2.1.0.3 and set hostname

README.md

@@ -2,7 +2,7 @@
 
 This Terraform configurations uses the [AWS provider](https://www.terraform.io/docs/providers/aws/index.html) to provision virtual machines on AWS to prepare VMs and deploy [IBM Cloud Private](https://www.ibm.com/cloud-computing/products/ibm-cloud-private/) on them.  This Terraform template automates best practices learned from installing ICP on AWS at numerous client sites in production.
 
-This template provisions an HA cluster with ICP 2.1.0.2 enterprise edition.
+This template provisions an HA cluster with ICP 2.1.0.2 enterprise edition.  We have also verified with ICP 2.1.0.3 enterprise edition with fixpack 1 applied.
 
 * [Infrastructure Architecture](#infrastructure-architecture)
 * [Terraform Automation](#terraform-automation)

efs.tf

@@ -1,3 +1,4 @@
+/*
 resource "aws_efs_file_system" "icp-registry" {
   count = "${var.master["nodes"] > 1 ? 1 : 0 }"
   creation_token = "icp-${random_id.clusterid.hex}-registry"
@@ -29,3 +30,4 @@ resource "aws_efs_mount_target" "icp-audit" {
   subnet_id     = "${element(aws_subnet.icp_private_subnet.*.id, count.index)}"
   security_groups = [ "${aws_security_group.icp-audit-mount.id}"]
 }
+*/

elb.tf

@@ -34,6 +34,14 @@ resource "aws_lb_target_group" "icp-registry-8500" {
   vpc_id = "${aws_vpc.icp_vpc.id}"
 }
 
+resource "aws_lb_target_group" "icp-registry-8600" {
+  name = "icp-${random_id.clusterid.hex}-master-8600-tg"
+  port = 8600
+  protocol = "TCP"
+  tags = "${var.default_tags}"
+  vpc_id = "${aws_vpc.icp_vpc.id}"
+}
+
 resource "aws_lb_listener" "icp-console-8443" {
   load_balancer_arn = "${aws_lb.icp-console.arn}"
   port = "8443"
@@ -67,6 +75,16 @@ resource "aws_lb_listener" "icp-registry-8500" {
   }
 }
 
+resource "aws_lb_listener" "icp-registry-8600" {
+  load_balancer_arn = "${aws_lb.icp-console.arn}"
+  port = "8600"
+  protocol = "TCP"
+  default_action {
+    target_group_arn = "${aws_lb_target_group.icp-registry-8600.arn}"
+    type = "forward"
+  }
+}
+
 resource "aws_lb_listener" "icp-kubernetes-api-8001" {
   load_balancer_arn = "${aws_lb.icp-console.arn}"
   port = "8001"
@@ -105,7 +123,13 @@ resource "aws_lb_target_group_attachment" "master-8500" {
   target_group_arn = "${aws_lb_target_group.icp-registry-8500.arn}"
   target_id = "${element(aws_instance.icpmaster.*.id, count.index)}"
   port = 8500
+}
 
+resource "aws_lb_target_group_attachment" "master-8600" {
+  count = "${var.master["nodes"]}"
+  target_group_arn = "${aws_lb_target_group.icp-registry-8600.arn}"
+  target_id = "${element(aws_instance.icpmaster.*.id, count.index)}"
+  port = 8600
 }
 
 resource "aws_lb" "icp-console" {

icp-deploy.tf

@@ -50,7 +50,7 @@ resource "aws_s3_bucket_object" "icp_config_yaml" {
   key    = "icp-terraform-config.yaml"
   content = <<EOF
 kubelet_nodename: fqdn
-cloud_provider: aws
+${var.use_aws_cloudprovider ? "cloud_provider: aws" : "" }
 calico_tunnel_mtu: 8981
 ansible_user: icpdeploy
 ansible_become: true
@@ -60,7 +60,8 @@ default_admin_password: ${var.icppassword}
 proxy_lb_address: ${aws_lb.icp-proxy.dns_name}
 cluster_lb_address: ${aws_lb.icp-console.dns_name}
 cluster_CA_domain: ${var.user_provided_cert_dns != "" ? var.user_provided_cert_dns : aws_lb.icp-console.dns_name}
-disabled_management_services: [ "${var.va["nodes"] == 0 ? "va" : "" }" ]
+disabled_management_services: [ "istio", "custom-metrics-adapter", "${var.va["nodes"] == 0 ? "va" : "" }", "${var.va["nodes"] == 0 ? "vulnerability-advisor": ""}" ]
+kibana_install: true
 EOF
 #  source = "${path.module}/items-config.yaml"
 }