This template creates a Red Hat OpenShift cluster on an existing VPC. To create this cluster, a COS instance is created for cluster storage, and a Key Protect instance is created for encryption.
To create a VPC for your cluster, use the Multizone VPC Gen2 Asset
This module creates an IBM Cloud Object Stroage instance required for the creation of an OpenShift cluster. This module also creates a Key Protect instance and a Key Protect Root Key to encrypt the cluster. To ensure that the COS instance has access to the cluster, an authorization policy is created to allow the Key Protect instance to read from the COS instance.
These resources can be found in the ./resources module.
This module creates a Red Hat OpenShift cluster across any number of existing subnets on an existing VPC.
The cluster is created in cluster.tf
This module can optionally create any number of worker pools across the same subnets where the cluster is created.
The worker pools are created in ./worker_pools
| Variable | Type | Description | Default |
|---|---|---|---|
| ibmcloud_api_key | string | The IBM Cloud platform API key needed to deploy IAM enabled resources | |
| ibm_region | string | IBM Cloud region where all resources will be deployed | |
| resource_group | string | Name of resource group where all infrastructure will be provisioned | "asset-development" |
| unique_id | string | A unique identifier need to provision resources. Must begin with a letter | "asset-roks" |
| vpc_name | string | Name of VPC where cluster is to be created | |
| subnet_names | list(string) | List of subnet names | [ "asset-multizone-zone-1-subnet-1", "asset-multizone-zone-1-subnet-2", "asset-multizone-zone-1-subnet-3" ] |
| machine_type | string | The flavor of VPC worker node to use for your cluster. Use ibmcloud ks flavors to find flavors for a region. |
"bx2.4x16" |
| workers_per_zone | number | Number of workers to provision in each subnet | 2 |
| disable_public_service_endpoint | bool | Disable public service endpoint for cluster | false |
| entitlement | string | If you purchased an IBM Cloud Cloud Pak that includes an entitlement to run worker nodes that are installed with OpenShift Container Platform, enter entitlement to create your cluster with that entitlement so that you are not charged twice for the OpenShift license. Note that this option can be set only when you create the cluster. After the cluster is created, the cost for the OpenShift license occurred and you cannot disable this charge. | "cloud_pak" |
| kube_version | string | Specify the Kubernetes version, including the major.minor version. To see available versions, run ibmcloud ks versions. |
"4.5.35_openshift" |
| wait_till | string | To avoid long wait times when you run your Terraform code, you can specify the stage when you want Terraform to mark the cluster resource creation as completed. Depending on what stage you choose, the cluster creation might not be fully completed and continues to run in the background. However, your Terraform code can continue to run without waiting for the cluster to be fully created. Supported args are MasterNodeReady, OneWorkerNodeReady, and IngressReady |
"IngressReady" |
| tags | list(string) | A list of tags to add to the cluster | [] |
| worker_pools | list(object({ pool_name = string machine_type = string workers_per_zone = number })) | List of maps describing worker pools | [] |
| service_endpoints | string | Service endpoints for resource instances. Can be public, private, or public-and-private. |
"private" |
| kms_plan | string | Plan for Key Protect | "tiered-pricing" |
| kms_root_key_name | string | Name of the root key for Key Protect instance | "root-key" |
| kms_private_service_endpoint | bool | Use private service endpoint for Key Protect instance | true |
| cos_plan | string | Plan for Cloud Object Storage instance | "standard" |