diff --git a/.gitignore b/.gitignore index 18bc49a..b6c05a5 100644 --- a/.gitignore +++ b/.gitignore @@ -8,4 +8,6 @@ provider.tf *.x *.yaml dev.sh -*.sh \ No newline at end of file +*.sh +node_modules/ +package-lock.json \ No newline at end of file diff --git a/README.md b/README.md index 43f2fa9..ef76e46 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -# Easy Multizone VPC Red Hat OpenShift Cluster +# Easy Multizone VPC Red Hat OpenShift Cluster (Version 2) This template allows users to easily create a VPC with one subnet in each of three zones, with a Red Hat OpenShift Cluster distributed in each zone with very few inputs needed by the user to quickly start using IBM Cloud VPC . diff --git a/acceptance_tests/acl_rules.json b/acceptance_tests/acl_rules.json new file mode 100644 index 0000000..79d4dc1 --- /dev/null +++ b/acceptance_tests/acl_rules.json @@ -0,0 +1,200 @@ +[ + { + "action": "allow", + "destination": "0.0.0.0/0", + "direction": "inbound", + "icmp": [], + "name": "roks-create-worker-nodes-inbound", + "source": "161.26.0.0/16", + "tcp": [], + "udp": [] + }, + { + "action": "allow", + "destination": "161.26.0.0/16", + "direction": "outbound", + "icmp": [], + "name": "roks-create-worker-nodes-outbound", + "source": "0.0.0.0/0", + "tcp": [], + "udp": [] + }, + { + "action": "allow", + "destination": "0.0.0.0/0", + "direction": "inbound", + "icmp": [], + "name": "roks-nodes-to-service-inbound", + "source": "166.8.0.0/14", + "tcp": [], + "udp": [] + }, + { + "action": "allow", + "destination": "166.8.0.0/14", + "direction": "outbound", + "icmp": [], + "name": "roks-nodes-to-service-outbound", + "source": "0.0.0.0/0", + "tcp": [], + "udp": [] + }, + { + "action": "allow", + "destination": "0.0.0.0/0", + "direction": "inbound", + "icmp": [], + "name": "allow-app-incoming-traffic-requests", + "source": "0.0.0.0/0", + "tcp": [ + { + "port_max": 65535, + "port_min": 1, + "source_port_max": 30000, + "source_port_min": 30000 + } + ], + "udp": [] + }, + { + "action": "allow", + "destination": "0.0.0.0/0", + "direction": "outbound", + "icmp": [], + "name": "allow-app-outgoing-traffic-requests", + "source": "0.0.0.0/0", + "tcp": [ + { + "port_max": 32767, + "port_min": 30000, + "source_port_max": 1, + "source_port_min": 1 + } + ], + "udp": [] + }, + { + "action": "allow", + "destination": "0.0.0.0/0", + "direction": "inbound", + "icmp": [], + "name": "allow-lb-incoming-traffic-requests", + "source": "0.0.0.0/0", + "tcp": [ + { + "port_max": 443, + "port_min": 443, + "source_port_max": 1, + "source_port_min": 1 + } + ], + "udp": [] + }, + { + "action": "allow", + "destination": "0.0.0.0/0", + "direction": "outbound", + "icmp": [], + "name": "allow-lb-outgoing-traffic-requests", + "source": "0.0.0.0/0", + "tcp": [ + { + "port_max": 65535, + "port_min": 1, + "source_port_max": 443, + "source_port_min": 443 + } + ], + "udp": [] + }, + { + "action": "allow", + "destination": "0.0.0.0/0", + "direction": "inbound", + "icmp": [], + "name": "allow-inbound-ez-roks-test-allow-all", + "source": "0.0.0.0/0", + "tcp": [], + "udp": [] + }, + { + "action": "allow", + "destination": "0.0.0.0/0", + "direction": "outbound", + "icmp": [], + "name": "allow-outbound-ez-roks-test-allow-all", + "source": "0.0.0.0/0", + "tcp": [], + "udp": [] + }, + { + "action": "allow", + "destination": "0.0.0.0/0", + "direction": "inbound", + "icmp": [], + "name": "allow-inbound-ez-roks-test-subnet-zone-1", + "source": "10.10.10.0/24", + "tcp": [], + "udp": [] + }, + { + "action": "allow", + "destination": "10.10.10.0/24", + "direction": "outbound", + "icmp": [], + "name": "allow-outbound-ez-roks-test-subnet-zone-1", + "source": "0.0.0.0/0", + "tcp": [], + "udp": [] + }, + { + "action": "allow", + "destination": "0.0.0.0/0", + "direction": "inbound", + "icmp": [], + "name": "allow-inbound-ez-roks-test-subnet-zone-2", + "source": "10.20.10.0/24", + "tcp": [], + "udp": [] + }, + { + "action": "allow", + "destination": "10.20.10.0/24", + "direction": "outbound", + "icmp": [], + "name": "allow-outbound-ez-roks-test-subnet-zone-2", + "source": "0.0.0.0/0", + "tcp": [], + "udp": [] + }, + { + "action": "allow", + "destination": "0.0.0.0/0", + "direction": "inbound", + "icmp": [], + "name": "allow-inbound-ez-roks-test-subnet-zone-3", + "source": "10.30.10.0/24", + "tcp": [], + "udp": [] + }, + { + "action": "allow", + "destination": "10.30.10.0/24", + "direction": "outbound", + "icmp": [], + "name": "allow-outbound-ez-roks-test-subnet-zone-3", + "source": "0.0.0.0/0", + "tcp": [], + "udp": [] + }, + { + "action": "allow", + "destination": "0.0.0.0/0", + "direction": "outbound", + "icmp": [], + "name": "allow-all-outbound", + "source": "0.0.0.0/0", + "tcp": [], + "udp": [] + } +] diff --git a/acceptance_tests/ez-mt-vpc.test.js b/acceptance_tests/ez-mt-vpc.test.js new file mode 100644 index 0000000..a4cd856 --- /dev/null +++ b/acceptance_tests/ez-mt-vpc.test.js @@ -0,0 +1,144 @@ +const tfxjs = require("tfxjs"); +const tfx = new tfxjs("../", { + ibmcloud_api_key: process.env.API_KEY, + prefix: "ez-roks-test", + region: "us-south", +}); + +tfx.plan("Easy Multizone ROKS Network", () => { + tfx.module( + "Easy VPC", + "module.ez_vpc", + tfx.resource("OpenShift Cluster", "ibm_container_vpc_cluster.cluster", { + disable_public_service_endpoint: true, + entitlement: "cloud_pak", + flavor: "bx2.4x16", + kube_version: tfx.expect("should contain _openshift", (kube_version) => { + return kube_version.indexOf("_openshift") !== -1; + }), + name: "ez-roks-test-roks-cluster", + tags: ["ez-vpc", "multizone-vpc"], + wait_till: "IngressReady", + worker_count: 2, + zones: [ + { name: "us-south-1" }, + { name: "us-south-2" }, + { name: "us-south-3" }, + ], + }), + tfx.resource("Object Storage Instance", "ibm_resource_instance.cos[0]", { + location: "global", + name: "ez-cluster-vpc-cos", + plan: "standard", + service: "cloud-object-storage", + tags: ["ez-vpc", "multizone-vpc"], + }) + ); + tfx.module( + "VPC Module", + "module.ez_vpc.module.vpc", + tfx.resource("Development ACL", 'ibm_is_network_acl.network_acl["acl"]', { + name: "ez-roks-test-acl", + rules: require("./acl_rules.json"), + }), + tfx.resource( + "Public Gateway Zone 1", + 'ibm_is_public_gateway.gateway["zone-1"]', + { + name: "ez-roks-test-public-gateway-zone-1", + zone: "us-south-1", + } + ), + tfx.resource( + "Public Gateway Zone 2", + 'ibm_is_public_gateway.gateway["zone-2"]', + { + name: "ez-roks-test-public-gateway-zone-2", + zone: "us-south-2", + } + ), + tfx.resource( + "Public Gateway Zone 3", + 'ibm_is_public_gateway.gateway["zone-3"]', + { + name: "ez-roks-test-public-gateway-zone-3", + zone: "us-south-3", + } + ), + tfx.resource( + "Allow All Inbound Default Rule", + 'ibm_is_security_group_rule.default_vpc_rule["allow-all-inbound"]', + { + direction: "inbound", + icmp: [], + ip_version: "ipv4", + remote: "0.0.0.0/0", + tcp: [], + udp: [], + } + ), + tfx.resource( + "VPC Zone 1 Subnet", + 'ibm_is_subnet.subnet["ez-roks-test-subnet-zone-1"]', + { + ip_version: "ipv4", + ipv4_cidr_block: "10.10.10.0/24", + name: "ez-roks-test-subnet-zone-1", + zone: "us-south-1", + } + ), + tfx.resource( + "VPC Zone 2 Subnet", + 'ibm_is_subnet.subnet["ez-roks-test-subnet-zone-2"]', + { + ip_version: "ipv4", + ipv4_cidr_block: "10.20.10.0/24", + name: "ez-roks-test-subnet-zone-2", + zone: "us-south-2", + } + ), + tfx.resource( + "VPC Zone 3 Subnet", + 'ibm_is_subnet.subnet["ez-roks-test-subnet-zone-3"]', + { + ip_version: "ipv4", + ipv4_cidr_block: "10.30.10.0/24", + name: "ez-roks-test-subnet-zone-3", + zone: "us-south-3", + } + ), + tfx.resource("VPC", "ibm_is_vpc.vpc", { + address_prefix_management: "manual", + classic_access: false, + name: "ez-roks-test-vpc", + tags: ["ez-vpc", "multizone-vpc"], + }), + tfx.resource( + "VPC Zone 1 Subnet Prefix", + 'ibm_is_vpc_address_prefix.subnet_prefix["ez-roks-test-subnet-zone-1"]', + { + cidr: "10.10.10.0/24", + name: "ez-roks-test-subnet-zone-1", + zone: "us-south-1", + } + ), + tfx.resource( + "VPC Zone 2 Subnet Prefix", + 'ibm_is_vpc_address_prefix.subnet_prefix["ez-roks-test-subnet-zone-2"]', + { + cidr: "10.20.10.0/24", + name: "ez-roks-test-subnet-zone-2", + zone: "us-south-2", + } + ), + tfx.resource( + "VPC Zone 3 Subnet Prefix", + 'ibm_is_vpc_address_prefix.subnet_prefix["ez-roks-test-subnet-zone-3"]', + { + cidr: "10.30.10.0/24", + name: "ez-roks-test-subnet-zone-3", + zone: "us-south-3", + } + ), + ); +}); diff --git a/acceptance_tests/package.json b/acceptance_tests/package.json new file mode 100644 index 0000000..807ab87 --- /dev/null +++ b/acceptance_tests/package.json @@ -0,0 +1,14 @@ +{ + "name": "acceptance_tests", + "version": "1.0.0", + "description": "", + "main": "index.js", + "scripts": { + "test": "tfx ez-mt-vpc.test.js" + }, + "author": "", + "license": "ISC", + "dependencies": { + "tfxjs": "^0.4.0" + } +} diff --git a/main.tf b/main.tf index dd47b6d..2b57d9b 100644 --- a/main.tf +++ b/main.tf @@ -3,7 +3,7 @@ ############################################################################## provider "ibm" { - ibmcloud_api_key = var.ibmcloud_api_key + # ibmcloud_api_key = var.ibmcloud_api_key # comment out and remove variable for schematics runs region = var.region ibmcloud_timeout = 60 } diff --git a/override.json b/override.json index fdd9109..ff34d14 100644 --- a/override.json +++ b/override.json @@ -2,13 +2,11 @@ "cluster": { "disable_public_service_endpoint": true, "entitlement": "cloud_pak", - "kube_version": "4.9.21_openshift", + "kube_version": "default", "machine_type": "bx2.4x16", - "name": "ez-vpc-roks-cluster", + "name": "easy-vpc-roks-cluster", "subnets": [ - "subnet-zone-1", - "subnet-zone-2", - "subnet-zone-3" + "subnet-zone-1" ], "wait_till": "IngressReady", "workers_per_zone": 2 @@ -23,95 +21,7 @@ { "add_cluster_rules": true, "name": "acl", - "rules": [ - { - "action": "allow", - "destination": "0.0.0.0/0", - "direction": "inbound", - "icmp": null, - "name": "allow-inbound-ez-vpc-allow-all", - "source": "0.0.0.0/0", - "tcp": null, - "udp": null - }, - { - "action": "allow", - "destination": "0.0.0.0/0", - "direction": "outbound", - "icmp": null, - "name": "allow-outbound-ez-vpc-allow-all", - "source": "0.0.0.0/0", - "tcp": null, - "udp": null - }, - { - "action": "allow", - "destination": "0.0.0.0/0", - "direction": "inbound", - "icmp": null, - "name": "allow-inbound-ez-vpc-subnet-zone-1", - "source": "10.10.10.0/24", - "tcp": null, - "udp": null - }, - { - "action": "allow", - "destination": "10.10.10.0/24", - "direction": "outbound", - "icmp": null, - "name": "allow-outbound-ez-vpc-subnet-zone-1", - "source": "0.0.0.0/0", - "tcp": null, - "udp": null - }, - { - "action": "allow", - "destination": "0.0.0.0/0", - "direction": "inbound", - "icmp": null, - "name": "allow-inbound-ez-vpc-subnet-zone-2", - "source": "10.20.10.0/24", - "tcp": null, - "udp": null - }, - { - "action": "allow", - "destination": "10.20.10.0/24", - "direction": "outbound", - "icmp": null, - "name": "allow-outbound-ez-vpc-subnet-zone-2", - "source": "0.0.0.0/0", - "tcp": null, - "udp": null - }, - { - "action": "allow", - "destination": "0.0.0.0/0", - "direction": "inbound", - "icmp": null, - "name": "allow-inbound-ez-vpc-subnet-zone-3", - "source": "10.30.10.0/24", - "tcp": null, - "udp": null - }, - { - "action": "allow", - "destination": "10.30.10.0/24", - "direction": "outbound", - "icmp": null, - "name": "allow-outbound-ez-vpc-subnet-zone-3", - "source": "0.0.0.0/0", - "tcp": null, - "udp": null - }, - { - "action": "allow", - "destination": "0.0.0.0/0", - "direction": "outbound", - "name": "allow-all-outbound", - "source": "0.0.0.0/0" - } - ] + "rules": [] } ], "routes": [], @@ -150,5 +60,5 @@ "vpc_name": "vpc", "vpn_gateways": [] }, - "prefix": "ez-vpc" + "prefix": "easy-vpc" } \ No newline at end of file diff --git a/variables.tf b/variables.tf index bce14e1..97a1022 100644 --- a/variables.tf +++ b/variables.tf @@ -2,11 +2,12 @@ # Template Variables ############################################################################## -variable "ibmcloud_api_key" { - description = "The IBM Cloud platform API key needed to deploy IAM enabled resources." - type = string - sensitive = true -} +# Uncomment for local runs +# variable "ibmcloud_api_key" { +# description = "The IBM Cloud platform API key needed to deploy IAM enabled resources." +# type = string +# sensitive = true +# } variable "TF_VERSION" { default = "1.0"