chore: Add new full end to end example (#883)

Author: mukulpalit-ibm

README.md

@@ -34,6 +34,7 @@ By default, the module automatically downloads the required dependencies if they
     * <div style="display: inline-block;"><a href="./examples/add_rules_to_sg">Cluster security group rules example</a></div> <div style="display: inline-block; vertical-align: middle;"><a href="https://cloud.ibm.com/schematics/workspaces/create?workspace_name=bov-add_rules_to_sg-example&repository=https://github.com/terraform-ibm-modules/terraform-ibm-base-ocp-vpc/tree/main/examples/add_rules_to_sg" target="_blank"><img src="https://cloud.ibm.com/media/docs/images/icons/Deploy_to_cloud.svg" alt="Deploy to IBM Cloud button"></a></div>
     * <div style="display: inline-block;"><a href="./examples/advanced">Advanced example (mzr, auto-scale, kms, taints)</a></div> <div style="display: inline-block; vertical-align: middle;"><a href="https://cloud.ibm.com/schematics/workspaces/create?workspace_name=bov-advanced-example&repository=https://github.com/terraform-ibm-modules/terraform-ibm-base-ocp-vpc/tree/main/examples/advanced" target="_blank"><img src="https://cloud.ibm.com/media/docs/images/icons/Deploy_to_cloud.svg" alt="Deploy to IBM Cloud button"></a></div>
     * <div style="display: inline-block;"><a href="./examples/basic">Basic single zone cluster with allowed outbound traffic</a></div> <div style="display: inline-block; vertical-align: middle;"><a href="https://cloud.ibm.com/schematics/workspaces/create?workspace_name=bov-basic-example&repository=https://github.com/terraform-ibm-modules/terraform-ibm-base-ocp-vpc/tree/main/examples/basic" target="_blank"><img src="https://cloud.ibm.com/media/docs/images/icons/Deploy_to_cloud.svg" alt="Deploy to IBM Cloud button"></a></div>
+    * <div style="display: inline-block;"><a href="./examples/containerized_app_landing_zone">Landing zone for containerized applications with OpenShift example</a></div> <div style="display: inline-block; vertical-align: middle;"><a href="https://cloud.ibm.com/schematics/workspaces/create?workspace_name=bov-containerized_app_landing_zone-example&repository=https://github.com/terraform-ibm-modules/terraform-ibm-base-ocp-vpc/tree/main/examples/containerized_app_landing_zone" target="_blank"><img src="https://cloud.ibm.com/media/docs/images/icons/Deploy_to_cloud.svg" alt="Deploy to IBM Cloud button"></a></div>
     * <div style="display: inline-block;"><a href="./examples/cross_kms_support">Cross account KMS encryption example</a></div> <div style="display: inline-block; vertical-align: middle;"><a href="https://cloud.ibm.com/schematics/workspaces/create?workspace_name=bov-cross_kms_support-example&repository=https://github.com/terraform-ibm-modules/terraform-ibm-base-ocp-vpc/tree/main/examples/cross_kms_support" target="_blank"><img src="https://cloud.ibm.com/media/docs/images/icons/Deploy_to_cloud.svg" alt="Deploy to IBM Cloud button"></a></div>
     * <div style="display: inline-block;"><a href="./examples/custom_sg">Attaching custom security groups</a></div> <div style="display: inline-block; vertical-align: middle;"><a href="https://cloud.ibm.com/schematics/workspaces/create?workspace_name=bov-custom_sg-example&repository=https://github.com/terraform-ibm-modules/terraform-ibm-base-ocp-vpc/tree/main/examples/custom_sg" target="_blank"><img src="https://cloud.ibm.com/media/docs/images/icons/Deploy_to_cloud.svg" alt="Deploy to IBM Cloud button"></a></div>
     * <div style="display: inline-block;"><a href="./examples/fscloud">Financial Services compliant example</a></div> <div style="display: inline-block; vertical-align: middle;"><a href="https://cloud.ibm.com/schematics/workspaces/create?workspace_name=bov-fscloud-example&repository=https://github.com/terraform-ibm-modules/terraform-ibm-base-ocp-vpc/tree/main/examples/fscloud" target="_blank"><img src="https://cloud.ibm.com/media/docs/images/icons/Deploy_to_cloud.svg" alt="Deploy to IBM Cloud button"></a></div>

examples/containerized_app_landing_zone/README.md

@@ -0,0 +1,6 @@
+# Ignore everything
+*
+
+# But not these files...
+!.gitignore
+!README.md

examples/containerized_app_landing_zone/kubeconfig/.gitignore

@@ -0,0 +1,2 @@
+This directory must exist in source control so the `ibm_container_cluster_config` data lookup can use it to place the
+config.yml used to connect to a kubernetes cluster.

examples/containerized_app_landing_zone/kubeconfig/README.md

@@ -0,0 +1,294 @@
+##############################################################################
+# Cluster Outputs
+##############################################################################
+
+output "cluster_name" {
+  value       = module.ocp_base.cluster_name
+  description = "The name of the provisioned OpenShift cluster."
+}
+
+output "cluster_id" {
+  value       = module.ocp_base.cluster_id
+  description = "The unique identifier assigned to the provisioned OpenShift cluster."
+}
+
+output "cluster_crn" {
+  description = "The Cloud Resource Name (CRN) of the provisioned OpenShift cluster."
+  value       = module.ocp_base.cluster_crn
+}
+
+output "workerpools" {
+  description = "A list of worker pools associated with the provisioned cluster"
+  value       = module.ocp_base.workerpools
+}
+
+output "ocp_version" {
+  description = "The version of OpenShift running on the provisioned cluster."
+  value       = module.ocp_base.ocp_version
+}
+
+
+##############################################################################
+# VPC
+##############################################################################
+
+output "vpc_name" {
+  description = "Name of the VPC created."
+  value       = module.vpc.vpc_name
+}
+
+output "vpc_id" {
+  description = "ID of the VPC created."
+  value       = module.vpc.vpc_id
+}
+
+output "vpc_crn" {
+  description = "CRN of the VPC created."
+  value       = module.vpc.vpc_crn
+}
+
+##############################################################################
+# Public Gateways
+##############################################################################
+
+output "public_gateways" {
+  description = "Map of the public gateways by zone."
+  value       = module.vpc.public_gateways
+}
+
+##############################################################################
+# VPC flow logs
+##############################################################################
+
+output "vpc_flow_logs" {
+  description = "Details of the VPC flow logs collector."
+  value       = module.vpc.vpc_flow_logs
+}
+
+##############################################################################
+# Network ACLs
+##############################################################################
+
+output "network_acls" {
+  description = "List of shortnames and IDs of network ACLs."
+  value       = module.vpc.network_acls
+}
+
+##############################################################################
+# Subnet Outputs
+##############################################################################
+
+output "subnet_ids" {
+  description = "The IDs of the subnets."
+  value       = module.vpc.subnet_ids
+}
+
+output "private_path_subnet_id" {
+  description = "The IDs of the subnets."
+  value       = length(module.vpc.subnet_ids) > 0 ? module.vpc.subnet_ids[0] : null
+}
+
+output "subnet_detail_list" {
+  description = "A list of subnets containing names, CIDR blocks, and zones."
+  value       = module.vpc.subnet_detail_list
+}
+
+output "subnet_zone_list" {
+  description = "A list of subnet IDs and subnet zones."
+  value       = module.vpc.subnet_zone_list
+}
+
+output "subnet_detail_map" {
+  description = "A map of subnets containing IDs, CIDR blocks, and zones."
+  value       = module.vpc.subnet_detail_map
+}
+
+##############################################################################
+# VPN Gateways Outputs
+##############################################################################
+
+output "vpn_gateways_name" {
+  description = "List of names of VPN gateways."
+  value       = module.vpc.vpn_gateways_name
+}
+
+output "vpn_gateways_data" {
+  description = "Details of VPN gateways data."
+  value       = module.vpc.vpn_gateways_data
+}
+
+##############################################################################
+# VPE Outputs
+##############################################################################
+
+output "vpe_ips" {
+  description = "The reserved IPs for endpoint gateways."
+  value       = module.vpe_gateway.vpe_ips
+}
+
+output "vpe_crn" {
+  description = "The CRN of the endpoint gateway."
+  value       = module.vpe_gateway.crn
+}
+
+##############################################################################
+# KMS Outputs
+##############################################################################
+
+output "kms_guid" {
+  description = "KMS instance GUID"
+  value       = module.kms.kms_guid
+}
+
+output "kms_account_id" {
+  description = "The account ID of the KMS instance."
+  value       = module.kms.kms_account_id
+}
+
+output "kms_instance_crn" {
+  value       = module.kms.key_protect_crn
+  description = "The CRN of the KMS instance"
+}
+
+##############################################################################
+# Events Notification Outputs
+##############################################################################
+
+output "events_notification_crn" {
+  description = "Event Notification crn"
+  value       = module.event_notifications.crn
+}
+
+output "events_notification_guid" {
+  description = "Event Notification guid"
+  value       = module.event_notifications.guid
+}
+
+##############################################################################
+# Secrets Manager Outputs
+##############################################################################
+
+output "secrets_manager_guid" {
+  description = "GUID of Secrets Manager instance"
+  value       = module.secrets_manager.secrets_manager_guid
+}
+
+output "secrets_manager_crn" {
+  value       = module.secrets_manager.secrets_manager_crn
+  description = "CRN of the Secrets Manager instance"
+}
+
+output "secrets_manager_region" {
+  value       = module.secrets_manager.secrets_manager_region
+  description = "Region of the Secrets Manager instance"
+}
+
+##############################################################################
+# COS Outputs
+##############################################################################
+
+output "cos_instance_crn" {
+  description = "COS instance crn"
+  value       = module.cos.cos_instance_crn
+}
+
+output "cos_instance_guid" {
+  description = "COS instance guid"
+  value       = module.cos.cos_instance_guid
+}
+
+##############################################################################
+# Cloud Monitoring Outputs
+##############################################################################
+
+output "cloud_monitoring_crn" {
+  value       = module.cloud_monitoring.crn
+  description = "The id of the provisioned IBM Cloud Monitoring instance."
+}
+output "cloud_monitoring_name" {
+  value       = module.cloud_monitoring.name
+  description = "The name of the provisioned IBM Cloud Monitoring instance."
+}
+
+output "cloud_monitoring_guid" {
+  value       = module.cloud_monitoring.guid
+  description = "The guid of the provisioned IBM Cloud Monitoring instance."
+}
+
+output "cloud_monitoring_access_key_name" {
+  value       = module.cloud_monitoring.access_key_name
+  description = "The name of the IBM Cloud Monitoring access key for agents to use"
+}
+
+output "cloud_monitoring_access_key" {
+  value       = module.cloud_monitoring.access_key
+  description = "The IBM Cloud Monitoring access key for agents to use"
+  sensitive   = true
+}
+
+##############################################################################
+# Cloud Logs Outputs
+##############################################################################
+
+output "cloud_logs_crn" {
+  value       = module.cloud_logs.crn
+  description = "The id of the provisioned IBM Cloud Logs instance."
+}
+
+output "cloud_logs_guid" {
+  value       = module.cloud_logs.guid
+  description = "The guid of the provisioned IBM Cloud Logs instance."
+}
+
+output "cloud_logs_name" {
+  value       = module.cloud_logs.name
+  description = "The name of the provisioned IBM Cloud Logs instance."
+}
+
+output "logs_bucket_crn" {
+  description = "Logs Cloud Object Storage bucket CRN"
+  value       = module.cloud_logs_buckets.buckets[local.data_bucket_name].bucket_crn
+}
+
+output "metrics_bucket_crn" {
+  description = "Metrics Cloud Object Storage bucket CRN"
+  value       = module.cloud_logs_buckets.buckets[local.metrics_bucket_name].bucket_crn
+}
+
+##############################################################################
+# Activity Tracker Event Routing Outputs
+##############################################################################
+
+output "activity_tracker_cos_target_bucket_name" {
+  value       = module.at_cos_bucket.buckets[local.activity_tracker_cos_target_bucket_name].bucket_name
+  description = "he name of the object storage bucket which is set as activity tracker event routing target to collect audit events."
+}
+
+output "activity_tracker_targets" {
+  value       = module.activity_tracker.activity_tracker_targets
+  description = "The map of created Activity Tracker Event Routing targets"
+}
+
+output "activity_tracker_routes" {
+  value       = module.activity_tracker.activity_tracker_routes
+  description = "The map of created Activity Tracker Event Routing routes"
+}
+
+##############################################################################
+# SCC-WP Outputs
+##############################################################################
+
+output "scc_workload_protection_id" {
+  description = "SCC Workload Protection instance ID"
+  value       = module.scc_wp.id
+}
+
+output "scc_workload_protection_crn" {
+  description = "SCC Workload Protection instance CRN"
+  value       = module.scc_wp.crn
+}
+
+output "scc_workload_protection_name" {
+  description = "SCC Workload Protection instance name"
+  value       = module.scc_wp.name
+}

examples/containerized_app_landing_zone/main.tf

@@ -0,0 +1,28 @@
+provider "ibm" {
+  ibmcloud_api_key = var.ibmcloud_api_key
+  region           = var.region
+}
+
+data "ibm_iam_auth_token" "auth_token" {}
+
+provider "restapi" {
+  uri = "https://resource-controller.cloud.ibm.com"
+  headers = {
+    Authorization = data.ibm_iam_auth_token.auth_token.iam_access_token
+  }
+  write_returns_object = true
+}
+
+provider "helm" {
+  kubernetes = {
+    host                   = data.ibm_container_cluster_config.cluster_config.host
+    token                  = data.ibm_container_cluster_config.cluster_config.token
+    cluster_ca_certificate = data.ibm_container_cluster_config.cluster_config.ca_certificate
+  }
+}
+
+provider "kubernetes" {
+  host                   = data.ibm_container_cluster_config.cluster_config.host
+  token                  = data.ibm_container_cluster_config.cluster_config.token
+  cluster_ca_certificate = data.ibm_container_cluster_config.cluster_config.ca_certificate
+}

examples/containerized_app_landing_zone/outputs.tf

@@ -0,0 +1,47 @@
+########################################################################################################################
+# Input variables
+########################################################################################################################
+
+variable "ibmcloud_api_key" {
+  type        = string
+  description = "The IBM Cloud api token"
+  sensitive   = true
+}
+
+variable "prefix" {
+  type        = string
+  description = "Prefix for name of all resource created by this example"
+  default     = "ocp-lz"
+  validation {
+    error_message = "Prefix must begin and end with a letter and contain only letters, numbers, and - characters."
+    condition     = can(regex("^([A-z]|[a-z][-a-z0-9]*[a-z0-9])$", var.prefix))
+  }
+}
+
+variable "region" {
+  type        = string
+  description = "Region where resources are created"
+  default     = "us-south"
+}
+
+variable "provider_visibility" {
+  description = "Set the visibility value for the IBM terraform provider. Supported values are `public`, `private`, `public-and-private`."
+  type        = string
+  default     = "private"
+  validation {
+    condition     = contains(["public", "private", "public-and-private"], var.provider_visibility)
+    error_message = "Invalid visibility option. Allowed values are `public`, `private`, or `public-and-private`."
+  }
+}
+
+variable "existing_resource_group_name" {
+  type        = string
+  description = "The name of an existing resource group to provision the resources."
+  default     = "Default"
+}
+
+variable "event_notifications_email_list" {
+  type        = list(string)
+  description = "The list of email address to target out when an event is triggered"
+  default     = []
+}