │ └── versions.tf ├── modules ├── classic-free │ ├── README.md │ ├── main.tf │ ├── output.tf │ ├── variables.tf │ └── versions.tf ├── classic-kubernetes-multi-zone │ ├── README.md │ ├── main.tf │ ├── output.tf │ ├── variables.tf │ └── versions.tf ├── classic-kubernetes-single-zone │ ├── README.md │ ├── main.tf │ ├── output.tf │ ├── variables.tf │ └── versions.tf ├── classic-openshift-multi-zone │ ├── README.md │ ├── main.tf │ ├── output.tf │ ├── variables.tf │ └── versions.tf ├── classic-openshift-single-zone │ ├── README.md │ ├── main.tf │ ├── output.tf │ ├── variables.tf │ └── versions.tf ├── configure-addons │ ├── README.md │ ├── main.tf │ ├── variables.tf │ └── versions.tf ├── configure-alb-cert │ ├── README.md │ ├── main.tf │ ├── output.tf │ ├── variables.tf │ └── versions.tf ├── configure-alb │ ├── README.md │ ├── main.tf │ ├── output.tf │ ├── variables.tf │ └── versions.tf ├── configure-classic-worker-pool │ ├── README.md │ ├── main.tf │ ├── output.tf │ ├── variables.tf │ └── versions.tf ├── configure-logdna │ ├── README.md │ ├── main.tf │ ├── variables.tf │ └── versions.tf ├── configure-sysdig-monitor │ ├── README.md │ ├── main.tf │ ├── variables.tf │ └── versions.tf ├── configure-vpc-alb │ ├── README.md │ ├── main.tf │ ├── output.tf │ ├── variables.tf │ └── versions.tf ├── configure-vpc-worker-pool │ ├── README.md │ ├── main.tf │ ├── output.tf │ ├── variables.tf │ └── versions.tf ├── openshift-route │ ├── README.md │ ├── main.tf │ ├── output.tf │ ├── provider.tf │ ├── variables.tf │ └── versions.tf ├── vpc-kubernetes │ ├── README.md │ ├── main.tf │ ├── output.tf │ ├── variables.tf │ └── versions.tf └── vpc-openshift │ ├── README.md │ ├── main.tf │ ├── output.tf │ ├── variables.tf │ └── versions.tf ├── test └── cluster_e2e_test.go └── versions.tf /.github/workflows/test.yml: -------------------------------------------------------------------------------- 1 | name: "test-scheduler" 2 | 3 | on: 4 | workflow_dispatch: 5 | 6 | 7 | schedule: 8 | - cron: '*/30 5 * * *' # triggers the workflow every day at 5:30 UTC 9 | 10 | # ┌───────────── minute (0 - 59) 11 | # │ ┌───────────── hour (0 - 23) 12 | # │ │ ┌───────────── day of the month (1 - 31) 13 | # │ │ │ ┌───────────── month (1 - 12 or JAN-DEC) 14 | # │ │ │ │ ┌───────────── day of the week (0 - 6 or SUN-SAT) 15 | # │ │ │ │ │ 16 | # │ │ │ │ │ 17 | # │ │ │ │ │ 18 | # * * * * * 19 | 20 | jobs: 21 | continuous-tests: 22 | name: Run Test cases 23 | runs-on: ubuntu-latest 24 | steps: 25 | - 26 | name: checkout # action checks-out your repository under $GITHUB_WORKSPACE, so your workflow can access it. 27 | uses: actions/checkout@v2 28 | 29 | - uses: actions/setup-go@v2 30 | with: 31 | go-version: 1.15 32 | 33 | - name: Install dependencies 34 | run: | 35 | go get -u "github.com/gruntwork-io/terratest/modules/random" 36 | go get -u "github.com/gruntwork-io/terratest/modules/terraform" 37 | 38 | - 39 | name: setup terraform 40 | uses: hashicorp/setup-terraform@v1 # sets up Terraform CLI in your GitHub Actions workflow 41 | with: 42 | terraform_version: 0.13.0 43 | 44 | - name: Run Test 45 | working-directory: test 46 | run: go test -v ./... 47 | env: 48 | IC_API_KEY: ${{ secrets.ACCESS_KEY }} 49 | 50 | - uses: 8398a7/action-slack@v2 51 | with: 52 | status: ${{ job.status }} 53 | author_name: Integration Test # default: 8398a7@action-slack 54 | env: 55 | GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # optional 56 | SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} # required 57 | if: always() # Pick up events even if the job fails or is canceled. 58 | -------------------------------------------------------------------------------- /.github/workflows/validate_terraform.yml: -------------------------------------------------------------------------------- 1 | name: ci 2 | 3 | on: [ push, pull_request ] 4 | 5 | jobs: 6 | terraform_validate: 7 | runs-on: ubuntu-latest 8 | steps: 9 | - name: prepare 10 | # tfswitch command line tool lets you switch between different versions of terraform. 11 | # If you do not have a particular version of terraform installed, tfswitch will download the version you desire. 12 | run: | 13 | echo "$HOME/.bin" >> $GITHUB_PATH 14 | curl -L https://raw.githubusercontent.com/warrensbox/terraform-switcher/release/install.sh > /tmp/tfswitch-install.sh 15 | chmod +x /tmp/tfswitch-install.sh 16 | /tmp/tfswitch-install.sh -b $HOME/.bin 17 | - 18 | name: checkout # action checks-out your repository under $GITHUB_WORKSPACE, so your workflow can access it. 19 | uses: actions/checkout@v2 20 | - 21 | name: setup terraform 22 | uses: hashicorp/setup-terraform@v1 # sets up Terraform CLI in your GitHub Actions workflow 23 | with: 24 | terraform_version: 0.13.0 25 | - 26 | name: Install pre-commit 27 | run: pip install pre-commit 28 | - 29 | name: Upgrade hooks 30 | run: pre-commit autoupdate 31 | - 32 | name: Run pre-commit command 33 | run: pre-commit run -a 34 | - 35 | name: terraform init # initialize a working directory containing Terraform configuration files. 36 | run: find . -type f -name "*.tf" -exec dirname {} \;|sort -u | while read m; do (cd "$m" && echo "$m - init" && terraform init -input=false -backend=false) || exit 1; done 37 | - 38 | name: terraform validate # validates the configuration files in a directory 39 | run: find . -name ".terraform" -prune -o -type f -name "*.tf" -exec dirname {} \;|sort -u | while read m; do (cd "$m" && echo "$m - validate" && terraform validate && echo "√ $m") || exit 1 ; done 40 | - 41 | name: terraform fmt check # perform format checks 42 | run: terraform fmt -list=true -write=false -check -recursive 43 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # Local .terraform directories 2 | **/.terraform/* 3 | # .tfstate files 4 | *.tfstate 5 | *.tfstate.* 6 | *.terraform.lock.hcl 7 | # Crash log files 8 | crash.log 9 | # Exclude all .tfvars files, which are likely to contain sentitive data, such as 10 | # password, private keys, and other secrets. These should not be part of version 11 | # control as they are data points which are potentially sensitive and subject 12 | # to change depending on the environment. 13 | # 14 | 15 | -------------------------------------------------------------------------------- /.pre-commit-config.yaml: -------------------------------------------------------------------------------- 1 | default_stages: [commit] 2 | # TFLint : Checks for possible errors, best practices, etc. It will also help identify provider-specific issues before errors occur during a Terraform run. 3 | # TFSec : Uses static analysis of your Terraform templates to spot potential security issues. TFSec checks for sensitive data inclusion 4 | # Terraform Docs : Utility to automatically generate documentation from Terraform modules and base repositories in various output formats. 5 | # Terraform Fmt : Used to rewrite Terraform configuration files to a canonical format and style. 6 | # Terraform Validate : Validates the configuration files in a directory, referring only to the configuration and not accessing any remote services such as remote state, provider APIs, etc 7 | repos: 8 | - repo: https://github.com/antonbabenko/pre-commit-terraform 9 | rev: v1.64.0 10 | hooks: 11 | - id: terraform_fmt 12 | - repo: https://github.com/pre-commit/pre-commit-hooks 13 | rev: v4.1.0 14 | hooks: 15 | - id: check-merge-conflict 16 | - id: trailing-whitespace 17 | - id: detect-private-key 18 | - repo: https://github.com/ibm/detect-secrets 19 | # If you desire to use a specific version of detect-secrets, you can replace `master` with other git revisions such as branch, tag or commit sha. 20 | # You are encouraged to use static refs such as tags, instead of branch name 21 | # 22 | # Running "pre-commit autoupdate" would automatically updates rev to latest tag 23 | rev: 0.13.1+ibm.46.dss 24 | hooks: 25 | - id: detect-secrets # pragma: whitelist secret 26 | # Add options for detect-secrets-hook binary. You can run `detect-secrets-hook --help` to list out all possible options. 27 | # You may also run `pre-commit run detect-secrets` to preview the scan result. 28 | # when "--baseline" without "--use-all-plugins", pre-commit scan with just plugins in baseline file 29 | # when "--baseline" with "--use-all-plugins", pre-commit scan with all available plugins 30 | # add "--fail-on-non-audited" to fail pre-commit for unaudited potential secrets 31 | args: [--baseline, .secrets.baseline, --use-all-plugins ] 32 | -------------------------------------------------------------------------------- /.secrets.baseline: -------------------------------------------------------------------------------- 1 | { 2 | "exclude": { 3 | "files": "^.secrets.baseline$", 4 | "lines": null 5 | }, 6 | "generated_at": "2023-09-27T19:16:13Z", 7 | "plugins_used": [ 8 | { 9 | "name": "AWSKeyDetector" 10 | }, 11 | { 12 | "name": "ArtifactoryDetector" 13 | }, 14 | { 15 | "name": "AzureStorageKeyDetector" 16 | }, 17 | { 18 | "base64_limit": 4.5, 19 | "name": "Base64HighEntropyString" 20 | }, 21 | { 22 | "name": "BasicAuthDetector" 23 | }, 24 | { 25 | "name": "BoxDetector" 26 | }, 27 | { 28 | "name": "CloudantDetector" 29 | }, 30 | { 31 | "ghe_instance": "github.ibm.com", 32 | "name": "GheDetector" 33 | }, 34 | { 35 | "name": "GitHubTokenDetector" 36 | }, 37 | { 38 | "hex_limit": 3, 39 | "name": "HexHighEntropyString" 40 | }, 41 | { 42 | "name": "IbmCloudIamDetector" 43 | }, 44 | { 45 | "name": "IbmCosHmacDetector" 46 | }, 47 | { 48 | "name": "JwtTokenDetector" 49 | }, 50 | { 51 | "keyword_exclude": null, 52 | "name": "KeywordDetector" 53 | }, 54 | { 55 | "name": "MailchimpDetector" 56 | }, 57 | { 58 | "name": "NpmDetector" 59 | }, 60 | { 61 | "name": "PrivateKeyDetector" 62 | }, 63 | { 64 | "name": "SlackDetector" 65 | }, 66 | { 67 | "name": "SoftlayerDetector" 68 | }, 69 | { 70 | "name": "SquareOAuthDetector" 71 | }, 72 | { 73 | "name": "StripeDetector" 74 | }, 75 | { 76 | "name": "TwilioKeyDetector" 77 | } 78 | ], 79 | "results": { 80 | "README.md": [ 81 | { 82 | "hashed_secret": "91199272d5d6a574a51722ca6f3d1148edb1a0e7", 83 | "is_secret": false, 84 | "is_verified": false, 85 | "line_number": 119, 86 | "type": "Secret Keyword", 87 | "verified_result": null 88 | } 89 | ], 90 | "examples/openshift-route/README.md": [ 91 | { 92 | "hashed_secret": "91199272d5d6a574a51722ca6f3d1148edb1a0e7", 93 | "is_secret": false, 94 | "is_verified": false, 95 | "line_number": 24, 96 | "type": "Secret Keyword", 97 | "verified_result": null 98 | } 99 | ], 100 | "modules/openshift-route/README.md": [ 101 | { 102 | "hashed_secret": "91199272d5d6a574a51722ca6f3d1148edb1a0e7", 103 | "is_secret": false, 104 | "is_verified": false, 105 | "line_number": 32, 106 | "type": "Secret Keyword", 107 | "verified_result": null 108 | } 109 | ] 110 | }, 111 | "version": "0.13.1+ibm.50.dss", 112 | "word_list": { 113 | "file": null, 114 | "hash": null 115 | } 116 | } 117 | -------------------------------------------------------------------------------- /CHANGELOG.md: -------------------------------------------------------------------------------- 1 | # Changelog 2 | 3 | All notable changes to this project will be documented in this file. 4 | 5 | Extending the adopted spec, each change should have a link to its 6 | corresponding pull request appended. 7 | 8 | ## [1.0.0] - 2020-09-10 9 | 10 | This is the initial release of the module, with support for both kubernetes and vpc cluster creation. 11 | -------------------------------------------------------------------------------- /CONTRIBUTING.md: -------------------------------------------------------------------------------- 1 | # Contributing 2 | 3 | This document provides guidelines for contributing to the module. When contributing to this repository, please first discuss the change you wish to make via issue, email, or any other method with the owners of this repository before making a change. 4 | 5 | ## File structure 6 | 7 | The project has the following folders and files: 8 | 9 | ``` 10 | ├── README.md 11 | ├── modules/ 12 | │ ├── nestedA/ 13 | │ │ ├── README.md 14 | │ │ ├── variables.tf 15 | │ │ ├── main.tf 16 | │ │ ├── outputs.tf 17 | │ ├── nestedB/ 18 | │ ├── .../ 19 | ├── examples/ 20 | │ ├── exampleA/ 21 | │ │ ├── main.tf 22 | │ ├── exampleB/ 23 | │ ├── .../ 24 | 25 | ``` 26 | 27 | 28 | 29 | Please make sure you are changes are inline with directory structure mentined as above. 30 | 31 | 32 | -------------------------------------------------------------------------------- /examples/.DS_Store: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-cluster/753b5a992fd52db70eb8175ec352a5714da05cf4/examples/.DS_Store -------------------------------------------------------------------------------- /examples/classic-free/README.md: -------------------------------------------------------------------------------- 1 | # Module classic-free-cluster 2 | 3 | This example is used to to provision an free IKS cluster on IBM Cloud Infrastructure - classic 4 | 5 | ## Example Usage 6 | ``` 7 | provider "ibm" { 8 | } 9 | 10 | module "classic_free_cluster" { 11 | //Uncomment the following line to make the source point to registry level 12 | //source = "terraform-ibm-modules/cluster/ibm//modules/classic-free" 13 | 14 | source = "../../modules/classic-free" 15 | 16 | cluster_name = var.cluster_name 17 | worker_zone = var.worker_zone 18 | hardware = var.hardware 19 | taints = var.taints 20 | create_timeout = var.create_timeout 21 | update_timeout = var.update_timeout 22 | delete_timeout = var.delete_timeout 23 | } 24 | ``` 25 | ## NOTE: 26 | If we want to make use of a particular version of module, then set the "version" argument to respective module version. 27 | 28 | 29 | 30 | ## Inputs 31 | 32 | | Name | Description | Type | Default | Required | 33 | |-----------------------------------|-------------------------------------------------------|--------|---------|----------| 34 | | cluster\_name | Name of the cluster | string | n/a | yes | 35 | | worker\_zone | The zone where the worker node is created. | string | n/a | yes | 36 | | hardware | The level of hardware isolation for your worker node. | string | n/a | yes | 37 | | taints |A nested block that sets or removes Kubernetes taints for all worker nodes in a worker pool|list(string)| n/a | no | 38 | | create_timeout | Timeout duration for create | string | n/a | no | 39 | | update_timeout | Timeout duration for update | string | n/a | no | 40 | | delete_timeout | Timeout duration for delete | string | n/a | no | 41 | 42 | 43 | 44 | ## taints Inputs 45 | 46 | | Name | Description | Type | Default | Required | 47 | |---------------------|-------------------------------------------------------|--------|---------|----------| 48 | | key | Key for taint. | string | n/a | yes | 49 | | value | Value for taint. | string | n/a | yes | 50 | | private_endpoint | Effect for taint. Accepted values are NoSchedule, PreferNoSchedule, and NoExecute| string | n/a | yes | 51 | 52 | 53 | ## Usage 54 | ``` 55 | terraform init 56 | 57 | terraform plan 58 | 59 | terraform apply 60 | ``` 61 | -------------------------------------------------------------------------------- /examples/classic-free/input.tfvars: -------------------------------------------------------------------------------- 1 | ######################################################## 2 | # kubernetes classic free cluster 3 | # Copyright 2020 IBM 4 | ######################################################## 5 | 6 | taints = [{ 7 | key = "dedicated" 8 | value = "edge" 9 | effect = "NoSchedule" 10 | }, 11 | ] -------------------------------------------------------------------------------- /examples/classic-free/main.tf: -------------------------------------------------------------------------------- 1 | ##################################################### 2 | # kubernetes classic free cluster provisioning 3 | # Copyright 2020 IBM 4 | ##################################################### 5 | 6 | provider "ibm" { 7 | } 8 | 9 | module "classic_free_cluster" { 10 | //Uncomment the following line to make the source point to registry level 11 | //source = "terraform-ibm-modules/cluster/ibm//modules/classic-free" 12 | 13 | source = "../../modules/classic-free" 14 | 15 | cluster_name = var.cluster_name 16 | worker_zone = var.worker_zone 17 | hardware = var.hardware 18 | taints = var.taints 19 | create_timeout = var.create_timeout 20 | update_timeout = var.update_timeout 21 | delete_timeout = var.delete_timeout 22 | } -------------------------------------------------------------------------------- /examples/classic-free/variables.tf: -------------------------------------------------------------------------------- 1 | ##################################################### 2 | # Kubernetes classic free cluster provisioning 3 | # Copyright 2020 IBM 4 | ##################################################### 5 | 6 | variable "cluster_name" { 7 | description = "Name of the cluster" 8 | type = string 9 | } 10 | 11 | variable "worker_zone" { 12 | description = "The zone where the worker node is created." 13 | type = string 14 | } 15 | 16 | variable "hardware" { 17 | description = "The level of hardware isolation for your worker node (shared / dedicated)" 18 | type = string 19 | } 20 | 21 | variable "create_timeout" { 22 | type = string 23 | description = "Timeout duration for create." 24 | default = null 25 | } 26 | 27 | variable "update_timeout" { 28 | type = string 29 | description = "Timeout duration for update." 30 | default = null 31 | } 32 | 33 | variable "delete_timeout" { 34 | type = string 35 | description = "Timeout duration for delete." 36 | default = null 37 | } 38 | 39 | variable "taints" { 40 | type = list(object({ 41 | key = string 42 | value = string 43 | effect = string 44 | })) 45 | description = "Set taints to worker nodes." 46 | default = [{ 47 | key = "dedicated" 48 | value = "edge" 49 | effect = "NoSchedule" 50 | }, 51 | ] 52 | } 53 | -------------------------------------------------------------------------------- /examples/classic-free/versions.tf: -------------------------------------------------------------------------------- 1 | ##################################################### 2 | # Kubernetes classic free cluster 3 | # Copyright 2020 IBM 4 | ##################################################### 5 | 6 | /*************************************************** 7 | NOTE: To source a particular version of IBM terraform provider, configure the parameter `version` as follows 8 | 9 | terraform { 10 | required_version = ">=0.13" 11 | required_providers { 12 | ibm = { 13 | source = "IBM-Cloud/ibm" 14 | version = "1.21.0" 15 | } 16 | } 17 | } 18 | 19 | If we dont configure the version parameter, it fetches the latest provider version. 20 | ****************************************************/ 21 | 22 | terraform { 23 | required_version = ">=0.13" 24 | required_providers { 25 | ibm = { 26 | source = "IBM-Cloud/ibm" 27 | } 28 | } 29 | } -------------------------------------------------------------------------------- /examples/classic-kubernetes-e2e/logging.tf: -------------------------------------------------------------------------------- 1 | ##################################################### 2 | # LOGDNA Configuration 3 | # Copyright 2021 IBM 4 | ##################################################### 5 | 6 | module "logdna_instance" { 7 | source = "terraform-ibm-modules/observability/ibm//modules/logging-logdna" 8 | version = "1.3.0" 9 | count = var.logDNA_name == null ? 1 : 0 10 | bind_resource_key = true 11 | service_name = "logdna" 12 | resource_group_id = data.ibm_resource_group.rg.id 13 | plan = "30-day" 14 | region = var.region 15 | tags = ["FS-Cloud"] 16 | create_timeout = "30m" 17 | resource_key_name = "logdna-key" 18 | role = "Manager" 19 | resource_key_tags = ["FS-Cloud"] 20 | } 21 | 22 | data "ibm_resource_instance" "logdna_instance" { 23 | count = var.logDNA_name != null ? 1 : 0 24 | name = var.logDNA_name 25 | service = "logdna" 26 | resource_group_id = data.ibm_resource_group.rg.id 27 | location = var.region 28 | } -------------------------------------------------------------------------------- /examples/classic-kubernetes-e2e/monitoring.tf: -------------------------------------------------------------------------------- 1 | ##################################################### 2 | # SYSDIG Configuration 3 | # Copyright 2021 IBM 4 | ##################################################### 5 | 6 | module "sysdig_instance" { 7 | source = "terraform-ibm-modules/observability/ibm//modules/monitoring-sysdig" 8 | version = "1.3.0" 9 | count = var.sysdig_name == null ? 1 : 0 10 | bind_resource_key = true 11 | service_name = "sysdig" 12 | resource_group_id = data.ibm_resource_group.rg.id 13 | plan = "graduated-tier" 14 | region = var.region 15 | tags = ["FS-Cloud"] 16 | create_timeout = "30m" 17 | resource_key_name = "sysdig-key" 18 | role = "Manager" 19 | resource_key_tags = ["FS-Cloud"] 20 | } 21 | 22 | data "ibm_resource_instance" "sysdig_instance" { 23 | count = var.sysdig_name != null ? 1 : 0 24 | name = var.sysdig_name 25 | service = "sysdig-monitor" 26 | resource_group_id = data.ibm_resource_group.rg.id 27 | location = var.region 28 | } -------------------------------------------------------------------------------- /examples/classic-kubernetes-e2e/versions.tf: -------------------------------------------------------------------------------- 1 | ##################################################### 2 | # Terraform versions Configuration 3 | # Copyright 2021 IBM 4 | ##################################################### 5 | 6 | /**************************************************** 7 | NOTE: To source a particular version of IBM terraform provider, configure the parameter `version` as follows 8 | 9 | terraform { 10 | required_version = ">=0.13" 11 | required_providers { 12 | ibm = { 13 | source = "IBM-Cloud/ibm" 14 | version = "1.21.0" 15 | } 16 | } 17 | } 18 | 19 | If we dont configure the version parameter, it fetches the latest provider version. 20 | *****************************************************/ 21 | 22 | terraform { 23 | required_version = ">=0.13" 24 | required_providers { 25 | ibm = { 26 | source = "IBM-Cloud/ibm" 27 | } 28 | } 29 | } -------------------------------------------------------------------------------- /examples/classic-kubernetes-multi-zone/input.tfvars: -------------------------------------------------------------------------------- 1 | ######################################################## 2 | # kubernetes classic cluster worker pool configuration 3 | # Copyright 2020 IBM 4 | ######################################################## 5 | 6 | /**************************************************** 7 | Example Usage 8 | 9 | worker_zones = { 10 | dal12 = { 11 | public_vlan = "" 12 | private_vlan = "" 13 | } 14 | } 15 | 16 | kms_config = [{ 17 | instance_id = "" 18 | crk_id = "" 19 | private_endpoint = 20 | }, 21 | ] 22 | 23 | 24 | workers_info = [{ 25 | id = "" 26 | version = "" 27 | }, 28 | ] 29 | 30 | webhook = [{ 31 | level = "" 32 | type = "" 33 | url = "< The URL for the webhook.>" 34 | }, 35 | ] 36 | 37 | tags = ["",""] 38 | 39 | subnet_id = [""] 40 | 41 | 42 | ******************************************************/ 43 | 44 | 45 | 46 | worker_zones = { 47 | dal12 = { 48 | public_vlan = "2949448" 49 | private_vlan = "2949450" 50 | } 51 | } 52 | 53 | kms_config = [{ 54 | instance_id = "4b60eaa9-5a68-4ca7-bda3-23c41a3812af" 55 | crk_id = "8191042a-f9fe-4ec3-a36b-991b40201176" 56 | private_endpoint = false 57 | }, 58 | ] 59 | 60 | taints = [{ 61 | key = "dedicated" 62 | value = "edge" 63 | effect = "NoSchedule" 64 | }, 65 | ] 66 | 67 | 68 | workers_info = [{ 69 | id = "kube-btgbsard0ss76j8snblg-c2-default-000001a7" 70 | version = "4.3.23_openshift" 71 | }, 72 | ] 73 | 74 | webhook = [{ 75 | level = "Normal" 76 | type = "slack" 77 | url = "https://hooks.slack.com/services/yt7rebjhgh2r4rd44fjk" 78 | }, 79 | ] 80 | 81 | tags = ["T1", "T2"] 82 | 83 | subnet_id = ["1147081"] 84 | -------------------------------------------------------------------------------- /examples/classic-kubernetes-multi-zone/main.tf: -------------------------------------------------------------------------------- 1 | ##################################################### 2 | # kubernetes classic multi-zone cluster provisioning 3 | # Copyright 2020 IBM 4 | ##################################################### 5 | 6 | provider "ibm" { 7 | } 8 | 9 | data "ibm_resource_group" "rg" { 10 | name = var.resource_group 11 | } 12 | 13 | module "classic_kubernetes_multi_zone_cluster" { 14 | //Uncomment the following line to make the source point to registry level 15 | //source = "terraform-ibm-modules/cluster/ibm//modules/classic-kubernetes-multi-zone" 16 | 17 | source = "../../modules/classic-kubernetes-multi-zone" 18 | 19 | cluster_name = var.cluster_name 20 | metro = var.metro 21 | worker_zones = var.worker_zones 22 | hardware = var.hardware 23 | resource_group_id = data.ibm_resource_group.rg.id 24 | worker_nodes_per_zone = var.worker_nodes_per_zone 25 | worker_pool_flavor = var.worker_pool_flavor 26 | public_vlan = var.public_vlan_id 27 | private_vlan = var.private_vlan_id 28 | master_service_public_endpoint = var.master_service_public_endpoint 29 | master_service_private_endpoint = var.master_service_private_endpoint 30 | force_delete_storage = var.force_delete_storage 31 | gateway_enabled = var.gateway_enabled 32 | encrypt_local_disk = var.encrypt_local_disk 33 | no_subnet = var.no_subnet 34 | subnet_id = var.subnet_id 35 | update_all_workers = var.update_all_workers 36 | tags = var.tags 37 | kube_version = var.kube_version 38 | kms_config = var.kms_config 39 | workers_info = var.workers_info 40 | webhook = var.webhook 41 | wait_till_albs = var.wait_till_albs 42 | create_timeout = var.create_timeout 43 | update_timeout = var.update_timeout 44 | delete_timeout = var.delete_timeout 45 | taints = var.taints 46 | } -------------------------------------------------------------------------------- /examples/classic-kubernetes-multi-zone/versions.tf: -------------------------------------------------------------------------------- 1 | ##################################################### 2 | # Kubernetes classic multi-zone cluster 3 | # Copyright 2020 IBM 4 | ##################################################### 5 | 6 | /*************************************************** 7 | NOTE: To source a particular version of IBM terraform provider, configure the parameter `version` as follows 8 | 9 | terraform { 10 | required_version = ">=0.13" 11 | required_providers { 12 | ibm = { 13 | source = "IBM-Cloud/ibm" 14 | version = "1.21.0" 15 | } 16 | } 17 | } 18 | 19 | If we dont configure the version parameter, it fetches the latest provider version. 20 | ****************************************************/ 21 | 22 | terraform { 23 | required_version = ">=0.13" 24 | required_providers { 25 | ibm = { 26 | source = "IBM-Cloud/ibm" 27 | } 28 | } 29 | } -------------------------------------------------------------------------------- /examples/classic-kubernetes-single-zone/input.tfvars: -------------------------------------------------------------------------------- 1 | ##################################################### 2 | # classic kubernetes single zone cluster provisioning 3 | # Copyright 2020 IBM 4 | ##################################################### 5 | 6 | /**************************************************** 7 | 8 | kms_config = [{ 9 | instance_id = "" 10 | crk_id = "" 11 | private_endpoint = 12 | }, 13 | ] 14 | 15 | 16 | workers_info = [{ 17 | id = "" 18 | version = "" 19 | }, 20 | ] 21 | 22 | webhook = [{ 23 | level = "" 24 | type = "" 25 | url = "< The URL for the webhook.>" 26 | }, 27 | ] 28 | 29 | tags = ["",""] 30 | 31 | subnet_id = [""] 32 | 33 | *******************************************************/ 34 | 35 | 36 | kms_config = [{ 37 | instance_id = "12043812-757f-4e1e-8436-6af3245e6a69" 38 | crk_id = "0792853c-b9f9-4b35-9d9e-ffceab51d3c1" 39 | private_endpoint = false 40 | }, 41 | ] 42 | 43 | 44 | workers_info = [{ 45 | id = "kube-btgbsard0ss76j8snblg-c2-default-000001a7" 46 | version = "4.3.23_openshift" 47 | }, 48 | ] 49 | 50 | webhook = [{ 51 | level = "Normal" 52 | type = "slack" 53 | url = "https://hooks.slack.com/services/yt7rebjhgh2r4rd44fjk" 54 | }, 55 | ] 56 | 57 | taints = [{ 58 | key = "dedicated" 59 | value = "edge" 60 | effect = "NoSchedule" 61 | }, 62 | ] 63 | 64 | tags = ["T1", "T2"] 65 | 66 | subnet_id = ["1147081"] -------------------------------------------------------------------------------- /examples/classic-kubernetes-single-zone/main.tf: -------------------------------------------------------------------------------- 1 | ##################################################### 2 | # classic kubernetes single-zone cluster provisioning 3 | # Copyright 2020 IBM 4 | ##################################################### 5 | 6 | provider "ibm" { 7 | } 8 | 9 | data "ibm_resource_group" "rg" { 10 | name = var.resource_group 11 | } 12 | 13 | module "classic_kubernetes_single_zone_cluster" { 14 | //Uncomment the following line to make the source point to registry level 15 | //source = "terraform-ibm-modules/cluster/ibm//modules/classic-kubernetes-single-zone" 16 | source = "../../modules/classic-kubernetes-single-zone" 17 | 18 | cluster_name = var.cluster_name 19 | worker_zone = var.worker_zone 20 | hardware = var.hardware 21 | resource_group_id = data.ibm_resource_group.rg.id 22 | worker_nodes_per_zone = var.worker_nodes_per_zone 23 | worker_pool_flavor = var.worker_pool_flavor 24 | public_vlan = var.public_vlan_id 25 | private_vlan = var.private_vlan_id 26 | master_service_public_endpoint = var.master_service_public_endpoint 27 | master_service_private_endpoint = var.master_service_private_endpoint 28 | force_delete_storage = var.force_delete_storage 29 | gateway_enabled = var.gateway_enabled 30 | encrypt_local_disk = var.encrypt_local_disk 31 | no_subnet = var.no_subnet 32 | subnet_id = var.subnet_id 33 | update_all_workers = var.update_all_workers 34 | tags = var.tags 35 | kube_version = var.kube_version 36 | kms_config = var.kms_config 37 | workers_info = var.workers_info 38 | webhook = var.webhook 39 | taints = var.taints 40 | create_timeout = var.create_timeout 41 | update_timeout = var.update_timeout 42 | delete_timeout = var.delete_timeout 43 | } -------------------------------------------------------------------------------- /examples/classic-kubernetes-single-zone/versions.tf: -------------------------------------------------------------------------------- 1 | ##################################################### 2 | # Kubernetes classic single-zone cluster 3 | # Copyright 2020 IBM 4 | ##################################################### 5 | 6 | /*************************************************** 7 | NOTE: To source a particular version of IBM terraform provider, configure the parameter `version` as follows 8 | 9 | terraform { 10 | required_version = ">=0.13" 11 | required_providers { 12 | ibm = { 13 | source = "IBM-Cloud/ibm" 14 | version = "1.21.0" 15 | } 16 | } 17 | } 18 | 19 | If we dont configure the version parameter, it fetches the latest provider version. 20 | ****************************************************/ 21 | 22 | terraform { 23 | required_version = ">=0.13" 24 | required_providers { 25 | ibm = { 26 | source = "IBM-Cloud/ibm" 27 | } 28 | } 29 | } -------------------------------------------------------------------------------- /examples/classic-openshift-multi-zone/input.tfvars: -------------------------------------------------------------------------------- 1 | ##################################################### 2 | # classic kubernetes multi-zone cluster provisioning 3 | # Copyright 2020 IBM 4 | ##################################################### 5 | 6 | /**************************************************** 7 | Example Usage 8 | 9 | worker_zones = { 10 | = { 11 | public_vlan = "" 12 | private_vlan = "" 13 | } 14 | = { 15 | public_vlan = "" 16 | private_vlan = "" 17 | } 18 | } 19 | 20 | worker_zones = { 21 | dal12 = { 22 | public_vlan = "" 23 | private_vlan = "" 24 | } 25 | } 26 | 27 | kms_config = [{ 28 | instance_id = "" 29 | crk_id = "" 30 | private_endpoint = 31 | }, 32 | ] 33 | 34 | 35 | workers_info = [{ 36 | id = "" 37 | version = "" 38 | }, 39 | ] 40 | 41 | webhook = [{ 42 | level = "" 43 | type = "" 44 | url = "< The URL for the webhook.>" 45 | }, 46 | ] 47 | 48 | tags = ["",""] 49 | 50 | subnet_id = [""] 51 | 52 | 53 | 54 | ******************************************************/ 55 | 56 | worker_zones = { 57 | dal12 = { 58 | public_vlan = "2949448" 59 | private_vlan = "2949450" 60 | } 61 | } 62 | 63 | kms_config = [{ 64 | instance_id = "12043812-757f-4e1e-8436-6af3245e6a69" 65 | crk_id = "0792853c-b9f9-4b35-9d9e-ffceab51d3c1" 66 | private_endpoint = false 67 | }, 68 | ] 69 | 70 | 71 | workers_info = [{ 72 | id = "kube-btgbsard0ss76j8snblg-c2-default-000001a7" 73 | version = "4.3.23_openshift" 74 | }, 75 | ] 76 | 77 | webhook = [{ 78 | level = "Normal" 79 | type = "slack" 80 | url = "https://hooks.slack.com/services/yt7rebjhgh2r4rd44fjk" 81 | }, 82 | ] 83 | 84 | taints = [{ 85 | key = "dedicated" 86 | value = "edge" 87 | effect = "NoSchedule" 88 | }, 89 | ] 90 | 91 | tags = ["T1", "T2"] 92 | 93 | subnet_id = ["1147081"] 94 | -------------------------------------------------------------------------------- /examples/classic-openshift-multi-zone/main.tf: -------------------------------------------------------------------------------- 1 | ##################################################### 2 | # classic kubernetes multi-zone cluster provisioning 3 | # Copyright 2020 IBM 4 | ##################################################### 5 | 6 | provider "ibm" { 7 | } 8 | 9 | data "ibm_resource_group" "rg" { 10 | name = var.resource_group 11 | } 12 | 13 | module "classic_openshift_multi_zone_cluster" { 14 | //Uncomment the following line to make the source point to registry level 15 | //source = "terraform-ibm-modules/cluster/ibm//modules/classic-openshift-multi-zone" 16 | 17 | source = "../../modules/classic-openshift-multi-zone" 18 | cluster_name = var.cluster_name 19 | metro = var.metro 20 | worker_zones = var.worker_zones 21 | hardware = var.hardware 22 | resource_group_id = data.ibm_resource_group.rg.id 23 | worker_nodes_per_zone = var.worker_nodes_per_zone 24 | worker_pool_flavor = var.worker_pool_flavor 25 | public_vlan = var.public_vlan_id 26 | private_vlan = var.private_vlan_id 27 | master_service_public_endpoint = var.master_service_public_endpoint 28 | master_service_private_endpoint = var.master_service_private_endpoint 29 | force_delete_storage = var.force_delete_storage 30 | gateway_enabled = var.gateway_enabled 31 | encrypt_local_disk = var.encrypt_local_disk 32 | no_subnet = var.no_subnet 33 | subnet_id = var.subnet_id 34 | update_all_workers = var.update_all_workers 35 | tags = var.tags 36 | kube_version = var.kube_version 37 | kms_config = var.kms_config 38 | workers_info = var.workers_info 39 | webhook = var.webhook 40 | entitlement = var.entitlement 41 | taints = var.taints 42 | wait_till_albs = var.wait_till_albs 43 | create_timeout = var.create_timeout 44 | update_timeout = var.update_timeout 45 | delete_timeout = var.delete_timeout 46 | } -------------------------------------------------------------------------------- /examples/classic-openshift-multi-zone/versions.tf: -------------------------------------------------------------------------------- 1 | ##################################################### 2 | # classic openshift multi-zone cluster provisioning 3 | # Copyright 2020 IBM 4 | ##################################################### 5 | 6 | /*************************************************** 7 | NOTE: To source a particular version of IBM terraform provider, configure the parameter `version` as follows 8 | 9 | terraform { 10 | required_version = ">=0.13" 11 | required_providers { 12 | ibm = { 13 | source = "IBM-Cloud/ibm" 14 | version = "1.21.0" 15 | } 16 | } 17 | } 18 | 19 | If we dont configure the version parameter, it fetches the latest provider version. 20 | ****************************************************/ 21 | 22 | terraform { 23 | required_version = ">=0.13" 24 | required_providers { 25 | ibm = { 26 | source = "IBM-Cloud/ibm" 27 | } 28 | } 29 | } -------------------------------------------------------------------------------- /examples/classic-openshift-single-zone/input.tfvars: -------------------------------------------------------------------------------- 1 | ##################################################### 2 | # classic openshift single zone cluster provisioning 3 | # Copyright 2020 IBM 4 | ##################################################### 5 | 6 | /**************************************************** 7 | 8 | Usage Example 9 | 10 | kms_config = [{ 11 | instance_id = "" 12 | crk_id = "" 13 | private_endpoint = 14 | }, 15 | ] 16 | 17 | 18 | workers_info = [{ 19 | id = "" 20 | version = "" 21 | }, 22 | ] 23 | 24 | webhook = [{ 25 | level = "" 26 | type = "" 27 | url = "< The URL for the webhook.>" 28 | }, 29 | ] 30 | 31 | tags = ["",""] 32 | 33 | subnet_id = [""] 34 | 35 | 36 | *******************************************************/ 37 | 38 | 39 | 40 | kms_config = [{ 41 | instance_id = "12043812-757f-4e1e-8436-6af3245e6a69" 42 | crk_id = "0792853c-b9f9-4b35-9d9e-ffceab51d3c1" 43 | private_endpoint = false 44 | }, 45 | ] 46 | 47 | 48 | workers_info = [{ 49 | id = "kube-btgbsard0ss76j8snblg-c2-default-000001a7" 50 | version = "4.3.23_openshift" 51 | }, 52 | ] 53 | 54 | webhook = [{ 55 | level = "Normal" 56 | type = "slack" 57 | url = "https://hooks.slack.com/services/yt7rebjhgh2r4rd44fjk" 58 | }, 59 | ] 60 | 61 | taints = [{ 62 | key = "dedicated" 63 | value = "edge" 64 | effect = "NoSchedule" 65 | }, 66 | ] 67 | 68 | tags = ["T1", "T2"] 69 | 70 | subnet_id = ["1147081"] -------------------------------------------------------------------------------- /examples/classic-openshift-single-zone/main.tf: -------------------------------------------------------------------------------- 1 | ##################################################### 2 | # classic kubernetes single-zone cluster provisioning 3 | # Copyright 2020 IBM 4 | ##################################################### 5 | 6 | provider "ibm" { 7 | } 8 | 9 | data "ibm_resource_group" "rg" { 10 | name = var.resource_group 11 | } 12 | 13 | module "classic_openshift_single_zone_cluster" { 14 | //Uncomment the following line to make the source point to registry level 15 | //source = "terraform-ibm-modules/cluster/ibm//modules/classic-openshift-single-zone" 16 | source = "../../modules/classic-openshift-single-zone" 17 | 18 | cluster_name = var.cluster_name 19 | worker_zone = var.worker_zone 20 | hardware = var.hardware 21 | resource_group_id = data.ibm_resource_group.rg.id 22 | worker_nodes_per_zone = var.worker_nodes_per_zone 23 | worker_pool_flavor = var.worker_pool_flavor 24 | public_vlan = var.public_vlan_id 25 | private_vlan = var.private_vlan_id 26 | master_service_public_endpoint = var.master_service_public_endpoint 27 | master_service_private_endpoint = var.master_service_private_endpoint 28 | force_delete_storage = var.force_delete_storage 29 | gateway_enabled = var.gateway_enabled 30 | encrypt_local_disk = var.encrypt_local_disk 31 | no_subnet = var.no_subnet 32 | subnet_id = var.subnet_id 33 | update_all_workers = var.update_all_workers 34 | tags = var.tags 35 | kube_version = var.kube_version 36 | kms_config = var.kms_config 37 | workers_info = var.workers_info 38 | webhook = var.webhook 39 | entitlement = var.entitlement 40 | taints = var.taints 41 | create_timeout = var.create_timeout 42 | update_timeout = var.update_timeout 43 | delete_timeout = var.delete_timeout 44 | } -------------------------------------------------------------------------------- /examples/classic-openshift-single-zone/versions.tf: -------------------------------------------------------------------------------- 1 | ##################################################### 2 | # classic kubernetes single-zone cluster provisioning 3 | # Copyright 2020 IBM 4 | ##################################################### 5 | 6 | /*************************************************** 7 | NOTE: To source a particular version of IBM terraform provider, configure the parameter `version` as follows 8 | 9 | terraform { 10 | required_version = ">=0.13" 11 | required_providers { 12 | ibm = { 13 | source = "IBM-Cloud/ibm" 14 | version = "1.21.0" 15 | } 16 | } 17 | } 18 | 19 | If we dont configure the version parameter, it fetches the latest provider version. 20 | ****************************************************/ 21 | 22 | terraform { 23 | required_version = ">=0.13" 24 | required_providers { 25 | ibm = { 26 | source = "IBM-Cloud/ibm" 27 | } 28 | } 29 | } -------------------------------------------------------------------------------- /examples/configure-addons/README.md: -------------------------------------------------------------------------------- 1 | # Module add-ons 2 | 3 | This module is used to configure a list of add-ons to an existing cluster on IBM Cloud Infrastructure. 4 | 5 | ## Example Usage 6 | ``` 7 | provider "ibm" { 8 | } 9 | 10 | module "classic_kubernetes_worker_pool" { 11 | //Uncomment the following line to make the source point to registry level 12 | //source = "terraform-ibm-modules/cluster/ibm//modules/configure-addons" 13 | 14 | source = "../../modules/configure-addons" 15 | cluster_name = var.cluster_name 16 | add_ons = var.add_ons 17 | create_timeout = var.create_timeout 18 | update_timeout = var.update_timeout 19 | } 20 | ``` 21 | ## NOTE: 22 | 23 | If we want to make use of a particular version of module, then set the "version" argument to respective module version. 24 | 25 | 26 | ## Inputs 27 | 28 | | Name | Description | Type | Default | Required| 29 | |-----------------------------------|---------------------------------------------------------------------- |--------|---------|---------| 30 | | cluster\_name | Name of the cluster | string | n/a | yes | 31 | | add\_ons | map(map(add_ons)), key is add_on name and value is respective version.| string | n/a | yes | 32 | | add\_ons.version | The add-on version. | string | n/a | no | 33 | | create_timeout | Timeout duration for create | string | n/a | no | 34 | | update_timeout | Timeout duration for update | string | n/a | no | 35 | 36 | 37 | 38 | 39 | 40 | ## add_ons Inputs 41 | 42 | | Name | Description | Type | Default | Required | 43 | |-----------------------------------|-------------------------------------------------------|--------|---------|----------| 44 | | version | The add-on version. | string | n/a | no | 45 | 46 | 47 | 48 | NOTE: We can configure the list of add-ons to be attached to a cluster by entering add-on details in input.tfvars. 49 | 50 | 51 | ## Usage 52 | 53 | terraform apply -var-file="input.tfvars" 54 | 55 | -------------------------------------------------------------------------------- /examples/configure-addons/input.tfvars: -------------------------------------------------------------------------------- 1 | ##################################################### 2 | # Configure Add-ons to a cluster 3 | # Copyright 2020 IBM 4 | ##################################################### 5 | 6 | /**************************************************** 7 | Example Usage - configuaring multiple add_ons 8 | 9 | add_ons = { 10 | = { 11 | version = "" 12 | } 13 | = { 14 | version = "" 15 | } 16 | } 17 | 18 | ******************************************************/ 19 | 20 | add_ons = { 21 | istio = { 22 | version = "1.7" 23 | } 24 | } -------------------------------------------------------------------------------- /examples/configure-addons/main.tf: -------------------------------------------------------------------------------- 1 | ##################################################### 2 | # Configure Add-ons to a cluster 3 | # Copyright 2020 IBM 4 | ##################################################### 5 | 6 | provider "ibm" { 7 | } 8 | 9 | module "classic_kubernetes_worker_pool" { 10 | //Uncomment the following line to make the source point to registry level 11 | //source = "terraform-ibm-modules/cluster/ibm//modules/configure-addons" 12 | 13 | source = "../../modules/configure-addons" 14 | cluster_name = var.cluster_name 15 | add_ons = var.add_ons 16 | create_timeout = var.create_timeout 17 | update_timeout = var.update_timeout 18 | } -------------------------------------------------------------------------------- /examples/configure-addons/variables.tf: -------------------------------------------------------------------------------- 1 | ##################################################### 2 | # Configure Add-ons to a cluster 3 | # Copyright 2020 IBM 4 | ##################################################### 5 | 6 | variable "cluster_name" { 7 | description = "Name of the cluster" 8 | type = string 9 | } 10 | 11 | variable "add_ons" { 12 | type = map 13 | description = "List of add-ons" 14 | } 15 | 16 | variable "create_timeout" { 17 | type = string 18 | description = "Timeout duration for create." 19 | default = null 20 | } 21 | 22 | variable "update_timeout" { 23 | type = string 24 | description = "Timeout duration for update." 25 | default = null 26 | } 27 | -------------------------------------------------------------------------------- /examples/configure-addons/versions.tf: -------------------------------------------------------------------------------- 1 | ######################################################## 2 | # Kubernetes classic cluster worker pool configuration 3 | # Copyright 2020 IBM 4 | ######################################################## 5 | 6 | /*************************************************** 7 | NOTE: To source a particular version of IBM terraform provider, configure the parameter `version` as follows 8 | 9 | terraform { 10 | required_version = ">=0.13" 11 | required_providers { 12 | ibm = { 13 | source = "IBM-Cloud/ibm" 14 | version = "1.21.0" 15 | } 16 | } 17 | } 18 | 19 | If we dont configure the version parameter, it fetches the latest provider version. 20 | ****************************************************/ 21 | 22 | terraform { 23 | required_version = ">=0.13" 24 | required_providers { 25 | ibm = { 26 | source = "IBM-Cloud/ibm" 27 | } 28 | } 29 | } -------------------------------------------------------------------------------- /examples/configure-alb-cert/README.md: -------------------------------------------------------------------------------- 1 | # Module container_alb_cert 2 | 3 | This example is used to SSL certificate that you store in IBM Cloud Certificate Manager for an Ingress Application Load Balancer (ALB). For more information, about container ALB certificate, see [setting up Kubernetes Ingress](https://cloud.ibm.com/docs/containers?topic=containers-ingress-types). 4 | 5 | ## Example Usage 6 | ``` 7 | provider "ibm" { 8 | } 9 | 10 | module "container_alb_cert" { 11 | //Uncomment the following line to make the source point to registry level 12 | //source = "terraform-ibm-modules/cluster/ibm//modules/configure-alb-cert" 13 | 14 | source = "../../modules/configure-alb-cert" 15 | 16 | certificate_crn = var.certificate_crn 17 | secret_name = var.secret_name 18 | cluster = var.cluster 19 | namespace = var.namespace 20 | persistence = var.persistence 21 | } 22 | ``` 23 | ## NOTE: 24 | 25 | If we want to make use of a particular version of module, then set the "version" argument to accordingly. 26 | 27 | 28 | 29 | ## Inputs 30 | 31 | | Name | Description | Type | Default | Required | 32 | |---------------|-------------------------------------------------------|--------|----------------|----------| 33 | | certificate_crn | The CRN of the certificate | string | n/a | yes | 34 | | secret_name | The name of the ALB certificate secret. | string | n/a | yes | 35 | | cluster | ID or name of the cluster that hosts the Ingress ALB | string | n/a | yes | 36 | | namespace | The namespace in which the secret is created | string | ibm-cert-store | no | 37 | | persistence | Persist the secret data in your cluster. | bool | n/a | no | 38 | 39 | 40 | 41 | 42 | 43 | ## Usage 44 | ``` 45 | terraform init 46 | 47 | terraform plan 48 | 49 | terraform apply 50 | ``` 51 | -------------------------------------------------------------------------------- /examples/configure-alb-cert/main.tf: -------------------------------------------------------------------------------- 1 | ##################################################### 2 | # ibm_container_alb_cert - Used to create SSL certificate that 3 | # you store in IBM Cloud Certificate Manager for an Ingress Application Load Balancer (ALB). 4 | # Copyright 2020 IBM 5 | ##################################################### 6 | 7 | provider "ibm" { 8 | } 9 | 10 | module "container_alb_cert" { 11 | //Uncomment the following line to make the source point to registry level 12 | //source = "terraform-ibm-modules/cluster/ibm//modules/configure-alb-cert" 13 | 14 | source = "../../modules/configure-alb-cert" 15 | 16 | certificate_crn = var.certificate_crn 17 | secret_name = var.secret_name 18 | cluster = var.cluster 19 | namespace = var.namespace 20 | persistence = var.persistence 21 | } -------------------------------------------------------------------------------- /examples/configure-alb-cert/variables.tf: -------------------------------------------------------------------------------- 1 | ##################################################### 2 | # ibm_container_alb_cert - Used to create SSL certificate that 3 | # you store in IBM Cloud Certificate Manager for an Ingress Application Load Balancer (ALB). 4 | # Copyright 2020 IBM 5 | ##################################################### 6 | 7 | variable "certificate_crn" { 8 | description = "The CRN of the certificate that you uploaded to IBM Cloud Certificate Manager." 9 | type = string 10 | } 11 | 12 | variable "cluster" { 13 | description = "The ID or name of the cluster that hosts the Ingress ALB that you want to configure for SSL traffic." 14 | type = string 15 | } 16 | 17 | variable "secret_name" { 18 | description = "The name of the ALB certificate secret." 19 | type = string 20 | } 21 | 22 | variable "namespace" { 23 | description = "The namespace in which the secret is created. Default value is ibm-cert-store" 24 | type = string 25 | default = "ibm-cert-store" 26 | } 27 | 28 | variable "persistence" { 29 | type = bool 30 | description = "Persist the secret data in your cluster. If the secret is later deleted from the command line or OpenShift web console, the secret is automatically re-created in your cluster." 31 | default = null 32 | } 33 | 34 | -------------------------------------------------------------------------------- /examples/configure-alb-cert/versions.tf: -------------------------------------------------------------------------------- 1 | ##################################################### 2 | # ibm_container_alb_cert - Used to create SSL certificate that 3 | # you store in IBM Cloud Certificate Manager for an Ingress Application Load Balancer (ALB). 4 | # Copyright 2020 IBM 5 | ##################################################### 6 | 7 | /*************************************************** 8 | NOTE: To source a particular version of IBM terraform provider, configure the parameter `version` as follows 9 | 10 | terraform { 11 | required_version = ">=0.13" 12 | required_providers { 13 | ibm = { 14 | source = "IBM-Cloud/ibm" 15 | version = "1.21.0" 16 | } 17 | } 18 | } 19 | 20 | If we dont configure the version parameter, it fetches the latest provider version. 21 | ****************************************************/ 22 | 23 | terraform { 24 | required_version = ">=0.13" 25 | required_providers { 26 | ibm = { 27 | source = "IBM-Cloud/ibm" 28 | } 29 | } 30 | } -------------------------------------------------------------------------------- /examples/configure-alb/README.md: -------------------------------------------------------------------------------- 1 | # Module container_alb 2 | 3 | This example is used to enable or disable an Ingres application load balancer (ALB) that is set up in your cluster. ALBs are used to set up HTTP or HTTPS load-balancing for containerized apps that are deployed into an IBM Cloud Kubernetes Service or Red Hat OpenShift on IBM Cloud cluster. For more information, about Ingress ALBs, [see](https://cloud.ibm.com/docs/containers?topic=containers-ingress-about) 4 | 5 | ## Example Usage 6 | ``` 7 | provider "ibm" { 8 | } 9 | 10 | module "container_alb" { 11 | //Uncomment the following line to make the source point to registry level 12 | //source = "terraform-ibm-modules/cluster/ibm//modules/configure-alb" 13 | 14 | source = "../../modules/configure-alb" 15 | 16 | alb_id = var.alb_id 17 | enable = var.enable 18 | region = var.region 19 | user_ip = var.user_ip 20 | } 21 | ``` 22 | ## NOTE: 23 | 24 | If we want to make use of a particular version of module, then set the "version" argument to accordingly. 25 | 26 | 27 | 28 | ## Inputs 29 | 30 | | Name | Description | Type | Default | Required | 31 | |------------------------------|-------------------------------------------------------|--------|---------|----------| 32 | | alb_id | The unique identifier of the ALB. | string | n/a | yes | 33 | | enable | If set to true, the default Ingress ALB in your cluster is enabled and configured with the IBM-provided Ingress subdomain. If set to false, the default Ingress ALB is disabled in your cluster.| bool | true | no | 34 | | user_ip |For a private ALB only. The private ALB is deployed with an IP address from a user-provided private subnet. |string| n/a | no | 35 | 36 | 37 | 38 | 39 | 40 | ## Usage 41 | ``` 42 | terraform init 43 | 44 | terraform plan 45 | 46 | terraform apply 47 | ``` 48 | -------------------------------------------------------------------------------- /examples/configure-alb/main.tf: -------------------------------------------------------------------------------- 1 | ##################################################### 2 | # ibm_container_alb - Enable or disable an Ingres application load balancer (ALB) that is set up in your cluster. 3 | # Copyright 2020 IBM 4 | ##################################################### 5 | 6 | provider "ibm" { 7 | } 8 | 9 | module "container_alb" { 10 | //Uncomment the following line to make the source point to registry level 11 | //source = "terraform-ibm-modules/cluster/ibm//modules/configure-alb" 12 | 13 | source = "../../modules/configure-alb" 14 | 15 | alb_id = var.alb_id 16 | enable = var.enable 17 | user_ip = var.user_ip 18 | } -------------------------------------------------------------------------------- /examples/configure-alb/variables.tf: -------------------------------------------------------------------------------- 1 | ##################################################### 2 | # ibm_container_alb - Enable or disable an Ingres application load balancer (ALB) that is set up in your cluster. 3 | # Copyright 2020 IBM 4 | ##################################################### 5 | 6 | variable "alb_id" { 7 | description = "The unique identifier of the ALB. To retrieve the ID, run ibmcloud ks alb ls" 8 | type = string 9 | } 10 | 11 | variable "enable" { 12 | description = "If set to true, the default Ingress ALB in your cluster is enabled and configured with the IBM-provided Ingress subdomain. If set to false, the default Ingress ALB is disabled in your cluster. " 13 | type = bool 14 | default = false 15 | } 16 | 17 | variable "user_ip" { 18 | type = string 19 | description = "For a private ALB only. The private ALB is deployed with an IP address from a user-provided private subnet. If no IP address is provided, the ALB is deployed with a random IP address from a private subnet in the IBM Cloud account." 20 | default = null 21 | } 22 | 23 | -------------------------------------------------------------------------------- /examples/configure-alb/versions.tf: -------------------------------------------------------------------------------- 1 | ##################################################### 2 | # ibm_container_alb - Enable or disable an Ingres application load balancer (ALB) that is set up in your cluster. 3 | # Copyright 2020 IBM 4 | ##################################################### 5 | 6 | /*************************************************** 7 | NOTE: To source a particular version of IBM terraform provider, configure the parameter `version` as follows 8 | 9 | terraform { 10 | required_version = ">=0.13" 11 | required_providers { 12 | ibm = { 13 | source = "IBM-Cloud/ibm" 14 | version = "1.21.0" 15 | } 16 | } 17 | } 18 | 19 | If we dont configure the version parameter, it fetches the latest provider version. 20 | ****************************************************/ 21 | 22 | terraform { 23 | required_version = ">=0.13" 24 | required_providers { 25 | ibm = { 26 | source = "IBM-Cloud/ibm" 27 | } 28 | } 29 | } -------------------------------------------------------------------------------- /examples/configure-classic-worker-pool/input.tfvars: -------------------------------------------------------------------------------- 1 | ##################################################### 2 | # classic kubernetes multi-zone cluster provisioning 3 | # Copyright 2020 IBM 4 | ##################################################### 5 | 6 | /**************************************************** 7 | Example Usage - configuaring multiple zones 8 | 9 | worker_zones = { 10 | = { 11 | public_vlan = "" 12 | private_vlan = "" 13 | } 14 | = { 15 | public_vlan = "" 16 | private_vlan = "" 17 | } 18 | } 19 | 20 | ******************************************************/ 21 | 22 | worker_zones = { 23 | dal12 = { 24 | public_vlan = "2949448" 25 | private_vlan = "2949450" 26 | } 27 | } 28 | 29 | taints = [{ 30 | key = "dedicated" 31 | value = "edge" 32 | effect = "NoSchedule" 33 | }, 34 | ] -------------------------------------------------------------------------------- /examples/configure-classic-worker-pool/main.tf: -------------------------------------------------------------------------------- 1 | ######################################################## 2 | # kubernetes classic cluster worker pool configuration 3 | # Copyright 2020 IBM 4 | ######################################################## 5 | 6 | provider "ibm" { 7 | } 8 | 9 | data "ibm_resource_group" "rg" { 10 | name = var.resource_group 11 | } 12 | 13 | module "classic_cluster_worker_pool" { 14 | //Uncomment the following line to make the source point to registry level 15 | //source = "terraform-ibm-modules/cluster/ibm//modules/configure-classic-worker-pool" 16 | source = "../../modules/configure-classic-worker-pool" 17 | 18 | cluster_name = var.cluster_name 19 | worker_pool_name = var.worker_pool_name 20 | worker_nodes = var.worker_nodes 21 | flavor = var.flavor 22 | worker_zones = var.worker_zones 23 | resource_group_id = data.ibm_resource_group.rg.id 24 | wait_till_albs = var.wait_till_albs 25 | hardware = var.hardware 26 | encrypt_local_disk = var.encrypt_local_disk 27 | labels = var.labels 28 | taints = var.taints 29 | create_timeout = var.create_timeout 30 | update_timeout = var.update_timeout 31 | delete_timeout = var.delete_timeout 32 | } -------------------------------------------------------------------------------- /examples/configure-classic-worker-pool/variables.tf: -------------------------------------------------------------------------------- 1 | ##################################################### 2 | # Classic kubernetes cluster configurations 3 | # Copyright 2020 IBM 4 | ##################################################### 5 | 6 | variable "cluster_name" { 7 | description = "Name of the cluster" 8 | type = string 9 | } 10 | 11 | variable "worker_pool_name" { 12 | description = "Name of the worker pool." 13 | type = string 14 | } 15 | 16 | variable "worker_nodes" { 17 | description = "Number of worker nodes" 18 | type = number 19 | } 20 | 21 | variable "flavor" { 22 | description = "Machine type." 23 | type = string 24 | } 25 | 26 | variable "hardware" { 27 | description = "The level of hardware isolation for your worker node." 28 | type = string 29 | default = null 30 | } 31 | 32 | 33 | variable "encrypt_local_disk" { 34 | description = "Set this to true to enable disk encryption" 35 | type = bool 36 | default = null 37 | } 38 | 39 | variable "worker_zones" { 40 | type = map 41 | description = "List of worker zones to attach" 42 | } 43 | 44 | variable "resource_group" { 45 | description = "Enter Name of the resource group" 46 | type = string 47 | } 48 | 49 | variable "labels" { 50 | description = "A list of labels that you want to add to all the worker nodes in the worker pool" 51 | type = map 52 | default = null 53 | } 54 | 55 | variable "wait_till_albs" { 56 | description = "specify the stage when you want Terraform to mark the zone attachment complete." 57 | type = bool 58 | default = null 59 | } 60 | 61 | variable "create_timeout" { 62 | type = string 63 | description = "Timeout duration for create." 64 | default = null 65 | } 66 | 67 | variable "update_timeout" { 68 | type = string 69 | description = "Timeout duration for update." 70 | default = null 71 | } 72 | 73 | variable "delete_timeout" { 74 | type = string 75 | description = "Timeout duration for delete." 76 | default = null 77 | } 78 | 79 | variable "taints" { 80 | type = list(object({ 81 | key = string 82 | value = string 83 | effect = string 84 | })) 85 | description = "Set taints to worker nodes." 86 | default = [{ 87 | key = "dedicated" 88 | value = "edge" 89 | effect = "NoSchedule" 90 | }, 91 | ] 92 | } 93 | -------------------------------------------------------------------------------- /examples/configure-classic-worker-pool/versions.tf: -------------------------------------------------------------------------------- 1 | ######################################################## 2 | # Kubernetes classic cluster worker pool configuration 3 | # Copyright 2020 IBM 4 | ######################################################## 5 | 6 | 7 | /*************************************************** 8 | NOTE: To source a particular version of IBM terraform provider, configure the parameter `version` as follows 9 | 10 | terraform { 11 | required_version = ">=0.13" 12 | required_providers { 13 | ibm = { 14 | source = "IBM-Cloud/ibm" 15 | version = "1.21.0" 16 | } 17 | } 18 | } 19 | 20 | If we dont configure the version parameter, it fetches the latest provider version. 21 | ****************************************************/ 22 | 23 | terraform { 24 | required_version = ">=0.13" 25 | required_providers { 26 | ibm = { 27 | source = "IBM-Cloud/ibm" 28 | } 29 | } 30 | } -------------------------------------------------------------------------------- /examples/configure-logdna/README.md: -------------------------------------------------------------------------------- 1 | # Module logdna 2 | 3 | This module is used to configure a logdna to an existing cluster on IBM Cloud Infrastructure. 4 | 5 | ## Example Usage 6 | ``` 7 | data "ibm_resource_group" "resource_group" { 8 | name = var.resource_group 9 | } 10 | 11 | data "ibm_resource_instance" "logdna_instance" { 12 | 13 | name = var.logdna_name 14 | service = "logdna" 15 | resource_group_id = data.ibm_resource_group.resource_group.id 16 | location = var.region 17 | } 18 | 19 | module "cluster_logdna_attach" { 20 | //Uncomment the following line to make the source point to registry level 21 | //source = "terraform-ibm-modules/cluster/ibm//modules/configure-logdna" 22 | 23 | source = "../../modules/configure-logdna" 24 | cluster = var.cluster 25 | logdna_instance_id = data.ibm_resource_instance.logdna_instance.guid 26 | private_endpoint = var.private_endpoint 27 | logdna_ingestion_key = var.logdna_ingestion_key 28 | create_timeout = var.create_timeout 29 | update_timeout = var.update_timeout 30 | delete_timeout = var.delete_timeout 31 | } 32 | ``` 33 | ## NOTE: 34 | 35 | If we want to make use of a particular version of module, then set the "version" argument to respective module version. 36 | 37 | 38 | ## Inputs 39 | 40 | | Name | Description | Type | Default | Required | 41 | |-----------------------------------|-----------------------------------------------------------|--------|---------|----------| 42 | | cluster | Name or id of the cluster | string | n/a | yes | 43 | | logdna\_name | Name of the logdna to attach to a cluster. | string | n/a | yes | 44 | | region | Region where sysdig is provisioned. | string | n/a | no | 45 | | resource\_group | Name of the resource group. | string | n/a | yes | 46 | | private_endpoint | Use to connect to LogDNA instance through private endpoint| bool | n/a | no | 47 | | logdna_ingestion_key | LogDNA ingestion key | string | n/a | no | 48 | | create_timeout | Timeout duration for create | string | n/a | no | 49 | | update_timeout | Timeout duration for update | string | n/a | no | 50 | | delete_timeout | Timeout duration for delete | string | n/a | no | 51 | 52 | 53 | 54 | 55 | ## Usage 56 | 57 | terraform apply -------------------------------------------------------------------------------- /examples/configure-logdna/main.tf: -------------------------------------------------------------------------------- 1 | ##################################################### 2 | # Configure logdna to a cluster 3 | # Copyright 2020 IBM 4 | ##################################################### 5 | 6 | data "ibm_resource_group" "resource_group" { 7 | name = var.resource_group 8 | } 9 | 10 | data "ibm_resource_instance" "logdna_instance" { 11 | 12 | name = var.logdna_name 13 | service = "logdna" 14 | resource_group_id = data.ibm_resource_group.resource_group.id 15 | location = var.region 16 | } 17 | 18 | module "cluster_logdna_attach" { 19 | //Uncomment the following line to make the source point to registry level 20 | //source = "terraform-ibm-modules/cluster/ibm//modules/configure-logdna" 21 | 22 | source = "../../modules/configure-logdna" 23 | cluster = var.cluster 24 | logdna_instance_id = data.ibm_resource_instance.logdna_instance.guid 25 | private_endpoint = var.private_endpoint 26 | logdna_ingestion_key = var.logdna_ingestion_key 27 | create_timeout = var.create_timeout 28 | update_timeout = var.update_timeout 29 | delete_timeout = var.delete_timeout 30 | } -------------------------------------------------------------------------------- /examples/configure-logdna/variables.tf: -------------------------------------------------------------------------------- 1 | ##################################################### 2 | # Configure logdna to a cluster 3 | # Copyright 2020 IBM 4 | ##################################################### 5 | 6 | variable "cluster" { 7 | description = "Enter the name or id of the cluster" 8 | type = string 9 | } 10 | 11 | variable "logdna_name" { 12 | type = string 13 | description = "Enter the name of logdna instance to attach to a cluster" 14 | } 15 | 16 | variable "resource_group" { 17 | description = "Enter the name of the resource group" 18 | type = string 19 | } 20 | 21 | variable "region" { 22 | description = "Enter the region sysdig instance " 23 | type = string 24 | } 25 | 26 | variable "private_endpoint" { 27 | description = "Add this option (true/false) to connect to your LogDNA service instance through the private service endpoint" 28 | type = bool 29 | default = null 30 | } 31 | 32 | variable "logdna_ingestion_key" { 33 | type = string 34 | description = "LogDNA ingestion key" 35 | default = null 36 | } 37 | 38 | variable "create_timeout" { 39 | type = string 40 | description = "Timeout duration for create." 41 | default = null 42 | } 43 | 44 | variable "update_timeout" { 45 | type = string 46 | description = "Timeout duration for update." 47 | default = null 48 | } 49 | 50 | variable "delete_timeout" { 51 | type = string 52 | description = "Timeout duration for delete." 53 | default = null 54 | } 55 | 56 | 57 | -------------------------------------------------------------------------------- /examples/configure-logdna/versions.tf: -------------------------------------------------------------------------------- 1 | ##################################################### 2 | # Configure logdna to a cluster 3 | # Copyright 2020 IBM 4 | ##################################################### 5 | 6 | 7 | /*************************************************** 8 | NOTE: To source a particular version of IBM terraform provider, configure the parameter `version` as follows 9 | 10 | terraform { 11 | required_version = ">=0.13" 12 | required_providers { 13 | ibm = { 14 | source = "IBM-Cloud/ibm" 15 | version = "1.21.0" 16 | } 17 | } 18 | } 19 | 20 | If we dont configure the version parameter, it fetches the latest provider version. 21 | ****************************************************/ 22 | 23 | terraform { 24 | required_version = ">=0.13" 25 | required_providers { 26 | ibm = { 27 | source = "IBM-Cloud/ibm" 28 | } 29 | } 30 | } -------------------------------------------------------------------------------- /examples/configure-sysdig-monitor/README.md: -------------------------------------------------------------------------------- 1 | # Module sysdig-monitor 2 | 3 | This module is used to configure a sysdig monitor to an existing cluster on IBM Cloud Infrastructure. 4 | 5 | ## Example Usage 6 | ``` 7 | data "ibm_resource_group" "resource_group" { 8 | name = var.resource_group 9 | } 10 | 11 | data "ibm_resource_instance" "sysdig_instance" { 12 | 13 | name = var.sysdig_name 14 | service = "sysdig-monitor" 15 | resource_group_id = data.ibm_resource_group.resource_group.id 16 | location = var.region 17 | } 18 | 19 | module "cluster_sysdig_attach" { 20 | //Uncomment the following line to make the source point to registry level 21 | //source = "terraform-ibm-modules/cluster/ibm//modules/configure-sysdig-monitor" 22 | source = "../../modules/configure-sysdig-monitor" 23 | cluster = var.cluster 24 | sysdig_instance_id = data.ibm_resource_instance.sysdig_instance.guid 25 | private_endpoint = var.private_endpoint 26 | sysdig_access_key = var.sysdig_access_key 27 | create_timeout = var.create_timeout 28 | update_timeout = var.update_timeout 29 | delete_timeout = var.delete_timeout 30 | } 31 | ``` 32 | ## NOTE: 33 | 34 | If we want to make use of a particular version of module, then set the "version" argument to respective module version. 35 | 36 | 37 | ## Inputs 38 | 39 | | Name | Description | Type | Default | Required | 40 | |-----------------------------------|-----------------------------------------------------------|--------|---------|----------| 41 | | cluster | Name or id of the cluster | string | n/a | yes | 42 | | sysdig\_name | Name of the sysdig to attach to a cluster. | string | n/a | yes | 43 | | region | Region where sysdig is provisioned. | string | n/a | no | 44 | | resource\_group | Name of the resource group. | string | n/a | yes | 45 | | private_endpoint | Use to connect to sysdig instance through private endpoint| bool | n/a | no | 46 | | sysdig_access_key | sysdig access key | string | n/a | no | 47 | | create_timeout | Timeout duration for create | string | n/a | no | 48 | | update_timeout | Timeout duration for update | string | n/a | no | 49 | | delete_timeout | Timeout duration for delete | string | n/a | no | 50 | 51 | 52 | 53 | ## Usage 54 | 55 | terraform apply 56 | -------------------------------------------------------------------------------- /examples/configure-sysdig-monitor/main.tf: -------------------------------------------------------------------------------- 1 | ##################################################### 2 | # Configure sysdig to a cluster 3 | # Copyright 2020 IBM 4 | ##################################################### 5 | 6 | data "ibm_resource_group" "resource_group" { 7 | name = var.resource_group 8 | } 9 | 10 | data "ibm_resource_instance" "sysdig_instance" { 11 | 12 | name = var.sysdig_name 13 | service = "sysdig-monitor" 14 | resource_group_id = data.ibm_resource_group.resource_group.id 15 | location = var.region 16 | } 17 | 18 | module "cluster_sysdig_attach" { 19 | //Uncomment the following line to make the source point to registry level 20 | //source = "terraform-ibm-modules/cluster/ibm//modules/configure-sysdig-monitor" 21 | source = "../../modules/configure-sysdig-monitor" 22 | cluster = var.cluster 23 | sysdig_instance_id = data.ibm_resource_instance.sysdig_instance.guid 24 | private_endpoint = var.private_endpoint 25 | sysdig_access_key = var.sysdig_access_key 26 | create_timeout = var.create_timeout 27 | update_timeout = var.update_timeout 28 | delete_timeout = var.delete_timeout 29 | } -------------------------------------------------------------------------------- /examples/configure-sysdig-monitor/variables.tf: -------------------------------------------------------------------------------- 1 | ##################################################### 2 | # Configure Sysdif monitor to a cluster 3 | # Copyright 2020 IBM 4 | ##################################################### 5 | 6 | variable "cluster" { 7 | description = "Enter the name or id of the cluster" 8 | type = string 9 | } 10 | 11 | variable "sysdig_name" { 12 | type = string 13 | description = "Enter the name of Sysdig instance to attach to a cluster" 14 | } 15 | 16 | variable "resource_group" { 17 | description = "Enter the name of the resource group" 18 | type = string 19 | } 20 | 21 | variable "region" { 22 | description = "Enter the region sysdig instance " 23 | type = string 24 | } 25 | 26 | variable "private_endpoint" { 27 | description = "Add this option (true/false) to connect to your LogDNA service instance through the private service endpoint" 28 | type = bool 29 | default = null 30 | } 31 | 32 | variable "sysdig_access_key" { 33 | type = string 34 | description = "sysdig access key" 35 | default = null 36 | } 37 | 38 | variable "create_timeout" { 39 | type = string 40 | description = "Timeout duration for create." 41 | default = null 42 | } 43 | 44 | variable "update_timeout" { 45 | type = string 46 | description = "Timeout duration for update." 47 | default = null 48 | } 49 | 50 | variable "delete_timeout" { 51 | type = string 52 | description = "Timeout duration for delete." 53 | default = null 54 | } 55 | 56 | 57 | 58 | 59 | -------------------------------------------------------------------------------- /examples/configure-sysdig-monitor/versions.tf: -------------------------------------------------------------------------------- 1 | ##################################################### 2 | # Configure Sysdif monitor to a cluster 3 | # Copyright 2020 IBM 4 | ##################################################### 5 | 6 | /*************************************************** 7 | NOTE: To source a particular version of IBM terraform provider, configure the parameter `version` as follows 8 | 9 | terraform { 10 | required_version = ">=0.13" 11 | required_providers { 12 | ibm = { 13 | source = "IBM-Cloud/ibm" 14 | version = "1.21.0" 15 | } 16 | } 17 | } 18 | 19 | If we dont configure the version parameter, it fetches the latest provider version. 20 | ****************************************************/ 21 | 22 | terraform { 23 | required_version = ">=0.13" 24 | required_providers { 25 | ibm = { 26 | source = "IBM-Cloud/ibm" 27 | } 28 | } 29 | } -------------------------------------------------------------------------------- /examples/configure-vpc-alb/README.md: -------------------------------------------------------------------------------- 1 | # Module container_alb 2 | 3 | This example is used to enable or disable an Ingres application load balancer (ALB) that is set up in your VPC cluster. ALBs are used to set up HTTP or HTTPS load-balancing for containerized apps that are deployed into an IBM Cloud Kubernetes Service or Red Hat OpenShift on IBM Cloud cluster. For more information, about Ingress ALBs, [see](https://cloud.ibm.com/docs/containers?topic=containers-ingress-about) 4 | 5 | ## Example Usage 6 | ``` 7 | provider "ibm" { 8 | } 9 | 10 | data "ibm_resource_group" "rg" { 11 | name = var.resource_group 12 | } 13 | 14 | module "container_vpc_alb" { 15 | //Uncomment the following line to make the source point to registry level 16 | //source = "terraform-ibm-modules/cluster/ibm//modules/configure-vpc-alb" 17 | 18 | source = "../../modules/configure-vpc-alb" 19 | 20 | alb_id = var.alb_id 21 | enable = var.enable 22 | resource_group_id = data.ibm_resource_group.rg.id 23 | } 24 | ``` 25 | ## NOTE: 26 | 27 | If we want to make use of a particular version of module, then set the "version" argument to accordingly. 28 | 29 | 30 | 31 | ## Inputs 32 | 33 | | Name | Description | Type | Default | Required | 34 | |------------------------------|-------------------------------------------------------|--------|---------|----------| 35 | | alb_id | The unique identifier of the ALB. | string | n/a | yes | 36 | | enable | If set to true, the default Ingress ALB in your cluster is enabled and configured with the IBM-provided Ingress subdomain. If set to false, the default Ingress ALB is disabled in your cluster.| bool | true | no | 37 | | resource_group |Name of the resource group. |string| n/a | no | 38 | 39 | 40 | 41 | 42 | 43 | ## Usage 44 | ``` 45 | terraform init 46 | 47 | terraform plan 48 | 49 | terraform apply 50 | ``` 51 | -------------------------------------------------------------------------------- /examples/configure-vpc-alb/main.tf: -------------------------------------------------------------------------------- 1 | ##################################################### 2 | # ibm_container_vpc_alb - Enable or disable an Application Load Balancer (ALB) for a VPC cluster. 3 | # Copyright 2020 IBM 4 | ##################################################### 5 | 6 | provider "ibm" { 7 | } 8 | 9 | data "ibm_resource_group" "rg" { 10 | name = var.resource_group 11 | } 12 | 13 | module "container_vpc_alb" { 14 | //Uncomment the following line to make the source point to registry level 15 | //source = "terraform-ibm-modules/cluster/ibm//modules/configure-vpc-alb" 16 | 17 | source = "../../modules/configure-vpc-alb" 18 | 19 | alb_id = var.alb_id 20 | enable = var.enable 21 | resource_group_id = data.ibm_resource_group.rg.id 22 | } -------------------------------------------------------------------------------- /examples/configure-vpc-alb/variables.tf: -------------------------------------------------------------------------------- 1 | ##################################################### 2 | # ibm_container_vpc_alb - Enable or disable an Application Load Balancer (ALB) for a VPC cluster. 3 | # Copyright 2020 IBM 4 | ##################################################### 5 | 6 | variable "alb_id" { 7 | description = "The unique identifier of the ALB. To retrieve the ID, run ibmcloud ks alb ls" 8 | type = string 9 | } 10 | 11 | variable "enable" { 12 | description = "If set to true, the default Ingress ALB in your cluster is enabled and configured with the IBM-provided Ingress subdomain. If set to false, the default Ingress ALB is disabled in your cluster. " 13 | type = bool 14 | default = false 15 | } 16 | 17 | variable "resource_group" { 18 | type = string 19 | description = "Name of the resource group." 20 | default = "Default" 21 | } 22 | 23 | -------------------------------------------------------------------------------- /examples/configure-vpc-alb/versions.tf: -------------------------------------------------------------------------------- 1 | ##################################################### 2 | # ibm_container_vpc_alb - Enable or disable an Application Load Balancer (ALB) for a VPC cluster. 3 | # Copyright 2020 IBM 4 | ##################################################### 5 | 6 | /*************************************************** 7 | NOTE: To source a particular version of IBM terraform provider, configure the parameter `version` as follows 8 | 9 | terraform { 10 | required_version = ">=0.13" 11 | required_providers { 12 | ibm = { 13 | source = "IBM-Cloud/ibm" 14 | version = "1.21.0" 15 | } 16 | } 17 | } 18 | 19 | If we dont configure the version parameter, it fetches the latest provider version. 20 | ****************************************************/ 21 | 22 | terraform { 23 | required_version = ">=0.13" 24 | required_providers { 25 | ibm = { 26 | source = "IBM-Cloud/ibm" 27 | } 28 | } 29 | } -------------------------------------------------------------------------------- /examples/configure-vpc-worker-pool/input.tfvars: -------------------------------------------------------------------------------- 1 | ##################################################### 2 | # classic kubernetes multi-zone cluster provisioning 3 | # Copyright 2020 IBM 4 | ##################################################### 5 | 6 | /**************************************************** 7 | Example Usage - configuaring multiple zones 8 | 9 | worker_zones = { 10 | = { 11 | public_vlan = "" 12 | private_vlan = "" 13 | } 14 | = { 15 | public_vlan = "" 16 | private_vlan = "" 17 | } 18 | } 19 | 20 | ******************************************************/ 21 | 22 | worker_zones = { 23 | us-south-1 = { 24 | subnet_id = "0717-0d4f6c2d-8ec0-422f-a9ea-a7b773887f8c" 25 | } 26 | } 27 | 28 | taints = [{ 29 | key = "dedicated" 30 | value = "edge" 31 | effect = "NoSchedule" 32 | }, 33 | ] -------------------------------------------------------------------------------- /examples/configure-vpc-worker-pool/main.tf: -------------------------------------------------------------------------------- 1 | ######################################################## 2 | # vpc cluster worker pool configuration 3 | # Copyright 2020 IBM 4 | ######################################################## 5 | 6 | provider "ibm" { 7 | } 8 | 9 | data "ibm_resource_group" "rg" { 10 | name = var.resource_group 11 | } 12 | 13 | module "vpc_cluster_worker_pool" { 14 | //Uncomment the following line to make the source point to registry level 15 | //source = "terraform-ibm-modules/cluster/ibm//modules/configure-vpc-worker-pool" 16 | source = "../../modules/configure-vpc-worker-pool" 17 | 18 | cluster_name = var.cluster_name 19 | worker_pool_name = var.worker_pool_name 20 | worker_nodes_per_zone = var.worker_nodes_per_zone 21 | flavor = var.flavor 22 | resource_group_id = data.ibm_resource_group.rg.id 23 | virtual_private_cloud = var.virtual_private_cloud 24 | worker_zones = var.worker_zones 25 | labels = var.labels 26 | taints = var.taints 27 | entitlement = var.entitlement 28 | create_timeout = var.create_timeout 29 | delete_timeout = var.delete_timeout 30 | } -------------------------------------------------------------------------------- /examples/configure-vpc-worker-pool/variables.tf: -------------------------------------------------------------------------------- 1 | ##################################################### 2 | # vpc cluster worker-pool configuration 3 | # Copyright 2020 IBM 4 | ##################################################### 5 | 6 | variable "cluster_name" { 7 | description = "Name of the cluster" 8 | type = string 9 | } 10 | 11 | variable "worker_pool_name" { 12 | description = "Name of the worker pool." 13 | type = string 14 | } 15 | 16 | variable "worker_nodes_per_zone" { 17 | description = "Number of worker nodes" 18 | type = number 19 | } 20 | 21 | variable "flavor" { 22 | description = "Machine type." 23 | type = string 24 | } 25 | 26 | variable "resource_group" { 27 | description = "The name of resource_group" 28 | type = string 29 | } 30 | 31 | variable "worker_zones" { 32 | type = map 33 | description = "List of worker zones to attach" 34 | } 35 | 36 | variable "virtual_private_cloud" { 37 | description = "The ID of the VPC that you want to use for your cluster." 38 | type = string 39 | } 40 | 41 | variable "labels" { 42 | description = "A list of labels that you want to add to all the worker nodes in the worker pool" 43 | type = map 44 | default = null 45 | } 46 | 47 | variable "entitlement" { 48 | description = "Name of entittlement, use for openshift cluster" 49 | type = string 50 | default = null 51 | } 52 | 53 | variable "create_timeout" { 54 | type = string 55 | description = "Timeout duration for create." 56 | default = null 57 | } 58 | 59 | variable "update_timeout" { 60 | type = string 61 | description = "Timeout duration for update." 62 | default = null 63 | } 64 | 65 | variable "delete_timeout" { 66 | type = string 67 | description = "Timeout duration for delete." 68 | default = null 69 | } 70 | 71 | variable "taints" { 72 | type = list(object({ 73 | key = string 74 | value = string 75 | effect = string 76 | })) 77 | description = "Set taints to worker nodes." 78 | default = [{ 79 | key = "dedicated" 80 | value = "edge" 81 | effect = "NoSchedule" 82 | }, 83 | ] 84 | } -------------------------------------------------------------------------------- /examples/configure-vpc-worker-pool/versions.tf: -------------------------------------------------------------------------------- 1 | ######################################################## 2 | # Kubernetes classic cluster worker pool configuration 3 | # Copyright 2020 IBM 4 | ######################################################## 5 | 6 | /*************************************************** 7 | NOTE: To source a particular version of IBM terraform provider, configure the parameter `version` as follows 8 | 9 | terraform { 10 | required_version = ">=0.13" 11 | required_providers { 12 | ibm = { 13 | source = "IBM-Cloud/ibm" 14 | version = "1.21.0" 15 | } 16 | } 17 | } 18 | 19 | If we dont configure the version parameter, it fetches the latest provider version. 20 | ****************************************************/ 21 | 22 | terraform { 23 | required_version = ">=0.13" 24 | required_providers { 25 | ibm = { 26 | source = "IBM-Cloud/ibm" 27 | } 28 | } 29 | } -------------------------------------------------------------------------------- /examples/iks-integration/README.md: -------------------------------------------------------------------------------- 1 | # Opt-Out Integrations on IBM Cloud cluster 2 | 3 | Use this IBM Cloud Provider Plug-in for Terraform template to integrate Logging, Monitoring on IBM Cloud Clusters 4 | ## Template functionalities 5 | 6 | 1. [main.tf](main.tf) 7 | 8 | - Integrates the cluster with an IBM Cloud Log Analysis instance. 9 | - Integrates the cluster with an IBM Cloud Monitoring instance. 10 | 11 | ## Inputs 12 | 13 | Review the following variables that you can customize in your Terraform templates to create the related IBM Cloud resources for your secure OpenShift cluster. 14 | 15 | |Name|Description|Type|Default|Required| 16 | |-----|----------|----|-------|--------| 17 | |ibmcloud_api_key|[IBM Cloud IAM API key](https://cloud.ibm.com/docs/account?topic=account-userapikey#create_user_key).|string|N/A|Yes| 18 | |cluster|Id of the cluster.|string|N/A|Yes| 19 | |monitoring_instance| GUID of the IBM Cloud Monitoring instance. If set to `null`, an instance is created with the following naming convention: `-sysdig`|string|`null`|No| 20 | |monitoring_access_key|The IBM Cloud Monitoring ingestion key that you want to use for your configuration.|string|N/A|No| 21 | |logging_instance|GUID of IBM Cloud Log Analysis instance. If set to `null`, an instance is created with the following naming convention: `-logdna`|string|`null`|No| 22 | |logging_ingestion_key|The IBM Cloud Log Analysis ingestion key that you want to use for your configuration.|string|N/A|No| 23 | |private_endpoint|Add this option to connect to your Log Analysis and Monitoring service instances through the private cloud service endpoint.|bool|N/A|No| 24 | 25 | ## Usage 26 | 27 | ```bash 28 | terraform init 29 | 30 | terraform plan 31 | 32 | terraform apply 33 | 34 | terraform destroy 35 | ``` 36 | -------------------------------------------------------------------------------- /examples/iks-integration/main.tf: -------------------------------------------------------------------------------- 1 | module "configure_cluster_sysdig" { 2 | source = "terraform-ibm-modules/cluster/ibm//modules/configure-sysdig-monitor" 3 | count = var.monitoring_instance == null ? 0 : 1 4 | version = "1.4.0" 5 | depends_on = [module.configure_cluster_logdna] 6 | cluster = var.cluster 7 | sysdig_instance_id = var.monitoring_instance 8 | private_endpoint = var.private_endpoint 9 | sysdig_access_key = var.monitoring_access_key 10 | } 11 | 12 | module "configure_cluster_logdna" { 13 | source = "terraform-ibm-modules/cluster/ibm//modules/configure-logdna" 14 | count = var.logging_instance == null ? 0 : 1 15 | version = "1.4.0" 16 | cluster = var.cluster 17 | logdna_instance_id = var.logging_instance 18 | private_endpoint = var.private_endpoint 19 | logdna_ingestion_key = var.logging_ingestion_key 20 | } 21 | -------------------------------------------------------------------------------- /examples/iks-integration/provider.tf: -------------------------------------------------------------------------------- 1 | provider "ibm" { 2 | ibmcloud_api_key = var.ibmcloud_api_key 3 | } 4 | -------------------------------------------------------------------------------- /examples/iks-integration/variables.tf: -------------------------------------------------------------------------------- 1 | ###################################################### 2 | #IBM-Cloud Authentication Credentials 3 | ###################################################### 4 | 5 | variable "ibmcloud_api_key" { 6 | type = string 7 | description = "IBM-Cloud API Key" 8 | } 9 | 10 | ###################################################### 11 | #IBM-Cloud Logging and Monitoring Variables 12 | ###################################################### 13 | variable "cluster" { 14 | type = string 15 | description = "Id of cluster" 16 | } 17 | variable "monitoring_instance" { 18 | default = null 19 | type = string 20 | description = "GUID of Sysdig Instance. If null it creates an instance with name `-sysdig`" 21 | } 22 | variable "monitoring_access_key" { 23 | description = "The sysdig monitoring ingestion key that you want to use for your configuration" 24 | type = string 25 | default = null 26 | } 27 | variable "logging_instance" { 28 | default = null 29 | type = string 30 | description = "GUID of Logging Instance. If null it creates an instance with `-logdna`" 31 | } 32 | variable "logging_ingestion_key" { 33 | description = "The LogDNA ingestion key that you want to use for your configuration" 34 | type = string 35 | default = null 36 | } 37 | variable "private_endpoint" { 38 | description = "Add this option to connect to your Sysdig and logDNA service instance through the private service endpoint." 39 | type = bool 40 | default = true 41 | } -------------------------------------------------------------------------------- /examples/iks-integration/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | ibm = { 4 | source = "IBM-Cloud/ibm" 5 | version = ">=1.31.0" 6 | } 7 | } 8 | } -------------------------------------------------------------------------------- /examples/openshift-route/README.md: -------------------------------------------------------------------------------- 1 | # Module openshift-route 2 | 3 | This module is used to provision a route to an openshift cluster. An [OpenShift route](https://docs.openshift.com/enterprise/3.0/architecture/core_concepts/routes.html) is a way to expose a service by giving it an externally-reachable hostname like www.example.com. 4 | 5 | 6 | ## Example Usage 7 | 8 | ``` terraform 9 | provider "ibm" { 10 | } 11 | 12 | locals { 13 | # get json 14 | data = jsondecode(var.route_data) 15 | } 16 | 17 | data "ibm_satellite_cluster" "cluster" { 18 | name = var.cluster 19 | } 20 | 21 | module "openshift_cluster_route" { 22 | source = "github.com/terraform-ibm-modules/terraform-ibm-cluster//modules/openshift-route" 23 | 24 | ibmcloud_api_key = var.ibmcloud_api_key 25 | cluster_service_url = data.ibm_satellite_cluster.cluster.server_url 26 | namespace = var.namespace 27 | route_data = var.route_data 28 | } 29 | ``` 30 | 31 | ## Note 32 | 33 | * To update a openshift route, users has to get the "resourceVersion" parameter value from terraform.tfstate or openshift console file, And add it to 'route_data' variable as a route specification. 34 | 35 | ``` Route Specfication 36 | { 37 | "kind":"Route", 38 | "apiVersion":"route.openshift.io/v1", 39 | "metadata":{ 40 | "name":"route-01", 41 | "resourceVersion": "" 42 | }, 43 | ..... 44 | ..... 45 | } 46 | ``` 47 | * All optional fields are given value `null` in varaible.tf file. User can configure the same by overwriting with appropriate values. 48 | * Provide `version` attribute in terraform block in versions.tf file to use specific version of terraform provider. 49 | 50 | 51 | 52 | ## Inputs 53 | 54 | | Name | Description | Type |Default |Required | 55 | |--------------------------|----------------------------------------------------------------|:-------|:--------|:--------| 56 | | ibmcloud_api_key | IBM Cloud IAM API key |`string`| n/a | yes | 57 | | cluster | Cluster Name |`string`| n/a | yes | 58 | | namespace | Openshift namespace name |`string`| default | no | 59 | | route_data | Route specification |`string`| n/a | no | 60 | 61 | ## Outputs 62 | 63 | | Name | Description | 64 | |--------------------------|----------------------------| 65 | | route_response | Route response | 66 | 67 | 68 | 69 | ## Usage 70 | 71 | Initialising Provider 72 | 73 | Make sure you declare a required providers ibm block to make use of IBM-Cloud Terraform Provider 74 | 75 | ```terraform 76 | terraform { 77 | required_providers { 78 | restapi = { 79 | source = "fmontezuma/restapi" 80 | version = "1.14.1" 81 | } 82 | ibm = { 83 | source = "IBM-Cloud/ibm" 84 | } 85 | } 86 | } 87 | ``` 88 | 89 | ```bash 90 | terraform init 91 | terraform plan 92 | terraform apply 93 | ``` 94 | 95 | Run `terraform destroy` when you don't need these resources. 96 | -------------------------------------------------------------------------------- /examples/openshift-route/main.tf: -------------------------------------------------------------------------------- 1 | ##################################################### 2 | # Openshift cluster route provisioning 3 | # Copyright 2021 IBM 4 | ##################################################### 5 | 6 | provider "ibm" { 7 | } 8 | 9 | data "ibm_satellite_cluster" "cluster" { 10 | name = var.cluster 11 | } 12 | 13 | module "openshift_cluster_route" { 14 | source = "github.com/terraform-ibm-modules/terraform-ibm-cluster//modules/openshift-route" 15 | 16 | ibmcloud_api_key = var.ibmcloud_api_key 17 | cluster_service_url = data.ibm_satellite_cluster.cluster.server_url 18 | namespace = var.namespace 19 | route_data = var.route_data 20 | } -------------------------------------------------------------------------------- /examples/openshift-route/output.tf: -------------------------------------------------------------------------------- 1 | ##################################################### 2 | # Openshift cluster route provisioning 3 | # Copyright 2021 IBM 4 | ##################################################### 5 | 6 | output "route_response" { 7 | value = module.openshift_cluster_route.route_response 8 | } -------------------------------------------------------------------------------- /examples/openshift-route/variables.tf: -------------------------------------------------------------------------------- 1 | ##################################################### 2 | # Openshift cluster route provisioning 3 | # Copyright 2021 IBM 4 | ##################################################### 5 | 6 | variable "ibmcloud_api_key" { 7 | description = "IBM Cloud API Key" 8 | } 9 | 10 | variable "cluster" { 11 | description = "Cluster Name" 12 | type = string 13 | 14 | validation { 15 | error_message = "Cluster name must begin and end with a letter and contain only letters, numbers, and - characters." 16 | condition = can(regex("^([a-z]|[a-z][-a-z0-9]*[a-z0-9])$", var.cluster)) 17 | } 18 | } 19 | 20 | variable "namespace" { 21 | type = string 22 | description = "Namespace name" 23 | default = "default" 24 | 25 | validation { 26 | error_message = "Cluster name must begin and end with a letter and contain only letters, numbers, and - characters." 27 | condition = can(regex("^([a-z]|[a-z][-a-z0-9]*[a-z0-9])$", var.namespace)) 28 | } 29 | } 30 | 31 | variable "route_data" { 32 | description = "Route specification" 33 | default = <7Z1bc5s4FIB/jWd2H8KAuPoxduK202SbbbrN7r5kMFYwDUYs4Njur18JxFXyBdsQ0uDMOJYAGXS+c3QkHckDebxYfwhMf36LZtAdAHG2HshXAwB0WcXvJGOTZEi6aCQ5duDMaF6ece/8hDRTpLlLZwbD0okRQm7k+OVMC3ketKJSnhkEaFU+7Qm55W/1TRsyGfeW6bK5D84smie5BtDz/I/QsefpN0vaMDmyMNOT6ZOEc3OGVoUs+XogjwOEouTTYj2GLqm8tF6S6yZbjmY3FkAvOuSCzc3z+MF4uLJXUrC6QtGnh3/tC1rKi+ku6QOPkRcuFzCgNx1t0prA9++Tj4u1TUQtONOFMEVY0CM/+LaJD/nLqetYOOcJedE9vVTE6RcYRA6u1EvXsT2cFyEf55o05cIn/ASj0Dctx7Nv4tSVDPKsb+T0K4UU7LjuGLkowGkPebj8UYCW3gzO6Det5k4E7/Fl5KtX+EZx3jxauDglkQKjAD3DtIQBkBVZ10aj7EgqYxnnzMxwnpWL+YpMx4NBWlByZzh1ocSHXdf0Q2eaPTJc+6aXXh1AaxmEzgv8CsMEcZLLSjAVB64uuC5kUYl+gGgBo2CDT6FHFQoXVa8hTa5yVCWR5s0LmII006TqYWcl5wThDxSiGkApDDdwhhWKJlEQzZGNPNO9znMrEszPuUGx3El1/4BRtKHWwVxGqCxVuHaiv8nlgkpT/xSOXK0zkeDEZmvl71KQEC0DC+44D1DbZAY23FWenJxHKmWnfAPomhEGpmzQzi0twKj/XyFH9c3QT2zrk7Mmchr5MHDwHcTagL8GG2N4l2cVRZPquIWrOT6WmUGxqmLEaBQ1E+h6rJmuOYXuyLSe7RiUwilP8Su1NwkdEmM3SNnOIrbz6f8rZ2HjCnOdKX7Hhgy/L/GDh/S/EL7YJR2vD8zhKpw2kZuyRhdUWOZosNyUAssMEp+I5DxM9XvE4sW38HtaBe2CUbbtkiwxZCgcMpSmyFBZMka3OGPsouXsGHfBii/svYXWvAVJY43LUOUwpDbmH2gMRF+h7SDvGH6C5Mq3BNBQIn8MQOB1ANqp5gdTBcp2itOADSWenWrMUOkMY9/vxscARoz/W6Jri3nqEl3a+enSdJ5/ZDRFl8HQ9S+WXdZRqAXYz0TqrRCG+bgWyV9TRkzqEGZ6XcyMshcOOB1pjYcZaAozieXsfjklbrh8eTm+OYa2kF7fHm/aRLwGJ/MmioYBWLPWJd6MurxJZbOm6ixvPOdekuWmvHux5+2X5k0QS69h2d7JHIPHA7CxZlVlh6K/310z2DFjDgVB+sjxovi+1NFAveINM6Qd/uLIQGEgoDQAYP5cBpA8FYZ4hYJnIlowuQucFzOCj9feLP4+OiSwZTSCunVx8fnRQXmYIjmKghnMACSvGi67WBcHoAmSOsxfmlHCgUMDMIS0SWplHEplxyZ7HhrjwcA8aEUeuobDkO91g97r7lCrVNvrBmrn3G4WtN4N6ixww7rAdc7tVnre3hFvHXCzld6tOtatUmqLH6iCMSy6VXrX/CqVndXreWiMB0MVhmKBB7VrOEgsDrGfLfd+doeaodp+tgK65meDfrjxDfk9Uu1J4c452hIbeXC7dCMnNlJA/OJDL5w7WPgkoGUZRsdFwFquGYa/Rghsl2aN6/N3IatlAjmNqwp4BOqNta1sXEIbfhbY4mctQsvE5E8I+feEfOpS7XaaDhVY7Xl+qdxAsZ6QJOgKK67mGijO/CtB2InITX/AdeMz0jtF5xMFvwBNaPhkQh3bHRoucTT8KJXe7ZI3xk8lWlKTGYIUnodj6E3xw85nPeDezCHR1c31rY7TeaajNB6nPJUCYc8ieVB/alMT0kU32229DARNarEjBdg46l78jYhf76T42WG2XvzNaL8hdlH+7DhKL/9G5A+UTsqf7W2+b/kXlwZhvzEyPdstLQ5qDBDcEewiIGxnsAfkdQBRpE4C0k8Mv6cB0g7MDLNNVj8TeKjROWZmWCrOBO4zP63PC/MWUfU0NESDgWmQchiM7uHAjobGOIgfcOWvzM1+MLqwNtwrTEgXaDt6Wfj3uz/o85+yMLz2bK5WbTs407mt7hmgsRMZbez64eF7/zttykmC7PpB9wAhyXzjjzi1KUBTnBzJdw9RNGWQ7x8iDnbtH0ISBYCv8uH1ApCZJ1wPhf27jVADsXe7kVRvz7ffSHzpZRAQnc9OoKY+L/mOZOTEZuvJM29HrUCXlJgjmN3aCVS+zl40Z6LyXCwdi8gBFKriOVhiYJHk8uoDoFbsVnJj9KqcIqYgRawsY1DUckFJ3TAF1aWbueFW6GZDsnq6z0l3Et13drpl8Vx0S0AQQRlw0AzgzD2fGfDIGb5824Dwk/d17X/afPzoTwAn5LBVvgUVqGXGh0N9D+VxquoUVL3NYzYrY9SFvCaTTF0Yuo/xNLhSSPdc3KdnxonKcqj/uesmC52TG2TOcA7uS5ie9dZ3NGP6KBeFmJ69nRRSFWk97OimMN2PQyHaPsRR2b+qxZ3NuJS8sjsoqLLUiEFpzDjsVfqGWshyrHK2o2rdBlLSK8MoylAQZXaR67kbS/7tb7vLyumyJu4+vbLjZ+X8hnxNzjaxyaZv4j0MXhwLhoxu9fu/nXkm4vAxLXC4G107zE6vjD1xjLpk8Kx6c/MW7ETZ227uGZTlGq19rJepUtLm/lAWDt9PsDgSrbLCrnZDzjfQyM5RfZmG+GnNqePGkbkVwdczLbmMm4/JPWQnwJZico+1HfX3n6y0dSprOxQOTlJzPLGzXDfItuOppbdsQtgeg3KQDVmYHj60IHLHCeQ5EQpwGY+kth0rPGWWQ6u/IqCyZo2lpd1JDnYK7NLCbm6yIOBbgIXz63U0j8DGiR7DpP15zPPbJUfVhTI7OhBemx7WS7nN9Ot9UuN4T4GJW7+lFS0DWDI47eIy7JahSRegFSO/cLWQauzdmzfk3mQrCff5N411jXR2FcKX6Q9iWXDHfQtS78L0JH2lpC5oRZwUwVF7vzWtYyaHXa7wGZLbvS207L3teTu2B3B2+uf3rc6x0//TZwCmvoGA8mxbP6TLxz+9Cee3ZRKk7gIUJSZoADSXDOVNgxJZ2n9LlEYpXyQ1fYlPkER/Hddgehx/ssn/30b/fPn8+/s0ZGG2JDn7mHrfJ/XW9NrxzJUdRngR9A1ZNC597PLLj3fj+3MR97kn7vWJ2797UqvEcXytrwwi+NGiXa1X2mywTSJDSLW9XTizWTxnyWsuyw1qYyJRgbB3iI+3qKGxXRxSP6sbUVKaZAxOnPAtBqymMSOFEKzDI0jqBlzRXvX+oEA6TLZ38jj1cdr/KTxudAA7afSKoOh14ulyIe6c6T807k1m5bc96Oa1pPXKai2o0rAoMelUtT45juPQOK2kn3D2mI1qGANI90asG7ShKkOhsvu4AlqJ22B+iFHZHYmR/ZIx//y6kRg4mf8WcHJ6/ovK8vX/ -------------------------------------------------------------------------------- /examples/secure-roks-cluster/iam.tf: -------------------------------------------------------------------------------- 1 | module "roks_kms_authorisation_policy" { 2 | source = "terraform-ibm-modules/iam/ibm//modules/service-authorization" 3 | version = "1.2.2" 4 | count = var.roks_kms_policy ? 0 : 1 5 | source_service_name = "containers-kubernetes" 6 | target_service_name = "kms" 7 | roles = ["Reader"] 8 | } 9 | -------------------------------------------------------------------------------- /examples/secure-roks-cluster/kms.tf: -------------------------------------------------------------------------------- 1 | module "kms" { 2 | count = var.kms_instance == null && var.kms_key == null ? 1 : 0 3 | source = "terraform-ibm-modules/kms/ibm//modules/key-protect" 4 | version = "1.1.0" 5 | is_kp_instance_exist = false 6 | resource_group_id = data.ibm_resource_group.resource_group.id 7 | service_name = "${var.resource_prefix}-kp" 8 | location = var.region 9 | plan = "tiered-pricing" 10 | tags = ["secure-roks", var.resource_prefix] 11 | key_name = "${var.resource_prefix}-kp-key" 12 | standard_key_type = var.standard_key_type 13 | } 14 | -------------------------------------------------------------------------------- /examples/secure-roks-cluster/locals.tf: -------------------------------------------------------------------------------- 1 | locals { 2 | cos_crn = var.cos_instance != null ? var.cos_instance : ibm_resource_instance.cos_instance[0].id 3 | sysdig_instance_id = var.monitoring_instance != null ? var.monitoring_instance : module.monitoring_instance[0].sysdig_guid 4 | logdna_instance_id = var.logging_instance != null ? var.logging_instance : module.logging_instance[0].logdna_instance_guid 5 | zones = [for index in range(3) : "${var.region}-${index + 1}"] 6 | worker_zones = { 7 | for zone in local.zones : 8 | zone => { 9 | subnet_id = module.subnet[zone].subnet_id 10 | } 11 | } 12 | kms_config = var.kms_instance != null && var.kms_key != null ? [{ 13 | instance_id = var.kms_instance 14 | crk_id = var.kms_key 15 | private_endpoint = true 16 | }] : [{ 17 | instance_id = module.kms[0].kms_instance_guid 18 | crk_id = module.kms[0].kms_key_id 19 | private_endpoint = true 20 | }] 21 | timeouts = [{ 22 | create = var.create_timeout 23 | }] 24 | sg_rules = [ 25 | for r in local.rules : { 26 | name = r.name 27 | direction = r.direction 28 | remote = lookup(r, "remote", null) 29 | ip_version = lookup(r, "ip_version", null) 30 | icmp = lookup(r, "icmp", null) 31 | tcp = lookup(r, "tcp", null) 32 | udp = lookup(r, "udp", null) 33 | } 34 | ] 35 | rules = [ 36 | { 37 | name = "${var.resource_prefix}-ingress-1" 38 | direction = "inbound" 39 | tcp = { 40 | port_min = 22 41 | port_max = 22 42 | } 43 | }, 44 | { 45 | name = "${var.resource_prefix}-ingress-2" 46 | direction = "inbound" 47 | icmp = { 48 | type = 8 49 | code = null 50 | } 51 | }, 52 | { 53 | name = "${var.resource_prefix}-egress-1" 54 | direction = "outbound" 55 | remote = module.vpc.vpc_default_security_group 56 | }, 57 | { 58 | name = "${var.resource_prefix}-egress-2" 59 | direction = "outbound" 60 | remote = "161.26.0.0/16" 61 | }, 62 | { 63 | name = "${var.resource_prefix}-egress-3" 64 | direction = "outbound" 65 | remote = "166.8.0.0/14" 66 | }, 67 | { 68 | name = "${var.resource_prefix}-egress-4" 69 | direction = "outbound" 70 | remote = local.subnet_cidrs[0] 71 | }, 72 | { 73 | name = "${var.resource_prefix}-egress-5" 74 | direction = "outbound" 75 | remote = local.subnet_cidrs[1] 76 | }, 77 | { 78 | name = "${var.resource_prefix}-egress-6" 79 | direction = "outbound" 80 | remote = local.subnet_cidrs[2] 81 | } 82 | ] 83 | custom_sg_rules = [ 84 | for r in var.custom_sg_rules : { 85 | name = r.name 86 | direction = r.direction 87 | remote = lookup(r, "remote", null) 88 | ip_version = lookup(r, "ip_version", null) 89 | icmp = lookup(r, "icmp", null) 90 | tcp = lookup(r, "tcp", null) 91 | udp = lookup(r, "udp", null) 92 | } 93 | ] 94 | default_egress_rule = [ 95 | for _, rule in data.ibm_is_vpc.vpc.security_group[0].rules : rule.rule_id 96 | if rule.remote == "0.0.0.0/0" && rule.direction == "outbound" && rule.protocol == "all" 97 | ] 98 | subnet_cidrs = [for subnet in data.ibm_is_subnet.subnet : subnet.ipv4_cidr_block] 99 | } 100 | -------------------------------------------------------------------------------- /examples/secure-roks-cluster/logging.tf: -------------------------------------------------------------------------------- 1 | module "logging_instance" { 2 | source = "terraform-ibm-modules/observability/ibm//modules/logging-logdna" 3 | version = "1.3.0" 4 | count = var.logging_instance == null ? 1 : 0 5 | bind_resource_key = true 6 | service_name = "${var.resource_prefix}-logging" 7 | resource_group_id = data.ibm_resource_group.resource_group.id 8 | plan = "lite" 9 | region = var.region 10 | tags = ["secure-roks", var.resource_prefix] 11 | create_timeout = "30m" 12 | resource_key_name = "${var.resource_prefix}-logging-key" 13 | role = "Manager" 14 | resource_key_tags = ["secure-roks", var.resource_prefix] 15 | parameters = { 16 | default_receiver = true #enable for platform metrics 17 | } 18 | } 19 | -------------------------------------------------------------------------------- /examples/secure-roks-cluster/main.tf: -------------------------------------------------------------------------------- 1 | data "ibm_resource_group" "resource_group" { 2 | name = (var.resource_group != null ? var.resource_group : null) 3 | is_default = (var.resource_group == null ? true : null) 4 | } 5 | 6 | module "vpc_ocp_cluster" { 7 | source = "terraform-ibm-modules/cluster/ibm//modules/vpc-openshift" 8 | version = "1.4.0" 9 | depends_on = [ 10 | null_resource.delete_default_egress_security_rule 11 | ] 12 | cluster_name = "${var.resource_prefix}-cluster" 13 | vpc_id = module.vpc.vpc_id 14 | worker_pool_flavor = var.flavor 15 | resource_group_id = data.ibm_resource_group.resource_group.id 16 | kube_version = var.ocp_version 17 | worker_zones = local.worker_zones 18 | worker_nodes_per_zone = var.worker_nodes_per_zone 19 | tags = ["secure-roks", "cluster", var.resource_prefix] 20 | disable_public_service_endpoint = var.disable_public_service_endpoint 21 | entitlement = var.ocp_entitlement 22 | cos_instance_crn = local.cos_crn 23 | kms_config = local.kms_config 24 | worker_labels = { worker = var.resource_prefix } 25 | create_timeout = var.create_timeout 26 | wait_till = var.wait_till 27 | } 28 | 29 | module "configure_cluster_sysdig" { 30 | source = "terraform-ibm-modules/cluster/ibm//modules/configure-sysdig-monitor" 31 | version = "1.4.0" 32 | depends_on = [module.configure_cluster_logdna] 33 | cluster = module.vpc_ocp_cluster.vpc_openshift_cluster_id 34 | sysdig_instance_id = local.sysdig_instance_id 35 | private_endpoint = var.private_endpoint 36 | sysdig_access_key = var.monitoring_access_key 37 | } 38 | module "configure_cluster_logdna" { 39 | source = "terraform-ibm-modules/cluster/ibm//modules/configure-logdna" 40 | version = "1.4.0" 41 | cluster = module.vpc_ocp_cluster.vpc_openshift_cluster_id 42 | logdna_instance_id = local.logdna_instance_id 43 | private_endpoint = var.private_endpoint 44 | logdna_ingestion_key = var.logging_ingestion_key 45 | 46 | } -------------------------------------------------------------------------------- /examples/secure-roks-cluster/monitoring.tf: -------------------------------------------------------------------------------- 1 | module "monitoring_instance" { 2 | source = "terraform-ibm-modules/observability/ibm//modules/monitoring-sysdig" 3 | version = "1.3.0" 4 | count = var.monitoring_instance == null ? 1 : 0 5 | bind_resource_key = true 6 | service_name = "${var.resource_prefix}-monitoring" 7 | resource_group_id = data.ibm_resource_group.resource_group.id 8 | plan = "lite" 9 | region = var.region 10 | tags = ["secure-roks", var.resource_prefix] 11 | create_timeout = "30m" 12 | resource_key_name = "${var.resource_prefix}-monitoring-key" 13 | role = "Manager" 14 | resource_key_tags = ["secure-roks", var.resource_prefix] 15 | parameters = { 16 | default_receiver = true #enable for platform metrics 17 | } 18 | } 19 | -------------------------------------------------------------------------------- /examples/secure-roks-cluster/network.tf: -------------------------------------------------------------------------------- 1 | module "vpc" { 2 | source = "terraform-ibm-modules/vpc/ibm//modules/vpc" 3 | version = "1.0.0" 4 | 5 | name = "${var.resource_prefix}-vpc" 6 | resource_group_id = data.ibm_resource_group.resource_group.id 7 | tags = ["secure-roks", var.resource_prefix] 8 | } 9 | module "subnet" { 10 | source = "terraform-ibm-modules/vpc/ibm//modules/subnet" 11 | version = "1.0.0" 12 | 13 | for_each = toset(local.zones) 14 | name = "${var.resource_prefix}-subnet-${index(local.zones, each.value)}" 15 | vpc_id = module.vpc.vpc_id 16 | resource_group_id = data.ibm_resource_group.resource_group.id 17 | location = each.value 18 | ip_range = (var.number_of_addresses == null && var.ip_ranges != null ? element(var.ip_ranges, index(local.zones, each.value)) : null) 19 | number_of_addresses = (var.number_of_addresses != null && var.ip_ranges == null ? var.number_of_addresses : null) 20 | } 21 | 22 | data "ibm_is_subnet" "subnet" { 23 | depends_on = [module.subnet] 24 | for_each = toset(local.zones) 25 | name = "${var.resource_prefix}-subnet-${index(local.zones, each.value)}" 26 | } 27 | 28 | module "default_sg_rules" { 29 | source = "terraform-ibm-modules/vpc/ibm//modules/security-group" 30 | version = "1.0.0" 31 | 32 | create_security_group = false 33 | security_group = module.vpc.vpc_default_security_group 34 | resource_group_id = data.ibm_resource_group.resource_group.id 35 | security_group_rules = local.sg_rules 36 | } 37 | data "ibm_is_vpc" "vpc" { 38 | depends_on = [module.vpc] 39 | name = "${var.resource_prefix}-vpc" 40 | } 41 | data "ibm_iam_auth_token" "token" {} 42 | 43 | // null resource to remove allow all outbound rule 44 | resource "null_resource" "delete_default_egress_security_rule" { 45 | provisioner "local-exec" { 46 | environment = { 47 | TOKEN = data.ibm_iam_auth_token.token.iam_access_token 48 | REGION = var.region 49 | SECURITY_GROUP = module.vpc.vpc_default_security_group 50 | SECURITY_GROUP_RULE = length(local.default_egress_rule) != 0 ? local.default_egress_rule[0] : "" 51 | } 52 | command = < = { 11 | public_vlan = "" 12 | private_vlan = "" 13 | } 14 | = { 15 | public_vlan = "" 16 | private_vlan = "" 17 | } 18 | } 19 | 20 | ******************************************************/ 21 | 22 | worker_zones = { 23 | us-south-1 = { 24 | subnet_id = "0717-edb7aee5-d252-4330-98ad-8c99e01a11b7" 25 | } 26 | } 27 | 28 | kms_config = [{ 29 | instance_id = "4b60eaa9-5a68-4ca7-bda3-23c41a3812af" 30 | crk_id = "8191042a-f9fe-4ec3-a36b-991b40201176" 31 | private_endpoint = false 32 | }, 33 | ] 34 | 35 | taints = [{ 36 | key = "dedicated" 37 | value = "edge" 38 | effect = "NoSchedule" 39 | }, 40 | ] 41 | 42 | tags = ["T1", "T2"] 43 | 44 | -------------------------------------------------------------------------------- /examples/vpc-kubernetes/main.tf: -------------------------------------------------------------------------------- 1 | ##################################################### 2 | # vpc kubernetes cluster provisioning 3 | # Copyright 2020 IBM 4 | ##################################################### 5 | 6 | data "ibm_resource_group" "rg" { 7 | name = var.resource_group 8 | } 9 | 10 | module "vpc_kubernetes_cluster" { 11 | //Uncomment the following line to make the source point to registry level 12 | //source = "terraform-ibm-modules/cluster/ibm//modules/vpc-kubernetes" 13 | source = "../../modules/vpc-kubernetes" 14 | cluster_name = var.cluster_name 15 | vpc_id = var.vpc_id 16 | worker_pool_flavor = var.worker_pool_flavor 17 | worker_zones = var.worker_zones 18 | worker_nodes_per_zone = var.worker_nodes_per_zone 19 | resource_group_id = data.ibm_resource_group.rg.id 20 | kube_version = var.kube_version 21 | update_all_workers = var.update_all_workers 22 | service_subnet = var.service_subnet 23 | pod_subnet = var.pod_subnet 24 | worker_labels = var.worker_labels 25 | wait_till = var.wait_till 26 | disable_public_service_endpoint = var.disable_public_service_endpoint 27 | tags = var.tags 28 | cos_instance_crn = var.cos_instance_crn 29 | force_delete_storage = var.force_delete_storage 30 | kms_config = var.kms_config 31 | taints = var.taints 32 | create_timeout = var.create_timeout 33 | update_timeout = var.update_timeout 34 | delete_timeout = var.delete_timeout 35 | } -------------------------------------------------------------------------------- /examples/vpc-kubernetes/versions.tf: -------------------------------------------------------------------------------- 1 | ##################################################### 2 | # Kubernetes vpc cluster 3 | # Copyright 2020 IBM 4 | ##################################################### 5 | 6 | /*************************************************** 7 | NOTE: To source a particular version of IBM terraform provider, configure the parameter `version` as follows 8 | 9 | terraform { 10 | required_version = ">=0.13" 11 | required_providers { 12 | ibm = { 13 | source = "IBM-Cloud/ibm" 14 | version = "1.21.0" 15 | } 16 | } 17 | } 18 | 19 | If we dont configure the version parameter, it fetches the latest provider version. 20 | ****************************************************/ 21 | 22 | terraform { 23 | required_version = ">=0.13" 24 | required_providers { 25 | ibm = { 26 | source = "IBM-Cloud/ibm" 27 | } 28 | } 29 | } -------------------------------------------------------------------------------- /examples/vpc-openshift/input.tfvars: -------------------------------------------------------------------------------- 1 | ##################################################### 2 | # vpc openshift cluster provisioning 3 | # Copyright 2020 IBM 4 | ##################################################### 5 | 6 | /**************************************************** 7 | Example Usage - configuaring multiple zones 8 | 9 | worker_zones = { 10 | = { 11 | public_vlan = "" 12 | private_vlan = "" 13 | } 14 | = { 15 | public_vlan = "" 16 | private_vlan = "" 17 | } 18 | } 19 | 20 | ******************************************************/ 21 | 22 | 23 | worker_zones = { 24 | us-south-1 = { 25 | subnet_id = "0717-edb7aee5-d252-4330-98ad-8c99e01a11b7" 26 | } 27 | } 28 | 29 | 30 | 31 | kms_config = [{ 32 | instance_id = "4b60eaa9-5a68-4ca7-bda3-23c41a3812af" 33 | crk_id = "8191042a-f9fe-4ec3-a36b-991b40201176" 34 | private_endpoint = false 35 | }, 36 | ] 37 | 38 | taints = [{ 39 | key = "dedicated" 40 | value = "edge" 41 | effect = "NoSchedule" 42 | }, 43 | ] 44 | 45 | 46 | tags = ["T1", "T2"] -------------------------------------------------------------------------------- /examples/vpc-openshift/main.tf: -------------------------------------------------------------------------------- 1 | ##################################################### 2 | # vpc openshift cluster provisioning 3 | # Copyright 2020 IBM 4 | ##################################################### 5 | 6 | data "ibm_resource_group" "rg" { 7 | name = var.resource_group 8 | } 9 | 10 | module "vpc_openshift_cluster" { 11 | //Uncomment the following line to make the source point to registry level 12 | //source = "terraform-ibm-modules/cluster/ibm//modules/vpc-openshift" 13 | source = "../../modules/vpc-openshift" 14 | 15 | cluster_name = var.cluster_name 16 | vpc_id = var.vpc_id 17 | worker_pool_flavor = var.worker_pool_flavor 18 | worker_zones = var.worker_zones 19 | worker_nodes_per_zone = var.worker_nodes_per_zone 20 | resource_group_id = data.ibm_resource_group.rg.id 21 | kube_version = var.kube_version 22 | update_all_workers = var.update_all_workers 23 | service_subnet = var.service_subnet 24 | pod_subnet = var.pod_subnet 25 | worker_labels = var.worker_labels 26 | wait_till = var.wait_till 27 | disable_public_service_endpoint = var.disable_public_service_endpoint 28 | tags = var.tags 29 | cos_instance_crn = var.cos_instance_crn 30 | force_delete_storage = var.force_delete_storage 31 | kms_config = var.kms_config 32 | taints = var.taints 33 | entitlement = var.entitlement 34 | create_timeout = var.create_timeout 35 | update_timeout = var.update_timeout 36 | delete_timeout = var.delete_timeout 37 | } -------------------------------------------------------------------------------- /examples/vpc-openshift/versions.tf: -------------------------------------------------------------------------------- 1 | ##################################################### 2 | # vpc openshift cluster provisioning 3 | # Copyright 2020 IBM 4 | ##################################################### 5 | 6 | /*************************************************** 7 | NOTE: To source a particular version of IBM terraform provider, configure the parameter `version` as follows 8 | 9 | terraform { 10 | required_version = ">=0.13" 11 | required_providers { 12 | ibm = { 13 | source = "IBM-Cloud/ibm" 14 | version = "1.21.0" 15 | } 16 | } 17 | } 18 | 19 | If we dont configure the version parameter, it fetches the latest provider version. 20 | ****************************************************/ 21 | 22 | terraform { 23 | required_version = ">=0.13" 24 | required_providers { 25 | ibm = { 26 | source = "IBM-Cloud/ibm" 27 | } 28 | } 29 | } -------------------------------------------------------------------------------- /modules/classic-free/README.md: -------------------------------------------------------------------------------- 1 | # Module classic-free-cluster 2 | 3 | This example is used to to provision an free IKS cluster on IBM Cloud Infrastructure - classic 4 | 5 | ## Example Usage 6 | ``` 7 | provider "ibm" { 8 | } 9 | 10 | module "classic_free_cluster" { 11 | //Uncomment the following line to make the source point to registry level 12 | //source = "terraform-ibm-modules/cluster/ibm//modules/classic-free" 13 | 14 | source = "../../modules/classic-free" 15 | 16 | cluster_name = var.cluster_name 17 | worker_zone = var.worker_zone 18 | hardware = var.hardware 19 | taints = var.taints 20 | create_timeout = var.create_timeout 21 | update_timeout = var.update_timeout 22 | delete_timeout = var.delete_timeout 23 | } 24 | ``` 25 | ## NOTE: If we want to make use of a particular version of module, then set the "version" argument to respective module version. 26 | 27 | 28 | 29 | ## Inputs 30 | 31 | | Name | Description | Type | Default | Required | 32 | |-----------------------------------|-------------------------------------------------------|--------|---------|----------| 33 | | cluster\_name | Name of the cluster | string | n/a | yes | 34 | | worker\_zone | The zone where the worker node is created. | string | n/a | yes | 35 | | hardware | The level of hardware isolation for your worker node. | string | n/a | yes | 36 | | taints |A nested block that sets or removes Kubernetes taints for all worker nodes in a worker pool|list(string)| n/a | no | 37 | | create_timeout | Timeout duration for create | string | n/a | no | 38 | | update_timeout | Timeout duration for update | string | n/a | no | 39 | | delete_timeout | Timeout duration for delete | string | n/a | no | 40 | 41 | 42 | ## taints Inputs 43 | 44 | | Name | Description | Type | Default | Required | 45 | |---------------------|-------------------------------------------------------|--------|---------|----------| 46 | | key | Key for taint. | string | n/a | yes | 47 | | value | Value for taint. | string | n/a | yes | 48 | | private_endpoint | Effect for taint. Accepted values are NoSchedule, PreferNoSchedule, and NoExecute| string | n/a | yes | 49 | 50 | 51 | -------------------------------------------------------------------------------- /modules/classic-free/main.tf: -------------------------------------------------------------------------------- 1 | ##################################################### 2 | # Kubernetes classic free cluster 3 | # Copyright 2020 IBM 4 | ##################################################### 5 | resource "ibm_container_cluster" "cluster" { 6 | name = var.cluster_name 7 | datacenter = var.worker_zone 8 | hardware = var.hardware 9 | machine_type = "free" 10 | 11 | dynamic taints { 12 | for_each = (var.taints != null ? var.taints : []) 13 | content { 14 | key = taints.value.key 15 | value = taints.value.value 16 | effect = taints.value.effect 17 | } 18 | } 19 | 20 | timeouts { 21 | create = (var.create_timeout != null ? var.create_timeout : null) 22 | update = (var.update_timeout != null ? var.update_timeout : null) 23 | delete = (var.delete_timeout != null ? var.delete_timeout : null) 24 | } 25 | 26 | } -------------------------------------------------------------------------------- /modules/classic-free/output.tf: -------------------------------------------------------------------------------- 1 | ##################################################### 2 | # Kubernetes classic free cluster 3 | # Copyright 2020 IBM 4 | ##################################################### 5 | 6 | output "container_cluster_id" { 7 | description = "The ID of the cluster" 8 | value = ibm_container_cluster.cluster.id 9 | } -------------------------------------------------------------------------------- /modules/classic-free/variables.tf: -------------------------------------------------------------------------------- 1 | ##################################################### 2 | # Kubernetes classic free cluster 3 | # Copyright 2020 IBM 4 | ##################################################### 5 | 6 | variable "cluster_name" { 7 | description = "Name of the cluster" 8 | type = string 9 | } 10 | 11 | variable "worker_zone" { 12 | description = "The zone where the worker node is created." 13 | type = string 14 | } 15 | 16 | variable "hardware" { 17 | description = "The level of hardware isolation for your worker node." 18 | type = string 19 | } 20 | 21 | variable "create_timeout" { 22 | type = string 23 | description = "Timeout duration for create." 24 | default = null 25 | } 26 | 27 | variable "update_timeout" { 28 | type = string 29 | description = "Timeout duration for update." 30 | default = null 31 | } 32 | 33 | variable "delete_timeout" { 34 | type = string 35 | description = "Timeout duration for delete." 36 | default = null 37 | } 38 | 39 | variable "taints" { 40 | type = list(object({ 41 | key = string 42 | value = string 43 | effect = string 44 | })) 45 | description = "Set taints to worker nodes." 46 | default = null 47 | } 48 | -------------------------------------------------------------------------------- /modules/classic-free/versions.tf: -------------------------------------------------------------------------------- 1 | ##################################################### 2 | # Kubernetes classic free cluster 3 | # Copyright 2020 IBM 4 | ##################################################### 5 | 6 | /*************************************************** 7 | NOTE: To source a particular version of IBM terraform provider, configure the parameter `version` as follows 8 | 9 | terraform { 10 | required_version = ">=0.13" 11 | required_providers { 12 | ibm = { 13 | source = "IBM-Cloud/ibm" 14 | version = "1.21.0" 15 | } 16 | } 17 | } 18 | 19 | If we dont configure the version parameter, it fetches the latest provider version. 20 | ****************************************************/ 21 | 22 | terraform { 23 | required_version = ">=0.13" 24 | required_providers { 25 | ibm = { 26 | source = "IBM-Cloud/ibm" 27 | } 28 | } 29 | } -------------------------------------------------------------------------------- /modules/classic-kubernetes-multi-zone/main.tf: -------------------------------------------------------------------------------- 1 | ##################################################### 2 | # classic kubernetes multi-zone cluster 3 | # Copyright 2020 IBM 4 | ##################################################### 5 | 6 | resource "ibm_container_cluster" "cluster" { 7 | name = var.cluster_name 8 | datacenter = var.metro 9 | resource_group_id = var.resource_group_id 10 | hardware = var.hardware 11 | default_pool_size = (var.worker_nodes_per_zone != null ? var.worker_nodes_per_zone : 1) 12 | machine_type = (var.worker_pool_flavor != null ? var.worker_pool_flavor : null) 13 | public_vlan_id = (var.public_vlan != null ? var.public_vlan : null) 14 | private_vlan_id = (var.private_vlan != null ? var.private_vlan : null) 15 | public_service_endpoint = (var.master_service_public_endpoint != null ? var.master_service_public_endpoint : null) 16 | private_service_endpoint = (var.master_service_private_endpoint != null ? var.master_service_private_endpoint : null) 17 | disk_encryption = (var.encrypt_local_disk != null ? var.encrypt_local_disk : true) 18 | force_delete_storage = (var.force_delete_storage != null ? var.force_delete_storage : false) 19 | gateway_enabled = (var.gateway_enabled != null ? var.gateway_enabled : false) 20 | kube_version = (var.kube_version != null ? var.kube_version : null) 21 | no_subnet = (var.no_subnet != null ? var.no_subnet : false) 22 | update_all_workers = (var.update_all_workers != null ? var.update_all_workers : false) 23 | tags = (var.tags != null ? var.tags : []) 24 | 25 | dynamic taints { 26 | for_each = (var.taints != null ? var.taints : []) 27 | content { 28 | key = taints.value.key 29 | value = taints.value.value 30 | effect = taints.value.effect 31 | } 32 | } 33 | dynamic workers_info { 34 | for_each = (var.workers_info != null ? var.workers_info : []) 35 | content { 36 | id = (workers_info.value.id != "" ? workers_info.value.id : null) 37 | version = (workers_info.value.version != "" ? workers_info.value.version : null) 38 | } 39 | } 40 | 41 | dynamic kms_config { 42 | for_each = (var.kms_config != null ? var.kms_config : []) 43 | content { 44 | instance_id = kms_config.value.instance_id 45 | crk_id = kms_config.value.crk_id 46 | private_endpoint = (kms_config.value.private_endpoint ? true : false) 47 | } 48 | } 49 | 50 | dynamic webhook { 51 | for_each = (var.webhook != null ? var.webhook : []) 52 | content { 53 | level = webhook.value.level 54 | type = webhook.value.type 55 | url = webhook.value.url 56 | } 57 | } 58 | 59 | timeouts { 60 | create = (var.create_timeout != null ? var.create_timeout : null) 61 | update = (var.update_timeout != null ? var.update_timeout : null) 62 | delete = (var.delete_timeout != null ? var.delete_timeout : null) 63 | } 64 | 65 | } 66 | 67 | resource "ibm_container_worker_pool_zone_attachment" "zones" { 68 | cluster = ibm_container_cluster.cluster.id 69 | worker_pool = ibm_container_cluster.cluster.worker_pools.0.id 70 | resource_group_id = var.resource_group_id 71 | wait_till_albs = (var.wait_till_albs != null ? var.wait_till_albs : true) 72 | 73 | for_each = (var.worker_zones != null ? var.worker_zones : {}) 74 | zone = each.key 75 | public_vlan_id = each.value["public_vlan"] 76 | private_vlan_id = each.value["private_vlan"] 77 | 78 | timeouts { 79 | create = (var.create_timeout != null ? var.create_timeout : null) 80 | update = (var.update_timeout != null ? var.update_timeout : null) 81 | delete = (var.delete_timeout != null ? var.delete_timeout : null) 82 | } 83 | } 84 | 85 | -------------------------------------------------------------------------------- /modules/classic-kubernetes-multi-zone/output.tf: -------------------------------------------------------------------------------- 1 | ##################################################### 2 | # classic Kubernetes multi-zone cluster 3 | # Copyright 2020 IBM 4 | ##################################################### 5 | 6 | output "container_cluster_id" { 7 | description = "The ID of the cluster" 8 | value = ibm_container_cluster.cluster.id 9 | } 10 | 11 | -------------------------------------------------------------------------------- /modules/classic-kubernetes-multi-zone/versions.tf: -------------------------------------------------------------------------------- 1 | ##################################################### 2 | # Kubernetes classic multi-zone cluster 3 | # Copyright 2020 IBM 4 | ##################################################### 5 | 6 | /*************************************************** 7 | NOTE: To source a particular version of IBM terraform provider, configure the parameter `version` as follows 8 | 9 | terraform { 10 | required_version = ">=0.13" 11 | required_providers { 12 | ibm = { 13 | source = "IBM-Cloud/ibm" 14 | version = "1.21.0" 15 | } 16 | } 17 | } 18 | 19 | If we dont configure the version parameter, it fetches the latest provider version. 20 | ****************************************************/ 21 | 22 | terraform { 23 | required_version = ">=0.13" 24 | required_providers { 25 | ibm = { 26 | source = "IBM-Cloud/ibm" 27 | } 28 | } 29 | } -------------------------------------------------------------------------------- /modules/classic-kubernetes-single-zone/main.tf: -------------------------------------------------------------------------------- 1 | ##################################################### 2 | # classic Kubernetes single-zone cluster 3 | # Copyright 2020 IBM 4 | ##################################################### 5 | 6 | resource "ibm_container_cluster" "cluster" { 7 | name = var.cluster_name 8 | datacenter = var.worker_zone 9 | hardware = var.hardware 10 | resource_group_id = var.resource_group_id 11 | default_pool_size = (var.worker_nodes_per_zone != null ? var.worker_nodes_per_zone : 1) 12 | machine_type = (var.worker_pool_flavor != null ? var.worker_pool_flavor : null) 13 | public_vlan_id = (var.public_vlan != null ? var.public_vlan : null) 14 | private_vlan_id = (var.private_vlan != null ? var.private_vlan : null) 15 | public_service_endpoint = (var.master_service_public_endpoint != null ? var.master_service_public_endpoint : null) 16 | private_service_endpoint = (var.master_service_private_endpoint != null ? var.master_service_private_endpoint : null) 17 | disk_encryption = (var.encrypt_local_disk != null ? var.encrypt_local_disk : true) 18 | force_delete_storage = (var.force_delete_storage != null ? var.force_delete_storage : false) 19 | gateway_enabled = (var.gateway_enabled != null ? var.gateway_enabled : false) 20 | kube_version = (var.kube_version != null ? var.kube_version : null) 21 | no_subnet = (var.no_subnet != null ? var.no_subnet : false) 22 | update_all_workers = (var.update_all_workers != null ? var.update_all_workers : false) 23 | tags = (var.tags != null ? var.tags : []) 24 | 25 | dynamic workers_info { 26 | for_each = (var.workers_info != null ? var.workers_info : []) 27 | content { 28 | id = (workers_info.value.id != "" ? workers_info.value.id : null) 29 | version = (workers_info.value.version != "" ? workers_info.value.version : null) 30 | } 31 | } 32 | 33 | dynamic kms_config { 34 | for_each = (var.kms_config != null ? var.kms_config : []) 35 | content { 36 | instance_id = kms_config.value.instance_id 37 | crk_id = kms_config.value.crk_id 38 | private_endpoint = (kms_config.value.private_endpoint ? true : false) 39 | } 40 | } 41 | 42 | dynamic webhook { 43 | for_each = (var.webhook != null ? var.webhook : []) 44 | content { 45 | level = webhook.value.level 46 | type = webhook.value.type 47 | url = webhook.value.url 48 | } 49 | } 50 | 51 | dynamic taints { 52 | for_each = (var.taints != null ? var.taints : []) 53 | content { 54 | key = taints.value.key 55 | value = taints.value.value 56 | effect = taints.value.effect 57 | } 58 | } 59 | 60 | timeouts { 61 | create = (var.create_timeout != null ? var.create_timeout : null) 62 | update = (var.update_timeout != null ? var.update_timeout : null) 63 | delete = (var.delete_timeout != null ? var.delete_timeout : null) 64 | } 65 | } 66 | -------------------------------------------------------------------------------- /modules/classic-kubernetes-single-zone/output.tf: -------------------------------------------------------------------------------- 1 | ##################################################### 2 | # classic Kubernetes single-zone cluster 3 | # Copyright 2020 IBM 4 | ##################################################### 5 | 6 | output "container_cluster_id" { 7 | description = "The ID of the cluster" 8 | value = ibm_container_cluster.cluster.id 9 | } 10 | 11 | output "container_cluster_worker_pool_id" { 12 | description = "The ID of the default worker pool" 13 | value = ibm_container_cluster.cluster.worker_pools.0.id 14 | } -------------------------------------------------------------------------------- /modules/classic-kubernetes-single-zone/versions.tf: -------------------------------------------------------------------------------- 1 | ##################################################### 2 | # Kubernetes classic single-zone cluster 3 | # Copyright 2020 IBM 4 | ##################################################### 5 | 6 | /*************************************************** 7 | NOTE: To source a particular version of IBM terraform provider, configure the parameter `version` as follows 8 | 9 | terraform { 10 | required_version = ">=0.13" 11 | required_providers { 12 | ibm = { 13 | source = "IBM-Cloud/ibm" 14 | version = "1.21.0" 15 | } 16 | } 17 | } 18 | 19 | If we dont configure the version parameter, it fetches the latest provider version. 20 | ****************************************************/ 21 | 22 | terraform { 23 | required_version = ">=0.13" 24 | required_providers { 25 | ibm = { 26 | source = "IBM-Cloud/ibm" 27 | } 28 | } 29 | } -------------------------------------------------------------------------------- /modules/classic-openshift-multi-zone/main.tf: -------------------------------------------------------------------------------- 1 | ##################################################### 2 | # classic openshift multi-zone cluster provisioning 3 | # Copyright 2020 IBM 4 | ##################################################### 5 | 6 | resource "ibm_container_cluster" "cluster" { 7 | name = var.cluster_name 8 | datacenter = var.metro 9 | resource_group_id = var.resource_group_id 10 | hardware = var.hardware 11 | default_pool_size = (var.worker_nodes_per_zone != null ? var.worker_nodes_per_zone : 1) 12 | machine_type = (var.worker_pool_flavor != null ? var.worker_pool_flavor : null) 13 | public_vlan_id = (var.public_vlan != null ? var.public_vlan : null) 14 | private_vlan_id = (var.private_vlan != null ? var.private_vlan : null) 15 | public_service_endpoint = (var.master_service_public_endpoint != null ? var.master_service_public_endpoint : null) 16 | private_service_endpoint = (var.master_service_private_endpoint != null ? var.master_service_private_endpoint : null) 17 | disk_encryption = (var.encrypt_local_disk != null ? var.encrypt_local_disk : true) 18 | force_delete_storage = (var.force_delete_storage != null ? var.force_delete_storage : false) 19 | gateway_enabled = (var.gateway_enabled != null ? var.gateway_enabled : false) 20 | kube_version = (var.kube_version != null ? var.kube_version : null) 21 | no_subnet = (var.no_subnet != null ? var.no_subnet : false) 22 | update_all_workers = (var.update_all_workers != null ? var.update_all_workers : false) 23 | tags = (var.tags != null ? var.tags : []) 24 | entitlement = (var.entitlement != null ? var.entitlement : null) 25 | 26 | dynamic workers_info { 27 | for_each = (var.workers_info != null ? var.workers_info : []) 28 | content { 29 | id = (workers_info.value.id != "" ? workers_info.value.id : null) 30 | version = (workers_info.value.version != "" ? workers_info.value.version : null) 31 | } 32 | } 33 | 34 | dynamic kms_config { 35 | for_each = (var.kms_config != null ? var.kms_config : []) 36 | content { 37 | instance_id = kms_config.value.instance_id 38 | crk_id = kms_config.value.crk_id 39 | private_endpoint = (kms_config.value.private_endpoint ? true : false) 40 | } 41 | } 42 | 43 | dynamic webhook { 44 | for_each = (var.webhook != null ? var.webhook : []) 45 | content { 46 | level = webhook.value.level 47 | type = webhook.value.type 48 | url = webhook.value.url 49 | } 50 | } 51 | 52 | dynamic taints { 53 | for_each = (var.taints != null ? var.taints : []) 54 | content { 55 | key = taints.value.key 56 | value = taints.value.value 57 | effect = taints.value.effect 58 | } 59 | } 60 | 61 | timeouts { 62 | create = (var.create_timeout != null ? var.create_timeout : null) 63 | update = (var.update_timeout != null ? var.update_timeout : null) 64 | delete = (var.delete_timeout != null ? var.delete_timeout : null) 65 | } 66 | 67 | } 68 | 69 | resource "ibm_container_worker_pool_zone_attachment" "zones" { 70 | cluster = ibm_container_cluster.cluster.id 71 | worker_pool = ibm_container_cluster.cluster.worker_pools.0.id 72 | resource_group_id = var.resource_group_id 73 | wait_till_albs = (var.wait_till_albs != null ? var.wait_till_albs : true) 74 | 75 | for_each = (var.worker_zones != null ? var.worker_zones : {}) 76 | zone = each.key 77 | public_vlan_id = each.value["public_vlan"] 78 | private_vlan_id = each.value["private_vlan"] 79 | 80 | timeouts { 81 | create = (var.create_timeout != null ? var.create_timeout : null) 82 | update = (var.update_timeout != null ? var.update_timeout : null) 83 | delete = (var.delete_timeout != null ? var.delete_timeout : null) 84 | } 85 | } 86 | 87 | -------------------------------------------------------------------------------- /modules/classic-openshift-multi-zone/output.tf: -------------------------------------------------------------------------------- 1 | ##################################################### 2 | # classic Kubernetes single-zone cluster 3 | # Copyright 2020 IBM 4 | ##################################################### 5 | 6 | output "container_cluster_id" { 7 | description = "The ID of the cluster" 8 | value = ibm_container_cluster.cluster.id 9 | } 10 | 11 | output "container_cluster_worker_pool_id" { 12 | description = "The ID of the default worker pool" 13 | value = ibm_container_cluster.cluster.worker_pools.0.id 14 | } -------------------------------------------------------------------------------- /modules/classic-openshift-multi-zone/versions.tf: -------------------------------------------------------------------------------- 1 | ##################################################### 2 | # classic openshift multi-zone cluster provisioning 3 | # Copyright 2020 IBM 4 | ##################################################### 5 | 6 | /*************************************************** 7 | NOTE: To source a particular version of IBM terraform provider, configure the parameter `version` as follows 8 | 9 | terraform { 10 | required_version = ">=0.13" 11 | required_providers { 12 | ibm = { 13 | source = "IBM-Cloud/ibm" 14 | version = "1.21.0" 15 | } 16 | } 17 | } 18 | 19 | If we dont configure the version parameter, it fetches the latest provider version. 20 | ****************************************************/ 21 | 22 | terraform { 23 | required_version = ">=0.13" 24 | required_providers { 25 | ibm = { 26 | source = "IBM-Cloud/ibm" 27 | } 28 | } 29 | } -------------------------------------------------------------------------------- /modules/classic-openshift-single-zone/main.tf: -------------------------------------------------------------------------------- 1 | ##################################################### 2 | # classic kubernetes single-zone cluster provisioning 3 | # Copyright 2020 IBM 4 | ##################################################### 5 | 6 | resource "ibm_container_cluster" "cluster" { 7 | name = var.cluster_name 8 | datacenter = var.worker_zone 9 | hardware = var.hardware 10 | resource_group_id = var.resource_group_id 11 | default_pool_size = (var.worker_nodes_per_zone != null ? var.worker_nodes_per_zone : 1) 12 | machine_type = (var.worker_pool_flavor != null ? var.worker_pool_flavor : null) 13 | public_vlan_id = (var.public_vlan != null ? var.public_vlan : null) 14 | private_vlan_id = (var.private_vlan != null ? var.private_vlan : null) 15 | public_service_endpoint = (var.master_service_public_endpoint != null ? var.master_service_public_endpoint : null) 16 | private_service_endpoint = (var.master_service_private_endpoint != null ? var.master_service_private_endpoint : null) 17 | disk_encryption = (var.encrypt_local_disk != null ? var.encrypt_local_disk : true) 18 | force_delete_storage = (var.force_delete_storage != null ? var.force_delete_storage : false) 19 | gateway_enabled = (var.gateway_enabled != null ? var.gateway_enabled : false) 20 | kube_version = (var.kube_version != null ? var.kube_version : null) 21 | no_subnet = (var.no_subnet != null ? var.no_subnet : false) 22 | update_all_workers = (var.update_all_workers != null ? var.update_all_workers : false) 23 | tags = (var.tags != null ? var.tags : []) 24 | entitlement = (var.entitlement != null ? var.entitlement : null) 25 | 26 | dynamic workers_info { 27 | for_each = (var.workers_info != null ? var.workers_info : []) 28 | content { 29 | id = (workers_info.value.id != "" ? workers_info.value.id : null) 30 | version = (workers_info.value.version != "" ? workers_info.value.version : null) 31 | } 32 | } 33 | 34 | dynamic kms_config { 35 | for_each = (var.kms_config != null ? var.kms_config : []) 36 | content { 37 | instance_id = kms_config.value.instance_id 38 | crk_id = kms_config.value.crk_id 39 | private_endpoint = (kms_config.value.private_endpoint ? true : false) 40 | } 41 | } 42 | 43 | dynamic webhook { 44 | for_each = (var.webhook != null ? var.webhook : []) 45 | content { 46 | level = webhook.value.level 47 | type = webhook.value.type 48 | url = webhook.value.url 49 | } 50 | } 51 | 52 | dynamic taints { 53 | for_each = (var.taints != null ? var.taints : []) 54 | content { 55 | key = taints.value.key 56 | value = taints.value.value 57 | effect = taints.value.effect 58 | } 59 | } 60 | 61 | timeouts { 62 | create = (var.create_timeout != null ? var.create_timeout : null) 63 | update = (var.update_timeout != null ? var.update_timeout : null) 64 | delete = (var.delete_timeout != null ? var.delete_timeout : null) 65 | } 66 | } -------------------------------------------------------------------------------- /modules/classic-openshift-single-zone/output.tf: -------------------------------------------------------------------------------- 1 | ##################################################### 2 | # classic kubernetes single-zone cluster provisioning 3 | # Copyright 2020 IBM 4 | ##################################################### 5 | 6 | output "classic_openshift_cluster_id" { 7 | description = "The ID of the cluster" 8 | value = ibm_container_cluster.cluster.id 9 | } -------------------------------------------------------------------------------- /modules/classic-openshift-single-zone/versions.tf: -------------------------------------------------------------------------------- 1 | ##################################################### 2 | # classic kubernetes single-zone cluster provisioning 3 | # Copyright 2020 IBM 4 | ##################################################### 5 | 6 | /*************************************************** 7 | NOTE: To source a particular version of IBM terraform provider, configure the parameter `version` as follows 8 | 9 | terraform { 10 | required_version = ">=0.13" 11 | required_providers { 12 | ibm = { 13 | source = "IBM-Cloud/ibm" 14 | version = "1.21.0" 15 | } 16 | } 17 | } 18 | 19 | If we dont configure the version parameter, it fetches the latest provider version. 20 | ****************************************************/ 21 | 22 | terraform { 23 | required_version = ">=0.13" 24 | required_providers { 25 | ibm = { 26 | source = "IBM-Cloud/ibm" 27 | } 28 | } 29 | } -------------------------------------------------------------------------------- /modules/configure-addons/README.md: -------------------------------------------------------------------------------- 1 | # Module add-ons 2 | 3 | This module is used to configure a list of add-ons to an existing cluster on IBM Cloud Infrastructure. 4 | 5 | ## Example Usage 6 | ``` 7 | provider "ibm" { 8 | } 9 | 10 | module "classic_kubernetes_worker_pool" { 11 | //Uncomment the following line to make the source point to registry level 12 | //source = "terraform-ibm-modules/cluster/ibm//modules/configure-addons" 13 | 14 | source = "../../modules/configure-addons" 15 | cluster_name = var.cluster_name 16 | add_ons = var.add_ons 17 | create_timeout = var.create_timeout 18 | update_timeout = var.update_timeout 19 | delete_timeout = var.delete_timeout 20 | } 21 | ``` 22 | ## NOTE: 23 | 24 | If we want to make use of a particular version of module, then set the "version" argument to respective module version. 25 | 26 | 27 | ## Inputs 28 | 29 | | Name | Description | Type | Default | Required| 30 | |-----------------------------------|---------------------------------------------------------------------- |--------|---------|---------| 31 | | cluster\_name | Name of the cluster | string | n/a | yes | 32 | | add\_ons | map(map(add_ons)), key is add_on name and value is respective version.| string | n/a | yes | 33 | | add\_ons.version | The add-on version. | string | n/a | no | 34 | | create_timeout | Timeout duration for create | string | n/a | no | 35 | | update_timeout | Timeout duration for update | string | n/a | no | 36 | 37 | 38 | 39 | 40 | ## add_ons Inputs 41 | 42 | | Name | Description | Type | Default | Required | 43 | |-----------------------------------|-------------------------------------------------------|--------|---------|----------| 44 | | version | The add-on version. | string | n/a | no | 45 | 46 | 47 | 48 | NOTE: We can configure the list of add-ons to be attached to a cluster by entering add-on details in input.tfvars. 49 | 50 | 51 | ## Usage 52 | 53 | terraform apply -var-file="input.tfvars" 54 | 55 | -------------------------------------------------------------------------------- /modules/configure-addons/main.tf: -------------------------------------------------------------------------------- 1 | ##################################################### 2 | # Configure Add-ons to a cluster 3 | # Copyright 2020 IBM 4 | ##################################################### 5 | 6 | resource "ibm_container_addons" "addons" { 7 | cluster = var.cluster_name 8 | for_each = var.add_ons 9 | addons { 10 | name = each.key 11 | version = each.value["version"] 12 | } 13 | 14 | timeouts { 15 | create = (var.create_timeout != null ? var.create_timeout : null) 16 | update = (var.update_timeout != null ? var.update_timeout : null) 17 | } 18 | } 19 | -------------------------------------------------------------------------------- /modules/configure-addons/variables.tf: -------------------------------------------------------------------------------- 1 | ##################################################### 2 | # Configure Add-ons to a cluster 3 | # Copyright 2020 IBM 4 | ##################################################### 5 | 6 | variable "cluster_name" { 7 | description = "Name of the cluster" 8 | type = string 9 | } 10 | 11 | variable "add_ons" { 12 | type = map 13 | default = {} 14 | } 15 | 16 | variable "create_timeout" { 17 | type = string 18 | description = "Timeout duration for create." 19 | default = null 20 | } 21 | 22 | variable "update_timeout" { 23 | type = string 24 | description = "Timeout duration for update." 25 | default = null 26 | } 27 | 28 | 29 | 30 | -------------------------------------------------------------------------------- /modules/configure-addons/versions.tf: -------------------------------------------------------------------------------- 1 | ######################################################## 2 | # Kubernetes classic cluster worker pool configuration 3 | # Copyright 2020 IBM 4 | ######################################################## 5 | 6 | /*************************************************** 7 | NOTE: To source a particular version of IBM terraform provider, configure the parameter `version` as follows 8 | 9 | terraform { 10 | required_version = ">=0.13" 11 | required_providers { 12 | ibm = { 13 | source = "IBM-Cloud/ibm" 14 | version = "1.21.0" 15 | } 16 | } 17 | } 18 | 19 | If we dont configure the version parameter, it fetches the latest provider version. 20 | ****************************************************/ 21 | 22 | terraform { 23 | required_version = ">=0.13" 24 | required_providers { 25 | ibm = { 26 | source = "IBM-Cloud/ibm" 27 | } 28 | } 29 | } -------------------------------------------------------------------------------- /modules/configure-alb-cert/README.md: -------------------------------------------------------------------------------- 1 | # Module container_alb_cert 2 | 3 | This example is used to SSL certificate that you store in IBM Cloud Certificate Manager for an Ingress Application Load Balancer (ALB). For more information, about container ALB certificate, see [setting up Kubernetes Ingress](https://cloud.ibm.com/docs/containers?topic=containers-ingress-types). 4 | 5 | ## Example Usage 6 | ``` 7 | provider "ibm" { 8 | } 9 | 10 | module "container_alb_cert" { 11 | //Uncomment the following line to make the source point to registry level 12 | //source = "terraform-ibm-modules/cluster/ibm//modules/configure-alb-cert" 13 | 14 | source = "../../modules/configure-alb-cert" 15 | 16 | certificate_crn = var.certificate_crn 17 | secret_name = var.secret_name 18 | cluster = var.cluster 19 | namespace = var.namespace 20 | persistence = var.persistence 21 | } 22 | ``` 23 | ## NOTE: 24 | 25 | If we want to make use of a particular version of module, then set the "version" argument to accordingly. 26 | 27 | 28 | 29 | ## Inputs 30 | 31 | | Name | Description | Type | Default | Required | 32 | |---------------|-------------------------------------------------------|--------|----------------|----------| 33 | | certificate_crn | The CRN of the certificate | string | n/a | yes | 34 | | secret_name | The name of the ALB certificate secret. | string | n/a | yes | 35 | | cluster | ID or name of the cluster that hosts the Ingress ALB | string | n/a | yes | 36 | | namespace | The namespace in which the secret is created | string | ibm-cert-store | no | 37 | | persistence | Persist the secret data in your cluster. | bool | n/a | no | 38 | 39 | 40 | 41 | 42 | 43 | ## Usage 44 | ``` 45 | terraform init 46 | 47 | terraform plan 48 | 49 | terraform apply 50 | ``` 51 | -------------------------------------------------------------------------------- /modules/configure-alb-cert/main.tf: -------------------------------------------------------------------------------- 1 | ##################################################### 2 | # ibm_container_alb_cert - Used to create SSL certificate that 3 | # you store in IBM Cloud Certificate Manager for an Ingress Application Load Balancer (ALB). 4 | # Copyright 2020 IBM 5 | ##################################################### 6 | 7 | resource "ibm_container_alb_cert" "cert" { 8 | cert_crn = var.certificate_crn 9 | secret_name = var.secret_name 10 | cluster_id = var.cluster 11 | namespace = var.namespace != null ? var.namespace : null 12 | persistence = var.persistence != null ? var.persistence : null 13 | } -------------------------------------------------------------------------------- /modules/configure-alb-cert/output.tf: -------------------------------------------------------------------------------- 1 | ##################################################### 2 | # ibm_container_alb_cert - Used to create SSL certificate that 3 | # you store in IBM Cloud Certificate Manager for an Ingress Application Load Balancer (ALB). 4 | # Copyright 2020 IBM 5 | ##################################################### 6 | 7 | output "id" { 8 | description = "The unique identifier of the certificate in the format /" 9 | value = ibm_container_alb_cert.cert.id 10 | } 11 | 12 | output "certificate_manager_instance_id" { 13 | description = "The IBM Cloud Certificate Manager instance ID from which the certificate was downloaded." 14 | value = ibm_container_alb_cert.cert.cloud_cert_instance_id 15 | } 16 | 17 | output "status" { 18 | description = "The Status of the secret." 19 | value = ibm_container_alb_cert.cert.status 20 | } 21 | -------------------------------------------------------------------------------- /modules/configure-alb-cert/variables.tf: -------------------------------------------------------------------------------- 1 | ##################################################### 2 | # ibm_container_alb_cert - Used to create SSL certificate that 3 | # you store in IBM Cloud Certificate Manager for an Ingress Application Load Balancer (ALB). 4 | # Copyright 2020 IBM 5 | ##################################################### 6 | 7 | variable "certificate_crn" { 8 | description = "The CRN of the certificate that you uploaded to IBM Cloud Certificate Manager." 9 | type = string 10 | } 11 | 12 | variable "cluster" { 13 | description = "The ID of the cluster that hosts the Ingress ALB that you want to configure for SSL traffic." 14 | type = string 15 | } 16 | 17 | variable "secret_name" { 18 | description = "The name of the ALB certificate secret." 19 | type = string 20 | } 21 | 22 | variable "namespace" { 23 | description = "The namespace in which the secret is created. Default value is ibm-cert-store" 24 | type = string 25 | default = "ibm-cert-store" 26 | } 27 | 28 | variable "persistence" { 29 | type = bool 30 | description = "Persist the secret data in your cluster. If the secret is later deleted from the command line or OpenShift web console, the secret is automatically re-created in your cluster." 31 | default = null 32 | } 33 | 34 | -------------------------------------------------------------------------------- /modules/configure-alb-cert/versions.tf: -------------------------------------------------------------------------------- 1 | ##################################################### 2 | # ibm_container_alb_cert - Used to create SSL certificate that 3 | # you store in IBM Cloud Certificate Manager for an Ingress Application Load Balancer (ALB). 4 | # Copyright 2020 IBM 5 | ##################################################### 6 | 7 | /*************************************************** 8 | NOTE: To source a particular version of IBM terraform provider, configure the parameter `version` as follows 9 | 10 | terraform { 11 | required_version = ">=0.13" 12 | required_providers { 13 | ibm = { 14 | source = "IBM-Cloud/ibm" 15 | version = "1.21.0" 16 | } 17 | } 18 | } 19 | 20 | If we dont configure the version parameter, it fetches the latest provider version. 21 | ****************************************************/ 22 | 23 | terraform { 24 | required_version = ">=0.13" 25 | required_providers { 26 | ibm = { 27 | source = "IBM-Cloud/ibm" 28 | } 29 | } 30 | } -------------------------------------------------------------------------------- /modules/configure-alb/README.md: -------------------------------------------------------------------------------- 1 | # Module container_alb 2 | 3 | This example is used to enable or disable an Ingres application load balancer (ALB) that is set up in your cluster. ALBs are used to set up HTTP or HTTPS load-balancing for containerized apps that are deployed into an IBM Cloud Kubernetes Service or Red Hat OpenShift on IBM Cloud cluster. For more information, about Ingress ALBs, [see](https://cloud.ibm.com/docs/containers?topic=containers-ingress-about) 4 | 5 | ## Example Usage 6 | ``` 7 | provider "ibm" { 8 | } 9 | 10 | module "container_alb" { 11 | //Uncomment the following line to make the source point to registry level 12 | //source = "terraform-ibm-modules/cluster/ibm//modules/configure-alb" 13 | 14 | source = "../../modules/configure-alb" 15 | 16 | alb_id = var.alb_id 17 | enable = var.enable 18 | region = var.region 19 | user_ip = var.user_ip 20 | } 21 | ``` 22 | ## NOTE: 23 | 24 | If we want to make use of a particular version of module, then set the "version" argument to accordingly. 25 | 26 | 27 | 28 | ## Inputs 29 | 30 | | Name | Description | Type | Default | Required | 31 | |------------------------------|-------------------------------------------------------|--------|---------|----------| 32 | | alb_id | The unique identifier of the ALB. | string | n/a | yes | 33 | | enable | If set to true, the default Ingress ALB in your cluster is enabled and configured with the IBM-provided Ingress subdomain. If set to false, the default Ingress ALB is disabled in your cluster.| bool | true | no | 34 | | user_ip |For a private ALB only. The private ALB is deployed with an IP address from a user-provided private subnet. |string| n/a | no | 35 | 36 | 37 | 38 | 39 | 40 | ## Usage 41 | ``` 42 | terraform init 43 | 44 | terraform plan 45 | 46 | terraform apply 47 | ``` 48 | -------------------------------------------------------------------------------- /modules/configure-alb/main.tf: -------------------------------------------------------------------------------- 1 | ##################################################### 2 | # ibm_container_alb - Enable or disable an Ingres application load balancer (ALB) that is set up in your cluster. 3 | # Copyright 2020 IBM 4 | ##################################################### 5 | 6 | resource "ibm_container_alb" "alb" { 7 | alb_id = var.alb_id 8 | enable = var.enable != null ? var.enable : true 9 | user_ip = var.user_ip != null ? var.user_ip : null 10 | } -------------------------------------------------------------------------------- /modules/configure-alb/output.tf: -------------------------------------------------------------------------------- 1 | ##################################################### 2 | # ibm_container_alb - Enable or disable an Ingres application load balancer (ALB) that is set up in your cluster. 3 | # Copyright 2020 IBM 4 | ##################################################### 5 | 6 | output "alb_id" { 7 | description = "The unique identifier of the ALB." 8 | value = ibm_container_alb.alb.id 9 | } 10 | 11 | output "name" { 12 | description = "The name of the ALB" 13 | value = ibm_container_alb.alb.name 14 | } 15 | 16 | output "alb_type" { 17 | description = "The type of the ALB. Supported values are public and private" 18 | value = ibm_container_alb.alb.alb_type 19 | } 20 | 21 | output "cluster" { 22 | description = "The name of the cluster where the ALB is provisioned." 23 | value = ibm_container_alb.alb.cluster 24 | } 25 | -------------------------------------------------------------------------------- /modules/configure-alb/variables.tf: -------------------------------------------------------------------------------- 1 | ##################################################### 2 | # ibm_container_alb - Enable or disable an Ingres application load balancer (ALB) that is set up in your cluster. 3 | # Copyright 2020 IBM 4 | ##################################################### 5 | 6 | variable "alb_id" { 7 | description = "The unique identifier of the ALB. To retrieve the ID, run ibmcloud ks alb ls" 8 | type = string 9 | } 10 | 11 | variable "enable" { 12 | description = "If set to true, the default Ingress ALB in your cluster is enabled and configured with the IBM-provided Ingress subdomain. If set to false, the default Ingress ALB is disabled in your cluster. " 13 | type = bool 14 | default = true 15 | } 16 | 17 | variable "user_ip" { 18 | type = string 19 | description = "For a private ALB only. The private ALB is deployed with an IP address from a user-provided private subnet. If no IP address is provided, the ALB is deployed with a random IP address from a private subnet in the IBM Cloud account." 20 | default = null 21 | } 22 | 23 | -------------------------------------------------------------------------------- /modules/configure-alb/versions.tf: -------------------------------------------------------------------------------- 1 | ##################################################### 2 | # ibm_container_alb - Enable or disable an Ingres application load balancer (ALB) that is set up in your cluster. 3 | # Copyright 2020 IBM 4 | ##################################################### 5 | 6 | /*************************************************** 7 | NOTE: To source a particular version of IBM terraform provider, configure the parameter `version` as follows 8 | 9 | terraform { 10 | required_version = ">=0.13" 11 | required_providers { 12 | ibm = { 13 | source = "IBM-Cloud/ibm" 14 | version = "1.21.0" 15 | } 16 | } 17 | } 18 | 19 | If we dont configure the version parameter, it fetches the latest provider version. 20 | ****************************************************/ 21 | 22 | terraform { 23 | required_version = ">=0.13" 24 | required_providers { 25 | ibm = { 26 | source = "IBM-Cloud/ibm" 27 | } 28 | } 29 | } -------------------------------------------------------------------------------- /modules/configure-classic-worker-pool/main.tf: -------------------------------------------------------------------------------- 1 | ##################################################### 2 | # classic kubernetes worker-pool configure 3 | # Copyright 2020 IBM 4 | ##################################################### 5 | 6 | resource "ibm_container_worker_pool" "pool" { 7 | cluster = var.cluster_name 8 | machine_type = var.flavor 9 | worker_pool_name = var.worker_pool_name 10 | size_per_zone = var.worker_nodes 11 | resource_group_id = var.resource_group_id 12 | hardware = (var.hardware != null ? var.hardware : "shared") 13 | disk_encryption = (var.encrypt_local_disk != null ? var.encrypt_local_disk : true) 14 | labels = (var.labels != null ? var.labels : null) 15 | 16 | dynamic taints { 17 | for_each = (var.taints != null ? var.taints : []) 18 | content { 19 | key = taints.value.key 20 | value = taints.value.value 21 | effect = taints.value.effect 22 | } 23 | } 24 | 25 | timeouts { 26 | update = (var.update_timeout != null ? var.update_timeout : null) 27 | } 28 | } 29 | 30 | resource "ibm_container_worker_pool_zone_attachment" "zones" { 31 | cluster = var.cluster_name 32 | worker_pool = element(split("/", ibm_container_worker_pool.pool.id), 1) 33 | wait_till_albs = (var.wait_till_albs != null ? var.wait_till_albs : true) 34 | resource_group_id = var.resource_group_id 35 | 36 | for_each = var.worker_zones 37 | zone = each.key 38 | public_vlan_id = each.value["public_vlan"] 39 | private_vlan_id = each.value["private_vlan"] 40 | 41 | timeouts { 42 | create = (var.create_timeout != null ? var.create_timeout : null) 43 | update = (var.update_timeout != null ? var.update_timeout : null) 44 | delete = (var.delete_timeout != null ? var.delete_timeout : null) 45 | } 46 | 47 | } 48 | 49 | -------------------------------------------------------------------------------- /modules/configure-classic-worker-pool/output.tf: -------------------------------------------------------------------------------- 1 | ##################################################### 2 | # classic kubernetes worker-pool configure 3 | # Copyright 2020 IBM 4 | ##################################################### 5 | 6 | output "classic_worker_pool_id" { 7 | description = "The ID of the worker pool" 8 | value = ibm_container_worker_pool.pool.id 9 | } -------------------------------------------------------------------------------- /modules/configure-classic-worker-pool/variables.tf: -------------------------------------------------------------------------------- 1 | ######################################################## 2 | # Classic kubernetes cluster worker pool configuration 3 | # Copyright 2020 IBM 4 | ######################################################## 5 | 6 | variable "cluster_name" { 7 | description = "Name of the cluster" 8 | type = string 9 | } 10 | variable "flavor" { 11 | description = "Machine type." 12 | type = string 13 | } 14 | 15 | variable "worker_pool_name" { 16 | description = "Name of the worker pool." 17 | type = string 18 | } 19 | 20 | variable "worker_nodes" { 21 | description = "Number of worker nodes" 22 | type = number 23 | } 24 | 25 | variable "hardware" { 26 | description = "The level of hardware isolation for your worker node." 27 | type = string 28 | default = "shared" 29 | } 30 | 31 | variable "create_timeout" { 32 | type = string 33 | description = "Timeout duration for create." 34 | default = null 35 | } 36 | 37 | variable "update_timeout" { 38 | type = string 39 | description = "Timeout duration for update." 40 | default = null 41 | } 42 | 43 | variable "delete_timeout" { 44 | type = string 45 | description = "Timeout duration for delete." 46 | default = null 47 | } 48 | 49 | variable "encrypt_local_disk" { 50 | description = "Set this to true to enable disk encryption" 51 | type = bool 52 | default = true 53 | } 54 | 55 | variable "worker_zones" { 56 | type = map 57 | default = {} 58 | } 59 | 60 | variable "labels" { 61 | type = map 62 | default = {} 63 | } 64 | 65 | variable "resource_group_id" { 66 | description = "Resource group ID" 67 | type = string 68 | default = null 69 | } 70 | 71 | variable "wait_till_albs" { 72 | description = "specify the stage when you want Terraform to mark the zone attachment complete." 73 | type = bool 74 | default = false 75 | } 76 | 77 | variable "taints" { 78 | type = list(object({ 79 | key = string 80 | value = string 81 | effect = string 82 | })) 83 | description = "Set taints to worker nodes." 84 | default = null 85 | } 86 | 87 | -------------------------------------------------------------------------------- /modules/configure-classic-worker-pool/versions.tf: -------------------------------------------------------------------------------- 1 | ######################################################## 2 | # Kubernetes classic cluster worker pool configuration 3 | # Copyright 2020 IBM 4 | ######################################################## 5 | 6 | 7 | /*************************************************** 8 | NOTE: To source a particular version of IBM terraform provider, configure the parameter `version` as follows 9 | 10 | terraform { 11 | required_version = ">=0.13" 12 | required_providers { 13 | ibm = { 14 | source = "IBM-Cloud/ibm" 15 | version = "1.21.0" 16 | } 17 | } 18 | } 19 | 20 | If we dont configure the version parameter, it fetches the latest provider version. 21 | ****************************************************/ 22 | 23 | terraform { 24 | required_version = ">=0.13" 25 | required_providers { 26 | ibm = { 27 | source = "IBM-Cloud/ibm" 28 | } 29 | } 30 | } -------------------------------------------------------------------------------- /modules/configure-logdna/README.md: -------------------------------------------------------------------------------- 1 | # Module logdna 2 | 3 | This module is used to configure a logdna to an existing cluster on IBM Cloud Infrastructure. 4 | 5 | ## Example Usage 6 | ``` 7 | data "ibm_resource_group" "resource_group" { 8 | name = var.resource_group 9 | } 10 | 11 | data "ibm_resource_instance" "logdna_instance" { 12 | 13 | name = var.logdna_name 14 | service = "logdna" 15 | resource_group_id = data.ibm_resource_group.resource_group.id 16 | location = var.region 17 | } 18 | 19 | module "cluster_logdna_attach" { 20 | //Uncomment the following line to make the source point to registry level 21 | //source = "terraform-ibm-modules/cluster/ibm//modules/configure-logdna" 22 | 23 | source = "../../modules/configure-logdna" 24 | cluster = var.cluster 25 | logdna_instance_id = data.ibm_resource_instance.logdna_instance.guid 26 | private_endpoint = var.private_endpoint 27 | logdna_ingestion_key = var.logdna_ingestion_key 28 | create_timeout = var.create_timeout 29 | update_timeout = var.update_timeout 30 | delete_timeout = var.delete_timeout 31 | } 32 | ``` 33 | ## NOTE: 34 | 35 | If we want to make use of a particular version of module, then set the "version" argument to respective module version. 36 | 37 | 38 | ## Inputs 39 | 40 | | Name | Description | Type | Default | Required | 41 | |-----------------------------------|-----------------------------------------------------------|--------|---------|----------| 42 | | cluster | Name or id of the cluster | string | n/a | yes | 43 | | logdna\_name | Name of the logdna to attach to a cluster. | string | n/a | yes | 44 | | region | Region where sysdig is provisioned. | string | n/a | no | 45 | | resource\_group | Name of the resource group. | string | n/a | yes | 46 | | private_endpoint | Use to connect to LogDNA instance through private endpoint| bool | n/a | no | 47 | | logdna_ingestion_key | LogDNA ingestion key | string | n/a | no | 48 | | create_timeout | Timeout duration for create | string | n/a | no | 49 | | update_timeout | Timeout duration for update | string | n/a | no | 50 | | delete_timeout | Timeout duration for delete | string | n/a | no | 51 | 52 | 53 | 54 | 55 | ## Usage 56 | 57 | terraform apply -------------------------------------------------------------------------------- /modules/configure-logdna/main.tf: -------------------------------------------------------------------------------- 1 | ##################################################### 2 | # Configure logdna to a cluster 3 | # Copyright 2020 IBM 4 | ##################################################### 5 | 6 | resource "ibm_ob_logging" "logging" { 7 | cluster = var.cluster 8 | instance_id = var.logdna_instance_id 9 | private_endpoint = var.private_endpoint != null ? var.private_endpoint : null 10 | logdna_ingestion_key = var.logdna_ingestion_key != null ? var.logdna_ingestion_key : null 11 | 12 | timeouts { 13 | create = (var.create_timeout != null ? var.create_timeout : null) 14 | update = (var.update_timeout != null ? var.update_timeout : null) 15 | delete = (var.delete_timeout != null ? var.delete_timeout : null) 16 | } 17 | } 18 | -------------------------------------------------------------------------------- /modules/configure-logdna/variables.tf: -------------------------------------------------------------------------------- 1 | ##################################################### 2 | # Configure logdna to a cluster 3 | # Copyright 2020 IBM 4 | ##################################################### 5 | 6 | variable "cluster" { 7 | description = "Name or id of the cluster" 8 | type = string 9 | } 10 | 11 | variable "logdna_instance_id" { 12 | type = string 13 | description = "Sysdig instance id to attach to a cluster" 14 | } 15 | 16 | variable "private_endpoint" { 17 | description = "Add this option to connect to your LogDNA service instance through the private service endpoint" 18 | type = bool 19 | default = null 20 | } 21 | 22 | variable "logdna_ingestion_key" { 23 | type = string 24 | description = "LogDNA ingestion key" 25 | default = null 26 | } 27 | 28 | variable "create_timeout" { 29 | type = string 30 | description = "Timeout duration for create." 31 | default = null 32 | } 33 | 34 | variable "update_timeout" { 35 | type = string 36 | description = "Timeout duration for update." 37 | default = null 38 | } 39 | 40 | variable "delete_timeout" { 41 | type = string 42 | description = "Timeout duration for delete." 43 | default = null 44 | } 45 | 46 | 47 | 48 | 49 | -------------------------------------------------------------------------------- /modules/configure-logdna/versions.tf: -------------------------------------------------------------------------------- 1 | ##################################################### 2 | # Configure logdna to a cluster 3 | # Copyright 2020 IBM 4 | ##################################################### 5 | 6 | 7 | /*************************************************** 8 | NOTE: To source a particular version of IBM terraform provider, configure the parameter `version` as follows 9 | 10 | terraform { 11 | required_version = ">=0.13" 12 | required_providers { 13 | ibm = { 14 | source = "IBM-Cloud/ibm" 15 | version = "1.21.0" 16 | } 17 | } 18 | } 19 | 20 | If we dont configure the version parameter, it fetches the latest provider version. 21 | ****************************************************/ 22 | 23 | terraform { 24 | required_version = ">=0.13" 25 | required_providers { 26 | ibm = { 27 | source = "IBM-Cloud/ibm" 28 | } 29 | } 30 | } -------------------------------------------------------------------------------- /modules/configure-sysdig-monitor/README.md: -------------------------------------------------------------------------------- 1 | # Module sysdig-monitor 2 | 3 | This module is used to configure a sysdig monitor to an existing cluster on IBM Cloud Infrastructure. 4 | 5 | ## Example Usage 6 | ``` 7 | data "ibm_resource_group" "resource_group" { 8 | name = var.resource_group 9 | } 10 | 11 | data "ibm_resource_instance" "sysdig_instance" { 12 | 13 | name = var.sysdig_name 14 | service = "sysdig-monitor" 15 | resource_group_id = data.ibm_resource_group.resource_group.id 16 | location = var.region 17 | } 18 | 19 | module "cluster_sysdig_attach" { 20 | //Uncomment the following line to make the source point to registry level 21 | //source = "terraform-ibm-modules/cluster/ibm//modules/configure-sysdig-monitor" 22 | source = "../../modules/configure-sysdig-monitor" 23 | cluster = var.cluster 24 | sysdig_instance_id = data.ibm_resource_instance.sysdig_instance.guid 25 | private_endpoint = var.private_endpoint 26 | sysdig_access_key = var.sysdig_access_key 27 | create_timeout = var.create_timeout 28 | update_timeout = var.update_timeout 29 | delete_timeout = var.delete_timeout 30 | } 31 | ``` 32 | ## NOTE: 33 | 34 | If we want to make use of a particular version of module, then set the "version" argument to respective module version. 35 | 36 | 37 | ## Inputs 38 | 39 | | Name | Description | Type | Default | Required | 40 | |-----------------------------------|-----------------------------------------------------------|--------|---------|----------| 41 | | cluster | Name or id of the cluster | string | n/a | yes | 42 | | sysdig\_name | Name of the sysdig to attach to a cluster. | string | n/a | yes | 43 | | region | Region where sysdig is provisioned. | string | n/a | no | 44 | | resource\_group | Name of the resource group. | string | n/a | yes | 45 | | private_endpoint | Use to connect to LogDNA instance through private endpoint| bool | n/a | no | 46 | | sysdig_access_key | sysdig access key | string | n/a | no | 47 | | create_timeout | Timeout duration for create | string | n/a | no | 48 | | update_timeout | Timeout duration for update | string | n/a | no | 49 | | delete_timeout | Timeout duration for delete | string | n/a | no | 50 | 51 | 52 | 53 | ## Usage 54 | 55 | terraform apply 56 | -------------------------------------------------------------------------------- /modules/configure-sysdig-monitor/main.tf: -------------------------------------------------------------------------------- 1 | ##################################################### 2 | # Configure sysdig monitor to a cluster 3 | # Copyright 2020 IBM 4 | ##################################################### 5 | 6 | resource "ibm_ob_monitoring" "sysdig" { 7 | cluster = var.cluster 8 | instance_id = var.sysdig_instance_id 9 | sysdig_access_key = var.sysdig_access_key != null ? var.sysdig_access_key : null 10 | private_endpoint = var.private_endpoint != null ? var.private_endpoint : null 11 | 12 | timeouts { 13 | create = (var.create_timeout != null ? var.create_timeout : null) 14 | update = (var.update_timeout != null ? var.update_timeout : null) 15 | delete = (var.delete_timeout != null ? var.delete_timeout : null) 16 | } 17 | } -------------------------------------------------------------------------------- /modules/configure-sysdig-monitor/variables.tf: -------------------------------------------------------------------------------- 1 | ##################################################### 2 | # Configure Sysdif monitor to a cluster 3 | # Copyright 2020 IBM 4 | ##################################################### 5 | 6 | variable "cluster" { 7 | description = "Name or id of the cluster" 8 | type = string 9 | } 10 | 11 | variable "sysdig_instance_id" { 12 | type = string 13 | description = "Sysdig instance id to attach to a cluster" 14 | } 15 | 16 | variable "private_endpoint" { 17 | description = "Add this option to connect to your LogDNA service instance through the private service endpoint" 18 | type = bool 19 | default = null 20 | } 21 | 22 | variable "sysdig_access_key" { 23 | type = string 24 | description = "sysdig access key" 25 | default = null 26 | } 27 | 28 | variable "create_timeout" { 29 | type = string 30 | description = "Timeout duration for create." 31 | default = null 32 | } 33 | 34 | variable "update_timeout" { 35 | type = string 36 | description = "Timeout duration for update." 37 | default = null 38 | } 39 | 40 | variable "delete_timeout" { 41 | type = string 42 | description = "Timeout duration for delete." 43 | default = null 44 | } 45 | 46 | 47 | 48 | -------------------------------------------------------------------------------- /modules/configure-sysdig-monitor/versions.tf: -------------------------------------------------------------------------------- 1 | ##################################################### 2 | # Configure Sysdif monitor to a cluster 3 | # Copyright 2020 IBM 4 | ##################################################### 5 | 6 | /*************************************************** 7 | NOTE: To source a particular version of IBM terraform provider, configure the parameter `version` as follows 8 | 9 | terraform { 10 | required_version = ">=0.13" 11 | required_providers { 12 | ibm = { 13 | source = "IBM-Cloud/ibm" 14 | version = "1.21.0" 15 | } 16 | } 17 | } 18 | 19 | If we dont configure the version parameter, it fetches the latest provider version. 20 | ****************************************************/ 21 | 22 | terraform { 23 | required_version = ">=0.13" 24 | required_providers { 25 | ibm = { 26 | source = "IBM-Cloud/ibm" 27 | } 28 | } 29 | } -------------------------------------------------------------------------------- /modules/configure-vpc-alb/README.md: -------------------------------------------------------------------------------- 1 | # Module container_vpc_alb 2 | 3 | This example is used to enable or disable an Ingres application load balancer (ALB) that is set up in your VPC cluster. ALBs are used to set up HTTP or HTTPS load-balancing for containerized apps that are deployed into an IBM Cloud Kubernetes Service or Red Hat OpenShift on IBM Cloud cluster. For more information, about Ingress ALBs, [see](https://cloud.ibm.com/docs/containers?topic=containers-ingress-about) 4 | 5 | ## Example Usage 6 | ``` 7 | provider "ibm" { 8 | } 9 | 10 | data "ibm_resource_group" "rg" { 11 | name = var.resource_group 12 | } 13 | 14 | module "container_vpc_alb" { 15 | //Uncomment the following line to make the source point to registry level 16 | //source = "terraform-ibm-modules/cluster/ibm//modules/configure-vpc-alb" 17 | 18 | source = "../../modules/configure-vpc-alb" 19 | 20 | alb_id = var.alb_id 21 | enable = var.enable 22 | resource_group_id = data.ibm_resource_group.rg.id 23 | } 24 | ``` 25 | ## NOTE: 26 | 27 | If we want to make use of a particular version of module, then set the "version" argument to accordingly. 28 | 29 | 30 | 31 | ## Inputs 32 | 33 | | Name | Description | Type | Default | Required | 34 | |------------------------------|-------------------------------------------------------|--------|---------|----------| 35 | | alb_id | The unique identifier of the ALB. | string | n/a | yes | 36 | | enable | If set to true, the default Ingress ALB in your cluster is enabled and configured with the IBM-provided Ingress subdomain. If set to false, the default Ingress ALB is disabled in your cluster.| bool | true | no | 37 | | resource_group |Name of the resource group. |string| n/a | no | 38 | 39 | 40 | ## Outputs 41 | 42 | | Name | Description | Type | 43 | |-----------------|--------------------------------------|--------| 44 | | id | The unique identifier of the ALB. | string | 45 | | alb_type | The ALB type | string | 46 | | name | Name of the ALB. | string | 47 | | cluster | Name of the cluster. | string | 48 | 49 | 50 | 51 | 52 | ## Usage 53 | ``` 54 | terraform init 55 | 56 | terraform plan 57 | 58 | terraform apply 59 | ``` 60 | -------------------------------------------------------------------------------- /modules/configure-vpc-alb/main.tf: -------------------------------------------------------------------------------- 1 | ##################################################### 2 | # ibm_container_vpc_alb - Enable or disable an Application Load Balancer (ALB) for a VPC cluster. 3 | # Copyright 2020 IBM 4 | ##################################################### 5 | 6 | resource "ibm_container_vpc_alb" "alb" { 7 | alb_id = var.alb_id 8 | enable = var.enable != null ? var.enable : true 9 | resource_group_id = var.resource_group_id != null ? var.resource_group_id : null 10 | } -------------------------------------------------------------------------------- /modules/configure-vpc-alb/output.tf: -------------------------------------------------------------------------------- 1 | ##################################################### 2 | # ibm_container_vpc_alb - Enable or disable an Application Load Balancer (ALB) for a VPC cluster. 3 | # Copyright 2020 IBM 4 | ##################################################### 5 | 6 | output "alb_id" { 7 | description = "The unique identifier of the ALB." 8 | value = ibm_container_vpc_alb.alb.id 9 | } 10 | 11 | output "name" { 12 | description = "The name of the ALB" 13 | value = ibm_container_vpc_alb.alb.name 14 | } 15 | 16 | output "alb_type" { 17 | description = "The type of the ALB. Supported values are public and private" 18 | value = ibm_container_vpc_alb.alb.alb_type 19 | } 20 | 21 | output "cluster" { 22 | description = "The name of the cluster where the ALB is provisioned." 23 | value = ibm_container_vpc_alb.alb.cluster 24 | } 25 | -------------------------------------------------------------------------------- /modules/configure-vpc-alb/variables.tf: -------------------------------------------------------------------------------- 1 | ##################################################### 2 | # ibm_container_vpc_alb - Enable or disable an Application Load Balancer (ALB) for a VPC cluster. 3 | # Copyright 2020 IBM 4 | ##################################################### 5 | 6 | variable "alb_id" { 7 | description = "The unique identifier of the ALB. To retrieve the ID, run ibmcloud ks alb ls" 8 | type = string 9 | } 10 | 11 | variable "enable" { 12 | description = "If set to true, the default Ingress ALB in your cluster is enabled and configured with the IBM-provided Ingress subdomain. If set to false, the default Ingress ALB is disabled in your cluster. " 13 | type = bool 14 | default = true 15 | } 16 | 17 | variable "resource_group_id" { 18 | type = string 19 | description = "The ID of the resource group where your cluster is provisioned into." 20 | default = null 21 | } 22 | 23 | -------------------------------------------------------------------------------- /modules/configure-vpc-alb/versions.tf: -------------------------------------------------------------------------------- 1 | ##################################################### 2 | # ibm_container_vpc_alb - Enable or disable an Application Load Balancer (ALB) for a VPC cluster. 3 | # Copyright 2020 IBM 4 | ##################################################### 5 | 6 | /*************************************************** 7 | NOTE: To source a particular version of IBM terraform provider, configure the parameter `version` as follows 8 | 9 | terraform { 10 | required_version = ">=0.13" 11 | required_providers { 12 | ibm = { 13 | source = "IBM-Cloud/ibm" 14 | version = "1.21.0" 15 | } 16 | } 17 | } 18 | 19 | If we dont configure the version parameter, it fetches the latest provider version. 20 | ****************************************************/ 21 | 22 | terraform { 23 | required_version = ">=0.13" 24 | required_providers { 25 | ibm = { 26 | source = "IBM-Cloud/ibm" 27 | } 28 | } 29 | } -------------------------------------------------------------------------------- /modules/configure-vpc-worker-pool/main.tf: -------------------------------------------------------------------------------- 1 | ##################################################### 2 | # vpc cluster worker-pool configure 3 | # Copyright 2020 IBM 4 | ##################################################### 5 | 6 | resource "ibm_container_vpc_worker_pool" "pool" { 7 | cluster = var.cluster_name 8 | worker_pool_name = var.worker_pool_name 9 | flavor = var.flavor 10 | vpc_id = var.virtual_private_cloud 11 | worker_count = var.worker_nodes_per_zone 12 | resource_group_id = var.resource_group_id 13 | labels = (var.labels != null ? var.labels : null) 14 | entitlement = (var.entitlement != null ? var.entitlement : null) 15 | 16 | dynamic zones { 17 | for_each = (var.worker_zones != null ? var.worker_zones : {}) 18 | content { 19 | name = zones.key 20 | subnet_id = zones.value.subnet_id 21 | } 22 | } 23 | 24 | dynamic taints { 25 | for_each = (var.taints != null ? var.taints : []) 26 | content { 27 | key = taints.value.key 28 | value = taints.value.value 29 | effect = taints.value.effect 30 | } 31 | } 32 | 33 | timeouts { 34 | create = (var.create_timeout != null ? var.create_timeout : null) 35 | delete = (var.delete_timeout != null ? var.delete_timeout : null) 36 | } 37 | } -------------------------------------------------------------------------------- /modules/configure-vpc-worker-pool/output.tf: -------------------------------------------------------------------------------- 1 | ##################################################### 2 | # vpc cluster worker-pool configure 3 | # Copyright 2020 IBM 4 | ##################################################### 5 | 6 | output "vpc_worker_pool_id" { 7 | description = "The ID of the worker pool" 8 | value = ibm_container_vpc_worker_pool.pool.id 9 | } -------------------------------------------------------------------------------- /modules/configure-vpc-worker-pool/variables.tf: -------------------------------------------------------------------------------- 1 | ##################################################### 2 | # VPC cluster worker pool configuration 3 | # Copyright 2020 IBM 4 | ##################################################### 5 | 6 | variable "cluster_name" { 7 | description = "Name of the cluster" 8 | type = string 9 | } 10 | 11 | variable "worker_pool_name" { 12 | description = "Name of the worker pool." 13 | type = string 14 | } 15 | 16 | variable "worker_nodes_per_zone" { 17 | description = "Number of worker nodes" 18 | type = number 19 | } 20 | 21 | variable "flavor" { 22 | description = "Machine type." 23 | type = string 24 | } 25 | 26 | variable "resource_group_id" { 27 | description = "ID of resource group." 28 | type = string 29 | } 30 | 31 | variable "worker_zones" { 32 | type = map 33 | default = {} 34 | } 35 | 36 | variable "virtual_private_cloud" { 37 | description = "The ID of the VPC that you want to use for your cluster." 38 | type = string 39 | } 40 | 41 | variable "labels" { 42 | type = map 43 | default = {} 44 | } 45 | 46 | variable "entitlement" { 47 | description = "Name of entittlement, use for openshift cluster" 48 | type = string 49 | default = null 50 | } 51 | 52 | variable "create_timeout" { 53 | type = string 54 | description = "Timeout duration for create." 55 | default = null 56 | } 57 | 58 | variable "update_timeout" { 59 | type = string 60 | description = "Timeout duration for update." 61 | default = null 62 | } 63 | 64 | variable "delete_timeout" { 65 | type = string 66 | description = "Timeout duration for delete." 67 | default = null 68 | } 69 | 70 | variable "taints" { 71 | type = list(object({ 72 | key = string 73 | value = string 74 | effect = string 75 | })) 76 | description = "Set taints to worker nodes." 77 | default = null 78 | } 79 | 80 | -------------------------------------------------------------------------------- /modules/configure-vpc-worker-pool/versions.tf: -------------------------------------------------------------------------------- 1 | ######################################################## 2 | # Kubernetes classic cluster worker pool configuration 3 | # Copyright 2020 IBM 4 | ######################################################## 5 | 6 | /*************************************************** 7 | NOTE: To source a particular version of IBM terraform provider, configure the parameter `version` as follows 8 | 9 | terraform { 10 | required_version = ">=0.13" 11 | required_providers { 12 | ibm = { 13 | source = "IBM-Cloud/ibm" 14 | version = "1.21.0" 15 | } 16 | } 17 | } 18 | 19 | If we dont configure the version parameter, it fetches the latest provider version. 20 | ****************************************************/ 21 | 22 | terraform { 23 | required_version = ">=0.13" 24 | required_providers { 25 | ibm = { 26 | source = "IBM-Cloud/ibm" 27 | } 28 | } 29 | } -------------------------------------------------------------------------------- /modules/openshift-route/README.md: -------------------------------------------------------------------------------- 1 | # This module is used to create openshift route 2 | 3 | This module is used to provision a route to an openshift cluster. An [OpenShift route](https://docs.openshift.com/enterprise/3.0/architecture/core_concepts/routes.html) is a way to expose a service by giving it an externally-reachable hostname like www.example.com. 4 | 5 | ## Prerequisite 6 | 7 | * Set up the IBM Cloud command line interface (CLI), the Satellite plug-in, and other related CLIs. 8 | * Install cli and plugin package 9 | ```console 10 | ibmcloud plugin install container-service 11 | ``` 12 | ## Usage 13 | 14 | ``` 15 | terraform init 16 | ``` 17 | ``` 18 | terraform plan 19 | ``` 20 | ``` 21 | terraform apply 22 | ``` 23 | ``` 24 | terraform destroy 25 | ``` 26 | ## Example Usage 27 | 28 | ``` hcl 29 | module "openshift-route" { 30 | source = "github.com/terraform-ibm-modules/terraform-ibm-cluster//modules/openshift-route" 31 | 32 | ibmcloud_api_key = var.ibmcloud_api_key 33 | cluster_service_url = var.cluster_service_url 34 | namespace = var.namespace 35 | route_data = var.route_data 36 | } 37 | ``` 38 | 39 | 40 | ## Note 41 | 42 | * To update a openshift route, users has to get "resourceVersion" parameter value from terraform.tfstate or openshift console file and add it to 'route_data' variable as a route specification. 43 | 44 | ``` Route Specfication 45 | { 46 | "kind":"Route", 47 | "apiVersion":"route.openshift.io/v1", 48 | "metadata":{ 49 | "name":"route-01", 50 | "resourceVersion": "" 51 | }, 52 | ..... 53 | ..... 54 | } 55 | ``` 56 | * If we want to make use of a particular version of module, then set the argument "version" to respective module version 57 | 58 | ## Inputs 59 | 60 | | Name | Description | Type |Default |Required | 61 | |--------------------------|----------------------------------------------------------------|:-------|:--------|:--------| 62 | | ibmcloud_api_key | IBM Cloud IAM API key |`string`| n/a | yes | 63 | | cluster_service_url | Cluster service URL |`string`| n/a | yes | 64 | | namespace | Openshift namespace name |`string`| default | no | 65 | | route_data | Route specification |`string`| n/a | yes | 66 | 67 | ## Outputs 68 | 69 | | Name | Description | 70 | |--------------------------|----------------------------| 71 | | route_response | Route response | 72 | 73 | 74 | -------------------------------------------------------------------------------- /modules/openshift-route/main.tf: -------------------------------------------------------------------------------- 1 | ##################################################### 2 | # Openshift cluster route provisioning 3 | # Copyright 2021 IBM 4 | ##################################################### 5 | 6 | locals { 7 | # get json 8 | data = jsondecode(var.route_data) 9 | } 10 | 11 | ################################################################### 12 | # Generate openshift token to file 13 | ################################################################### 14 | resource "null_resource" "get_oc_token" { 15 | provisioner "local-exec" { 16 | interpreter = ["/bin/bash", "-c"] 17 | command = <<-EOT 18 | curl -u "apikey:${var.ibmcloud_api_key}" -H "X-CSRF-Token: a" "$(curl ${var.cluster_service_url}/.well-known/oauth-authorization-server | jq -r .issuer)/oauth/authorize?client_id=openshift-challenging-client&response_type=token" -vvv &> /dev/stdout | tee -a resp.log 19 | token=$(awk -v FS="(#access_token=|&expires_in)" '{print $2}' resp.log) 20 | echo $token > token.log 21 | rm -f resp.log 22 | EOT 23 | } 24 | } 25 | 26 | ################################################################### 27 | # Read openshift token from file 28 | ################################################################### 29 | data "local_file" "token_file" { 30 | filename = "token.log" 31 | 32 | depends_on = [null_resource.get_oc_token] 33 | } 34 | 35 | ################################################################### 36 | # Provision openshift route 37 | ################################################################### 38 | resource "restapi_object" "create_route" { 39 | object_id = local.data.metadata.name 40 | path = "/apis/route.openshift.io/v1/namespaces/${var.namespace}/routes" 41 | data = var.route_data 42 | 43 | depends_on = [null_resource.get_oc_token] 44 | } -------------------------------------------------------------------------------- /modules/openshift-route/output.tf: -------------------------------------------------------------------------------- 1 | ##################################################### 2 | # Openshift cluster route provisioning 3 | # Copyright 2021 IBM 4 | ##################################################### 5 | 6 | output "route_response" { 7 | value = restapi_object.create_route.api_response 8 | } 9 | -------------------------------------------------------------------------------- /modules/openshift-route/provider.tf: -------------------------------------------------------------------------------- 1 | ##################################################### 2 | # Openshift cluster route provisioning 3 | # Copyright 2021 IBM 4 | ##################################################### 5 | 6 | provider "restapi" { 7 | uri = var.cluster_service_url 8 | debug = true 9 | headers = { 10 | Authorization = format("Bearer %v", chomp(element(tolist(data.local_file.token_file.*.content), 0))) 11 | } 12 | } -------------------------------------------------------------------------------- /modules/openshift-route/variables.tf: -------------------------------------------------------------------------------- 1 | ##################################################### 2 | # Openshift cluster route provisioning 3 | # Copyright 2021 IBM 4 | ##################################################### 5 | 6 | variable "ibmcloud_api_key" { 7 | type = string 8 | description = "IBM Cloud api key" 9 | } 10 | 11 | variable "cluster_service_url" { 12 | type = string 13 | description = "Cluster service url" 14 | } 15 | 16 | variable "namespace" { 17 | type = string 18 | description = "Namespace name." 19 | } 20 | 21 | variable "route_data" { 22 | type = string 23 | description = "Openshift Route specification." 24 | } 25 | 26 | -------------------------------------------------------------------------------- /modules/openshift-route/versions.tf: -------------------------------------------------------------------------------- 1 | ##################################################### 2 | # Openshift cluster route provisioning 3 | # Copyright 2021 IBM 4 | ##################################################### 5 | 6 | /*************************************************** 7 | NOTE: To source a particular version of IBM terraform provider, configure the parameter `version` as follows 8 | terraform { 9 | required_version = ">=0.13" 10 | required_providers { 11 | ibm = { 12 | source = "IBM-Cloud/ibm" 13 | version = "1.21.0" 14 | } 15 | } 16 | } 17 | If we dont configure the version parameter, it fetches the latest provider version. 18 | ****************************************************/ 19 | 20 | terraform { 21 | required_providers { 22 | restapi = { 23 | source = "fmontezuma/restapi" 24 | version = "1.14.1" 25 | } 26 | ibm = { 27 | source = "IBM-Cloud/ibm" 28 | } 29 | } 30 | } -------------------------------------------------------------------------------- /modules/vpc-kubernetes/main.tf: -------------------------------------------------------------------------------- 1 | ##################################################### 2 | # vpc Kubernetes cluster 3 | # Copyright 2020 IBM 4 | ##################################################### 5 | 6 | resource "ibm_container_vpc_cluster" "cluster" { 7 | name = var.cluster_name 8 | vpc_id = var.vpc_id 9 | flavor = var.worker_pool_flavor 10 | resource_group_id = var.resource_group_id 11 | kube_version = (var.kube_version != null ? var.kube_version : null) 12 | update_all_workers = (var.update_all_workers != null ? var.update_all_workers : false) 13 | service_subnet = (var.service_subnet != null ? var.service_subnet : null) 14 | worker_count = (var.worker_nodes_per_zone != null ? var.worker_nodes_per_zone : 1) 15 | worker_labels = (var.worker_labels != null ? var.worker_labels : null) 16 | disable_public_service_endpoint = (var.disable_public_service_endpoint != null ? var.disable_public_service_endpoint : false) 17 | tags = (var.tags != null ? var.tags : null) 18 | wait_till = (var.wait_till != null ? var.wait_till : "ingressReady") 19 | cos_instance_crn = (var.cos_instance_crn != null ? var.cos_instance_crn : null) 20 | force_delete_storage = (var.force_delete_storage != null ? var.force_delete_storage : false) 21 | 22 | 23 | dynamic zones { 24 | for_each = (var.worker_zones != null ? var.worker_zones : {}) 25 | content { 26 | name = zones.key 27 | subnet_id = zones.value.subnet_id 28 | } 29 | } 30 | 31 | dynamic kms_config { 32 | for_each = (var.kms_config != null ? var.kms_config : []) 33 | content { 34 | instance_id = kms_config.value.instance_id 35 | crk_id = kms_config.value.crk_id 36 | private_endpoint = (kms_config.value.private_endpoint ? true : false) 37 | } 38 | } 39 | 40 | dynamic taints { 41 | for_each = (var.taints != null ? var.taints : []) 42 | content { 43 | key = taints.value.key 44 | value = taints.value.value 45 | effect = taints.value.effect 46 | } 47 | } 48 | 49 | timeouts { 50 | create = (var.create_timeout != null ? var.create_timeout : null) 51 | update = (var.update_timeout != null ? var.update_timeout : null) 52 | delete = (var.delete_timeout != null ? var.delete_timeout : null) 53 | } 54 | } -------------------------------------------------------------------------------- /modules/vpc-kubernetes/output.tf: -------------------------------------------------------------------------------- 1 | ##################################################### 2 | # vpc Kubernetes cluster 3 | # Copyright 2020 IBM 4 | ##################################################### 5 | 6 | output "kubernetes_vpc_cluster_id" { 7 | description = "The ID of the cluster" 8 | value = ibm_container_vpc_cluster.cluster.id 9 | } -------------------------------------------------------------------------------- /modules/vpc-kubernetes/variables.tf: -------------------------------------------------------------------------------- 1 | ##################################################### 2 | # Vpc Kubernetes cluster 3 | # Copyright 2020 IBM 4 | ##################################################### 5 | 6 | variable "cluster_name" { 7 | description = "Name of the cluster" 8 | type = string 9 | } 10 | 11 | variable "vpc_id" { 12 | description = "The ID of the VPC that you want to use for your cluster." 13 | type = string 14 | } 15 | 16 | variable "worker_pool_flavor" { 17 | description = " The flavor of the VPC worker node that you want to use." 18 | type = string 19 | } 20 | 21 | variable "kube_version" { 22 | description = "The Kubernetes or OpenShift version that you want to set up in your cluster." 23 | type = string 24 | default = null 25 | } 26 | 27 | variable "update_all_workers" { 28 | description = "set to true, the Kubernetes version of the worker nodes is updated along with the Kubernetes version of the cluster that you specify in kube_version." 29 | type = bool 30 | default = false 31 | } 32 | 33 | variable "service_subnet" { 34 | description = "Specify a custom subnet CIDR to provide private IP addresses for services." 35 | type = string 36 | default = null 37 | } 38 | 39 | variable "pod_subnet" { 40 | description = "Specify a custom subnet CIDR to provide private IP addresses for pods." 41 | type = string 42 | default = null 43 | } 44 | 45 | variable "worker_nodes_per_zone" { 46 | description = "The number of worker nodes per zone in the default worker pool." 47 | type = number 48 | default = 1 49 | } 50 | 51 | variable "worker_labels" { 52 | description = "Labels on all the workers in the default worker pool." 53 | type = map 54 | default = null 55 | } 56 | 57 | variable "resource_group_id" { 58 | description = "ID of resource group." 59 | type = string 60 | default = null 61 | } 62 | 63 | variable "wait_till" { 64 | description = "specify the stage when Terraform to mark the cluster creation as completed." 65 | type = string 66 | default = "ingressReady" 67 | } 68 | 69 | variable "disable_public_service_endpoint" { 70 | description = "Boolean value true if Public service endpoint to be disabled." 71 | type = bool 72 | default = false 73 | } 74 | 75 | variable "tags" { 76 | description = "List of tags." 77 | type = list(string) 78 | default = null 79 | } 80 | 81 | variable "cos_instance_crn" { 82 | description = "Enable openshift entitlement during cluster creation ." 83 | type = string 84 | default = null 85 | } 86 | 87 | variable "force_delete_storage" { 88 | description = "force the removal of persistent storage associated with the cluster during cluster deletion." 89 | type = bool 90 | default = false 91 | } 92 | 93 | variable "worker_zones" { 94 | type = map 95 | default = {} 96 | } 97 | 98 | variable "kms_config" { 99 | type = list(map(string)) 100 | default = [] 101 | } 102 | 103 | variable "create_timeout" { 104 | type = string 105 | description = "Timeout duration for create." 106 | default = null 107 | } 108 | 109 | variable "update_timeout" { 110 | type = string 111 | description = "Timeout duration for update." 112 | default = null 113 | } 114 | 115 | variable "delete_timeout" { 116 | type = string 117 | description = "Timeout duration for delete." 118 | default = null 119 | } 120 | 121 | variable "taints" { 122 | type = list(object({ 123 | key = string 124 | value = string 125 | effect = string 126 | })) 127 | description = "Set taints to worker nodes." 128 | default = null 129 | } 130 | -------------------------------------------------------------------------------- /modules/vpc-kubernetes/versions.tf: -------------------------------------------------------------------------------- 1 | ##################################################### 2 | # Kubernetes vpc cluster 3 | # Copyright 2020 IBM 4 | ##################################################### 5 | 6 | /*************************************************** 7 | NOTE: To source a particular version of IBM terraform provider, configure the parameter `version` as follows 8 | 9 | terraform { 10 | required_version = ">=0.13" 11 | required_providers { 12 | ibm = { 13 | source = "IBM-Cloud/ibm" 14 | version = "1.21.0" 15 | } 16 | } 17 | } 18 | 19 | If we dont configure the version parameter, it fetches the latest provider version. 20 | ****************************************************/ 21 | 22 | terraform { 23 | required_version = ">=0.13" 24 | required_providers { 25 | ibm = { 26 | source = "IBM-Cloud/ibm" 27 | } 28 | } 29 | } -------------------------------------------------------------------------------- /modules/vpc-openshift/main.tf: -------------------------------------------------------------------------------- 1 | ##################################################### 2 | # vpc openshift cluster provisioning 3 | # Copyright 2020 IBM 4 | ##################################################### 5 | 6 | resource "ibm_container_vpc_cluster" "cluster" { 7 | 8 | name = var.cluster_name 9 | vpc_id = var.vpc_id 10 | flavor = var.worker_pool_flavor 11 | resource_group_id = var.resource_group_id 12 | kube_version = (var.kube_version != null ? var.kube_version : null) 13 | update_all_workers = (var.update_all_workers != null ? var.update_all_workers : false) 14 | service_subnet = (var.service_subnet != null ? var.service_subnet : null) 15 | worker_count = (var.worker_nodes_per_zone != null ? var.worker_nodes_per_zone : 1) 16 | worker_labels = (var.worker_labels != null ? var.worker_labels : null) 17 | disable_public_service_endpoint = (var.disable_public_service_endpoint != null ? var.disable_public_service_endpoint : false) 18 | tags = (var.tags != null ? var.tags : null) 19 | wait_till = (var.wait_till != null ? var.wait_till : "ingressReady") 20 | cos_instance_crn = (var.cos_instance_crn != null ? var.cos_instance_crn : null) 21 | force_delete_storage = (var.force_delete_storage != null ? var.force_delete_storage : false) 22 | entitlement = (var.entitlement != null ? var.entitlement : null) 23 | 24 | dynamic zones { 25 | for_each = (var.worker_zones != null ? var.worker_zones : {}) 26 | content { 27 | name = zones.key 28 | subnet_id = zones.value.subnet_id 29 | } 30 | } 31 | 32 | dynamic kms_config { 33 | for_each = (var.kms_config != null ? var.kms_config : []) 34 | content { 35 | instance_id = kms_config.value.instance_id 36 | crk_id = kms_config.value.crk_id 37 | private_endpoint = (kms_config.value.private_endpoint ? true : false) 38 | } 39 | } 40 | 41 | dynamic taints { 42 | for_each = (var.taints != null ? var.taints : []) 43 | content { 44 | key = taints.value.key 45 | value = taints.value.value 46 | effect = taints.value.effect 47 | } 48 | } 49 | 50 | timeouts { 51 | create = (var.create_timeout != null ? var.create_timeout : null) 52 | update = (var.update_timeout != null ? var.update_timeout : null) 53 | delete = (var.delete_timeout != null ? var.delete_timeout : null) 54 | } 55 | } -------------------------------------------------------------------------------- /modules/vpc-openshift/output.tf: -------------------------------------------------------------------------------- 1 | ##################################################### 2 | # vpc openshift cluster 3 | # Copyright 2020 IBM 4 | ##################################################### 5 | 6 | output "vpc_openshift_cluster_id" { 7 | description = "The ID of the cluster" 8 | value = ibm_container_vpc_cluster.cluster.id 9 | } -------------------------------------------------------------------------------- /modules/vpc-openshift/variables.tf: -------------------------------------------------------------------------------- 1 | ##################################################### 2 | # vpc openshift cluster provisioning 3 | # Copyright 2020 IBM 4 | ##################################################### 5 | 6 | variable "cluster_name" { 7 | description = "Name of the cluster" 8 | type = string 9 | } 10 | 11 | variable "vpc_id" { 12 | description = "The ID of the VPC that you want to use for your cluster." 13 | type = string 14 | } 15 | 16 | variable "worker_pool_flavor" { 17 | description = " The flavor of the VPC worker node that you want to use." 18 | type = string 19 | } 20 | 21 | variable "kube_version" { 22 | description = "The Kubernetes or OpenShift version that you want to set up in your cluster." 23 | type = string 24 | default = null 25 | } 26 | 27 | variable "create_timeout" { 28 | type = string 29 | description = "Timeout duration for create." 30 | default = null 31 | } 32 | 33 | variable "update_timeout" { 34 | type = string 35 | description = "Timeout duration for update." 36 | default = null 37 | } 38 | 39 | variable "delete_timeout" { 40 | type = string 41 | description = "Timeout duration for delete." 42 | default = null 43 | } 44 | 45 | variable "update_all_workers" { 46 | description = "set to true, the Kubernetes version of the worker nodes is updated along with the Kubernetes version of the cluster that you specify in kube_version." 47 | type = bool 48 | default = false 49 | } 50 | 51 | variable "service_subnet" { 52 | description = "Specify a custom subnet CIDR to provide private IP addresses for services." 53 | type = string 54 | default = null 55 | } 56 | 57 | variable "pod_subnet" { 58 | description = "Specify a custom subnet CIDR to provide private IP addresses for pods." 59 | type = string 60 | default = null 61 | } 62 | 63 | variable "worker_nodes_per_zone" { 64 | description = "The number of worker nodes per zone in the default worker pool." 65 | type = number 66 | default = 1 67 | } 68 | 69 | variable "worker_labels" { 70 | description = "Labels on all the workers in the default worker pool." 71 | type = map 72 | default = null 73 | } 74 | 75 | variable "resource_group_id" { 76 | description = "ID of resource group." 77 | type = string 78 | default = null 79 | } 80 | 81 | variable "wait_till" { 82 | description = "specify the stage when Terraform to mark the cluster creation as completed." 83 | type = string 84 | default = "ingressReady" 85 | } 86 | 87 | variable "disable_public_service_endpoint" { 88 | description = "Boolean value true if Public service endpoint to be disabled." 89 | type = bool 90 | default = false 91 | } 92 | 93 | variable "tags" { 94 | description = "List of tags." 95 | type = list(string) 96 | default = null 97 | } 98 | 99 | variable "cos_instance_crn" { 100 | description = "Enable openshift entitlement during cluster creation ." 101 | type = string 102 | default = null 103 | } 104 | 105 | variable "force_delete_storage" { 106 | description = "force the removal of persistent storage associated with the cluster during cluster deletion." 107 | type = bool 108 | default = false 109 | } 110 | 111 | variable "worker_zones" { 112 | type = map 113 | default = {} 114 | } 115 | 116 | variable "kms_config" { 117 | type = list(map(string)) 118 | default = [] 119 | } 120 | 121 | 122 | variable "entitlement" { 123 | description = "Enable openshift entitlement during cluster creation ." 124 | type = string 125 | default = null 126 | } 127 | 128 | variable "taints" { 129 | type = list(object({ 130 | key = string 131 | value = string 132 | effect = string 133 | })) 134 | description = "Set taints to worker nodes." 135 | default = null 136 | } -------------------------------------------------------------------------------- /modules/vpc-openshift/versions.tf: -------------------------------------------------------------------------------- 1 | ##################################################### 2 | # vpc openshift cluster provisioning 3 | # Copyright 2020 IBM 4 | ##################################################### 5 | 6 | /*************************************************** 7 | NOTE: To source a particular version of IBM terraform provider, configure the parameter `version` as follows 8 | 9 | terraform { 10 | required_version = ">=0.13" 11 | required_providers { 12 | ibm = { 13 | source = "IBM-Cloud/ibm" 14 | version = "1.21.0" 15 | } 16 | } 17 | } 18 | 19 | If we dont configure the version parameter, it fetches the latest provider version. 20 | ****************************************************/ 21 | 22 | terraform { 23 | required_version = ">=0.13" 24 | required_providers { 25 | ibm = { 26 | source = "IBM-Cloud/ibm" 27 | } 28 | } 29 | } -------------------------------------------------------------------------------- /test/cluster_e2e_test.go: -------------------------------------------------------------------------------- 1 | package test 2 | 3 | import ( 4 | "testing" 5 | 6 | "github.com/gruntwork-io/terratest/modules/terraform" 7 | ) 8 | 9 | // An example of how to test the Terraform module to create cos instance in examples/instance using Terratest. 10 | func TestAccIBMClusterE2E(t *testing.T) { 11 | t.Parallel() 12 | 13 | // Construct the terraform options with default retryable errors to handle the most common retryable errors in 14 | // terraform testing. 15 | terraformOptions := terraform.WithDefaultRetryableErrors(t, &terraform.Options{ 16 | // The path to where our Terraform code is located 17 | TerraformDir: "../examples/classic-kubernetes-e2e", 18 | 19 | // Variables to pass to our Terraform code using -var options 20 | Vars: map[string]interface{}{ 21 | "cluster_name": "clusterDemo", 22 | "metro": "dal10", 23 | "worker_pool_flavor": "b3c.16x64", 24 | "resource_group": "default", 25 | "hardware": "shared", 26 | "worker_nodes": 1, 27 | "flavor": "b3c.16x64", 28 | "worker_pool_name": "workerPoolDemo", 29 | "region": "us-south", 30 | "private_vlan_id": "2988890", 31 | }, 32 | }) 33 | 34 | // At the end of the test, run `terraform destroy` to clean up any resources that were created 35 | defer terraform.Destroy(t, terraformOptions) 36 | 37 | // This will run `terraform init` and `terraform apply` and fail the test if there are any errors 38 | terraform.InitAndApply(t, terraformOptions) 39 | 40 | // Run `terraform output` to get the value of an output variable 41 | /*instanceID := terraform.Output(t, terraformOptions, "cos_instance_id") 42 | if len(instanceID) <= 0 { 43 | t.Fatal("Wrong output") 44 | } 45 | fmt.Println("COS INstance iD", instanceID)*/ 46 | } 47 | -------------------------------------------------------------------------------- /versions.tf: -------------------------------------------------------------------------------- 1 | ##################################################### 2 | # activity tracker as a service 3 | # Copyright 2020 IBM 4 | ##################################################### 5 | 6 | /*************************************************** 7 | NOTE: To source a particular version of IBM terraform 8 | provider version, configure the parameter `version`. 9 | 10 | terraform { 11 | required_version = ">=0.13" 12 | required_providers { 13 | ibm = { 14 | source = "IBM-Cloud/ibm" 15 | version = "1.20.0" 16 | } 17 | } 18 | } 19 | If we dont configure the version parameter, 20 | it fetches latest provider version. 21 | ****************************************************/ 22 | 23 | terraform { 24 | required_version = ">=0.13" 25 | required_providers { 26 | ibm = { 27 | source = "IBM-Cloud/ibm" 28 | } 29 | } 30 | } 31 | --------------------------------------------------------------------------------