This architecture creates a VPC, an IKS Cluster on that VPC, and many commonly used cloud resources
This module creates a VPC in three zones of a single region, creates the ACL used by those subnets, and optionally provisions public gateways in all three zones. To read more about this module, refer to the Multizone VPC README.
This module provisions the IKS cluster for this architecture. Optinally, it can enable ALBs and create additional worker pools. To read more about this module, refer to the VPC Cluster README
This architecture creates the following IBM Cloud service instances:
- Key Protect
- Cloud Object Storage
- Databases for PostgreSQL
- Log Analysis with LogDNA
- Sysdig Moniroting
It will also create a root key for the Key Protect instance, use that key to encrypt the PostgreSQL database and Cloud Object Storage instances, and creates service-to-service authorization policies to allow for PostgreSQL and Cloud Object Storage to read from the Key Protect Instance.
| Variable | Type | Description | Default |
|---|---|---|---|
ibmcloud_api_key |
string | The IBM Cloud platform API key needed to deploy IAM enabled resources | |
unique_id |
string | A unique identifier need to provision resources. Must begin with a letter | asset-roks-gen2 |
ibm_region |
string | IBM Cloud region where all resources will be deployed | |
resource_group |
string | Name of resource group to create VPC | asset-development |
generation |
String | generation for VPC. Can be 1 or 2 | 2 |
enable_public_gateway |
String | Enable public gateways for subnets, true or false | true |
cidr_blocks |
list | A list of CIDR blocks for the VPC subnets | [ |
acl_rules |
String | Access control list rule set | [{ name = "egress"action = "allow"source = "0.0.0.0/0" destination = "0.0.0.0/0"direction = "inbound"},{ name = "ingress" action = "allow"source = "0.0.0.0/0"destination = "0.0.0.0/0"direction = "outbound"} ] |
machine_type |
string | The flavor of VPC worker node to use for your cluster | bx2.4x16 |
workers_per_zone |
number | Number of workers to provision in each subnet. Openshift worker pool size must be 2 or greater. | 2 |
disable_public_service_endpoint |
bool | Disable public service endpoint for cluster | false |
kube_version |
string | Specify the Kubernetes version, including the major.minor version. To see available versions, run ibmcloud ks versions. To use the default, leave string empty | "" |
wait_till |
string | To avoid long wait times when you run your Terraform code, you can specify the stage when you want Terraform to mark the cluster resource creation as completed. Depending on what stage you choose, the cluster creation might not be fully completed and continues to run in the background. However, your Terraform code can continue to run without waiting for the cluster to be fully created. Supported args are MasterNodeReady, OneWorkerNodeReady, and IngressReady |
IngressReady |
tags |
list(string) | A list of tags to add to the cluster | [] |
worker_pools |
String | List of maps describing worker pools. Worker pools must have at least 2 workers per zone | [] |
service_endpoints |
string | Service endpoints for resource instances. Can be public, private, or public-and-private |
private |
kms_plan |
string | Plan for Key Protect | tiered-pricing |
kms_root_key_name |
string | Name of the root key for Key Protect instance | root-key |
cos_plan |
string | Plan for Cloud Object Storage instance | standard |
psql_plan |
string | Plan for Databases for PostgreSQL | standard |
logdna_plan |
string | Plan for Databases for PostgreSQL | 7-day |
sysdig_plan |
string | Plan for Databases for PostgreSQL | graduated-tier |