This directory contains terraform code to create a minimum Red Hat OpenShift cluster in a VPC. Note that in order for the OpenShift Web console and the OperatorHub to be operational, the VPC will be configured with a public gateway to allow outbound Internet traffic from the worker nodes.
The internal registry for Red Hat OpenShift managed on IBM Cloud uses object storage for persistence. This code will also create a Cloud Object Storage instance in the resource group used for the OpenShift Cluster.
Same for every pattern, the requirements are documented in the Environment Setup. It includes:
- Have an IBM Cloud account with required privileges
- Install IBM Cloud CLI
- Install the IBM Cloud CLI Plugins
infrastructure-service
,schematics
andcontainer-registry
. - Login to IBM Cloud with the CLI
- Install Terraform
- Install IBM Cloud Terraform Provider
- Configure access to IBM Cloud for Terraform and the IBM Cloud CLI
- (Optional) Install some utility tools such as: jq and kubectl
For OpenShift clusters on VPC Gen 2, the IBM Cloud Terraform provider must be version 1.8.0 or later
Executing these commands you are validating part of these requirements:
ibmcloud --version
ibmcloud plugin show infrastructure-service | head -3
ibmcloud plugin show schematics | head -3
ibmcloud target
terraform version
ls ~/.terraform.d/plugins/terraform-provider-ibm_*
echo $IC_API_KEY
If you have an API Key but is not set neither have the JSON file when it was created, you must recreate the key. Delete the old one if won't be in use anymore.
# Delete the old one, if won't be in use anymore
ibmcloud iam api-keys # Identify your old API Key Name
ibmcloud iam api-key-delete NAME
# Create a new one and set it as environment variable
ibmcloud iam api-key-create TerraformKey -d "API Key for Terraform" --file ~/ibm_api_key.json
export IC_API_KEY=$(grep '"apikey":' ~/ibm_api_key.json | sed 's/.*: "\(.*\)".*/\1/')
The folder check_access has a simple Terraform code that help you to verify your access to IBM Cloud. Go to the directory check_access
and execute the following commands, you should see a list of the Access Groups related to the account with Terraform and IBM Cloud CLI:
cd check_access
terraform init
terraform apply
ibmcloud iam access-groups
This project requires the following actions:
-
Create the file
terraform.tfvars
file with values for the variables, this is an example with the required and optional variables:project_name = iac-iks-test-OWNER environment = dev # Optional variables port = 8080 resource_group = "Default" region = "us-south" vpc_zone_names = ["us-south-1", "us-south-2", "us-south-3"]
For better results and avoid name collisions, replace
OWNER
for your username or user Id. It will fail if the wordOWNER
(uppercase) is used. Don't assign a project name with more than 24 characters. -
Change the values of the variables
project_name
andenvironment
, currentlyiac-iks-test-OWNER
anddev
respectively. It's recommended to replaceOWNER
by your username or user Id to avoid name collisions. It will fail if the wordOWNER
(uppercase) is used. Don't assign a project name with more than 24 characters.
In a nutshell, to play the example just execute the following commands:
terraform init
terraform plan
terraform apply
Then execute the validation commands or actions documented in the Project Validation section below. Finally, when you finish using the infrastructure, cleanup everything you created with the execution of:
terraform destroy
Execute the following commands:
# Create workspace:
ibmcloud schematics workspace list
ibmcloud schematics workspace new --file workspace.json
ibmcloud schematics workspace list # Identify the WORKSPACE_ID
WORKSPACE_ID=
# ... wait until the status is INACTIVE
# (Optional) Planing:
ibmcloud schematics plan --id $WORKSPACE_ID # Identify the Activity_ID
ibmcloud schematics logs --id $WORKSPACE_ID --act-id Activity_ID
# ... wait until it's done
# Apply:
ibmcloud schematics apply --id $WORKSPACE_ID # Identify the Activity_ID
ibmcloud schematics logs --id $WORKSPACE_ID --act-id Activity_ID
After the validations in the Project Validation section below, cleanup everything you created with the execution of:
ibmcloud schematics destroy --id $WORKSPACE_ID # Identify the Activity_ID
ibmcloud schematics logs --id $WORKSPACE_ID --act-id Activity_ID
# ... wait until it's done
ibmcloud schematics workspace delete --id $WORKSPACE_ID
ibmcloud schematics workspace list
To have access to the IKS cluster execute this IBM Cloud CLI command (NAME
is the cluster name):
ibmcloud ks cluster config --cluster $NAME
If the project was executed with Terraform, get the outputs and kubectl configured executing these commands:
terraform output
ibmcloud ks cluster config --cluster $(terraform output cluster_id)
If the project was executed with IBM Cloud Schematics, get the outputs and kubectl configured executing these commands:
ibmcloud schematics workspace list # Identify the WORKSPACE_ID
ibmcloud schematics workspace output --id $WORKSPACE_ID --json
ibmcloud ks cluster config --cluster $(ibmcloud schematics workspace output --id $WORKSPACE_ID --json | jq -r '.[].output_values[].cluster_id.value')
In both cases, you should see the the same output variables and get kubectl configured to access the cluster. Some kubectl
commands to verify you have access are:
kubectl cluster-info
kubectl get nodes
kubectl get pods -A
<--TODO update with instructions to deploy the application >