terraform-ibm-modules · Ak-sky · Jan 23, 2024 · Jan 24, 2024 · Jan 29, 2024 · Jan 29, 2024
@@ -18,6 +18,7 @@ Each of these patterns (except VSI QuickStart) creates the following infrastruct
 - All necessary networking rules to allow communication
 - Virtual Private Endpoint (VPE) for Cloud Object Storage in each VPC
 - A VPN gateway in the management VPC
+- Creates pre-wired CBR rules.
 
 Each pattern creates the following infrastructure on the VPC:
 
@@ -849,6 +850,7 @@ module "cluster_pattern" {
 | Name | Source | Version |
 |------|--------|---------|
 | <a name="module_bastion_host"></a> [bastion\_host](#module\_bastion\_host) | terraform-ibm-modules/landing-zone-vsi/ibm | 3.2.1 |
+| <a name="module_cbr_prewired_rules"></a> [cbr\_prewired\_rules](#module\_cbr\_prewired\_rules) | terraform-ibm-modules/cbr/ibm//modules/fscloud | 1.18.0 |
 | <a name="module_dynamic_values"></a> [dynamic\_values](#module\_dynamic\_values) | ./dynamic_values | n/a |
 | <a name="module_f5_vsi"></a> [f5\_vsi](#module\_f5\_vsi) | terraform-ibm-modules/landing-zone-vsi/ibm | 3.2.1 |
 | <a name="module_key_management"></a> [key\_management](#module\_key\_management) | ./kms | n/a |
@@ -904,6 +906,7 @@ module "cluster_pattern" {
 | <a name="input_atracker"></a> [atracker](#input\_atracker) | atracker variables | <pre>object({<br>    resource_group        = string<br>    receive_global_events = bool<br>    collector_bucket_name = string<br>    add_route             = bool<br>  })</pre> | n/a | yes |
 | <a name="input_clusters"></a> [clusters](#input\_clusters) | A list describing clusters workloads to create | <pre>list(<br>    object({<br>      name                 = string           # Name of Cluster<br>      vpc_name             = string           # Name of VPC<br>      subnet_names         = list(string)     # List of vpc subnets for cluster<br>      workers_per_subnet   = number           # Worker nodes per subnet.<br>      machine_type         = string           # Worker node flavor<br>      kube_type            = string           # iks or openshift<br>      kube_version         = optional(string) # Can be a version from `ibmcloud ks versions`, `latest` or `default`<br>      entitlement          = optional(string) # entitlement option for openshift<br>      pod_subnet           = optional(string) # Portable subnet for pods<br>      service_subnet       = optional(string) # Portable subnet for services<br>      resource_group       = string           # Resource Group used for cluster<br>      cos_name             = optional(string) # Name of COS instance Required only for OpenShift clusters<br>      update_all_workers   = optional(bool)   # If true force workers to update<br>      access_tags          = optional(list(string), [])<br>      boot_volume_crk_name = optional(string) # Boot volume encryption key name<br>      kms_config = optional(<br>        object({<br>          crk_name         = string         # Name of key<br>          private_endpoint = optional(bool) # Private endpoint<br>        })<br>      )<br>      worker_pools = optional(<br>        list(<br>          object({<br>            name                 = string           # Worker pool name<br>            vpc_name             = string           # VPC name<br>            workers_per_subnet   = number           # Worker nodes per subnet<br>            flavor               = string           # Worker node flavor<br>            subnet_names         = list(string)     # List of vpc subnets for worker pool<br>            entitlement          = optional(string) # entitlement option for openshift<br>            boot_volume_crk_name = optional(string) # Boot volume encryption key name<br>          })<br>        )<br>      )<br>    })<br>  )</pre> | n/a | yes |
 | <a name="input_cos"></a> [cos](#input\_cos) | Object describing the cloud object storage instance, buckets, and keys. Set `use_data` to false to create instance | <pre>list(<br>    object({<br>      name           = string<br>      use_data       = optional(bool)<br>      resource_group = string<br>      plan           = optional(string)<br>      random_suffix  = optional(bool) # Use a random suffix for COS instance<br>      access_tags    = optional(list(string), [])<br>      buckets = list(object({<br>        name                  = string<br>        storage_class         = string<br>        endpoint_type         = string<br>        force_delete          = bool<br>        single_site_location  = optional(string)<br>        region_location       = optional(string)<br>        cross_region_location = optional(string)<br>        kms_key               = optional(string)<br>        access_tags           = optional(list(string), [])<br>        allowed_ip            = optional(list(string))<br>        hard_quota            = optional(number)<br>        archive_rule = optional(object({<br>          days    = number<br>          enable  = bool<br>          rule_id = optional(string)<br>          type    = string<br>        }))<br>        activity_tracking = optional(object({<br>          activity_tracker_crn = string<br>          read_data_events     = bool<br>          write_data_events    = bool<br>        }))<br>        metrics_monitoring = optional(object({<br>          metrics_monitoring_crn  = string<br>          request_metrics_enabled = optional(bool)<br>          usage_metrics_enabled   = optional(bool)<br>        }))<br>      }))<br>      keys = optional(<br>        list(object({<br>          name        = string<br>          role        = string<br>          enable_HMAC = bool<br>        }))<br>      )<br><br>    })<br>  )</pre> | n/a | yes |
+| <a name="input_create_prewired_cbr"></a> [create\_prewired\_cbr](#input\_create\_prewired\_cbr) | Set this to true to create prewired CBR rules. If set to false, CBR rules will not be created. | `bool` | `true` | no |
 | <a name="input_enable_transit_gateway"></a> [enable\_transit\_gateway](#input\_enable\_transit\_gateway) | Create transit gateway | `bool` | `true` | no |
 | <a name="input_f5_template_data"></a> [f5\_template\_data](#input\_f5\_template\_data) | Data for all f5 templates | <pre>object({<br>    tmos_admin_password     = optional(string)<br>    license_type            = optional(string)<br>    byol_license_basekey    = optional(string)<br>    license_host            = optional(string)<br>    license_username        = optional(string)<br>    license_password        = optional(string)<br>    license_pool            = optional(string)<br>    license_sku_keyword_1   = optional(string)<br>    license_sku_keyword_2   = optional(string)<br>    license_unit_of_measure = optional(string)<br>    do_declaration_url      = optional(string)<br>    as3_declaration_url     = optional(string)<br>    ts_declaration_url      = optional(string)<br>    phone_home_url          = optional(string)<br>    template_source         = optional(string)<br>    template_version        = optional(string)<br>    app_id                  = optional(string)<br>    tgactive_url            = optional(string)<br>    tgstandby_url           = optional(string)<br>    tgrefresh_url           = optional(string)<br>  })</pre> | <pre>{<br>  "license_type": "none"<br>}</pre> | no |
 | <a name="input_f5_vsi"></a> [f5\_vsi](#input\_f5\_vsi) | A list describing F5 VSI workloads to create | <pre>list(<br>    object({<br>      name                   = string<br>      vpc_name               = string<br>      primary_subnet_name    = string<br>      secondary_subnet_names = list(string)<br>      secondary_subnet_security_group_names = list(<br>        object({<br>          group_name     = string<br>          interface_name = string<br>        })<br>      )<br>      ssh_keys                        = list(string)<br>      f5_image_name                   = string<br>      machine_type                    = string<br>      resource_group                  = optional(string)<br>      enable_management_floating_ip   = optional(bool)<br>      enable_external_floating_ip     = optional(bool)<br>      security_groups                 = optional(list(string))<br>      boot_volume_encryption_key_name = optional(string)<br>      hostname                        = string<br>      domain                          = string<br>      access_tags                     = optional(list(string), [])<br>      security_group = optional(<br>        object({<br>          name = string<br>          rules = list(<br>            object({<br>              name      = string<br>              direction = string<br>              source    = string<br>              tcp = optional(<br>                object({<br>                  port_max = number<br>                  port_min = number<br>                })<br>              )<br>              udp = optional(<br>                object({<br>                  port_max = number<br>                  port_min = number<br>                })<br>              )<br>              icmp = optional(<br>                object({<br>                  type = number<br>                  code = number<br>                })<br>              )<br>            })<br>          )<br>        })<br>      )<br>      block_storage_volumes = optional(list(<br>        object({<br>          name           = string<br>          profile        = string<br>          capacity       = optional(number)<br>          iops           = optional(number)<br>          encryption_key = optional(string)<br>        })<br>      ))<br>      load_balancers = optional(list(<br>        object({<br>          name                    = string<br>          type                    = string<br>          listener_port           = number<br>          listener_protocol       = string<br>          connection_limit        = number<br>          algorithm               = string<br>          protocol                = string<br>          health_delay            = number<br>          health_retries          = number<br>          health_timeout          = number<br>          health_type             = string<br>          pool_member_port        = string<br>          idle_connection_timeout = optional(number)<br>          security_group = optional(<br>            object({<br>              name = string<br>              rules = list(<br>                object({<br>                  name      = string<br>                  direction = string<br>                  source    = string<br>                  tcp = optional(<br>                    object({<br>                      port_max = number<br>                      port_min = number<br>                    })<br>                  )<br>                  udp = optional(<br>                    object({<br>                      port_max = number<br>                      port_min = number<br>                    })<br>                  )<br>                  icmp = optional(<br>                    object({<br>                      type = number<br>                      code = number<br>                    })<br>                  )<br>                })<br>              )<br>            })<br>          )<br>        })<br>      ))<br>    })<br>  )</pre> | `[]` | no |
@@ -934,6 +937,7 @@ module "cluster_pattern" {
 
 | Name | Description |
 |------|-------------|
+| <a name="output_account_id"></a> [account\_id](#output\_account\_id) | Account ID |
 | <a name="output_appid_key_names"></a> [appid\_key\_names](#output\_appid\_key\_names) | List of appid key names created |
 | <a name="output_appid_name"></a> [appid\_name](#output\_appid\_name) | Name of the appid instance used. |
 | <a name="output_appid_redirect_urls"></a> [appid\_redirect\_urls](#output\_appid\_redirect\_urls) | List of appid redirect urls |
@@ -954,6 +958,9 @@ module "cluster_pattern" {
 | <a name="output_key_management_name"></a> [key\_management\_name](#output\_key\_management\_name) | Name of key management service |
 | <a name="output_key_map"></a> [key\_map](#output\_key\_map) | Map of ids and keys for keys created |
 | <a name="output_key_rings"></a> [key\_rings](#output\_key\_rings) | Key rings created by module |
+| <a name="output_map_service_ref_name_zoneid"></a> [map\_service\_ref\_name\_zoneid](#output\_map\_service\_ref\_name\_zoneid) | Map of service reference and zone ids |
+| <a name="output_map_target_service_rule_ids"></a> [map\_target\_service\_rule\_ids](#output\_map\_target\_service\_rule\_ids) | Map of target service and rule ids |
+| <a name="output_map_vpc_zoneid"></a> [map\_vpc\_zoneid](#output\_map\_vpc\_zoneid) | Map of VPC and zone ids |
 | <a name="output_placement_groups"></a> [placement\_groups](#output\_placement\_groups) | List of placement groups. |
 | <a name="output_resource_group_data"></a> [resource\_group\_data](#output\_resource\_group\_data) | List of resource groups data used within landing zone. |
 | <a name="output_resource_group_names"></a> [resource\_group\_names](#output\_resource\_group\_names) | List of resource groups names used within landing zone. |

@@ -43,3 +43,19 @@ module "vpc" {
 
 
 ##############################################################################
+
+
+##############################################################################
+# Create CBR prewired rules
+##############################################################################
+
+
+module "cbr_prewired_rules" {
+  count             = var.create_prewired_cbr ? 1 : 0
+  source            = "terraform-ibm-modules/cbr/ibm//modules/fscloud"
+  version           = "1.18.0"
+  prefix            = var.prefix
+  zone_vpc_crn_list = [for network in module.vpc : network.vpc_crn]
+}
+
+##############################################################################
@@ -455,3 +455,29 @@ output "key_map" {
 }
 
 ##############################################################################
+
+##############################################################################
+# CBR data
+##############################################################################
+
+output "account_id" {
+  value       = data.ibm_iam_account_settings.iam_account_settings.account_id
+  description = "Account ID"
+}
+
+output "map_service_ref_name_zoneid" {
+  value       = module.cbr_prewired_rules[0].map_service_ref_name_zoneid
+  description = "Map of service reference and zone ids"
+}
+
+output "map_vpc_zoneid" {
+  value       = module.cbr_prewired_rules[0].map_vpc_zoneid
+  description = "Map of VPC and zone ids"
+}
+
+output "map_target_service_rule_ids" {
+  value       = module.cbr_prewired_rules[0].map_target_service_rule_ids
+  description = "Map of target service and rule ids"
+}
+
+##############################################################################
@@ -129,3 +129,29 @@ output "schematics_workspace_id" {
   value       = var.IC_SCHEMATICS_WORKSPACE_ID
 }
 ##############################################################################
+
+##############################################################################
+# CBR data
+##############################################################################
+
+output "account_id" {
+  value       = module.landing_zone.account_id
+  description = "Account ID"
+}
+
+output "map_service_ref_name_zoneid" {
+  value       = module.landing_zone.map_service_ref_name_zoneid
+  description = "Map of service reference and zone ids"
+}
+
+output "map_vpc_zoneid" {
+  value       = module.landing_zone.map_vpc_zoneid
+  description = "Map of VPC and zone ids"
+}
+
+output "map_target_service_rule_ids" {
+  value       = module.landing_zone.map_target_service_rule_ids
+  description = "Map of target service and rule ids"
+}
+
+##############################################################################
@@ -129,3 +129,31 @@ output "schematics_workspace_id" {
   value       = var.IC_SCHEMATICS_WORKSPACE_ID
 }
 ##############################################################################
+
+
+##############################################################################
+# CBR data
+##############################################################################
+
+output "account_id" {
+  value       = module.roks_landing_zone.account_id
+  description = "Account ID"
+}
+
+output "map_service_ref_name_zoneid" {
+  # value       = module.cbr_prewired_rules[0].map_service_ref_name_zoneid
+  value       = module.roks_landing_zone.map_service_ref_name_zoneid
+  description = "Map of service reference and zone ids"
+}
+
+output "map_vpc_zoneid" {
+  value       = module.roks_landing_zone.map_vpc_zoneid
+  description = "Map of VPC and zone ids"
+}
+
+output "map_target_service_rule_ids" {
+  value       = module.roks_landing_zone.map_target_service_rule_ids
+  description = "Map of target service and rule ids"
+}
+
+##############################################################################
@@ -116,3 +116,29 @@ output "schematics_workspace_id" {
 }
 
 ##############################################################################
+
+##############################################################################
+# CBR data
+##############################################################################
+
+output "account_id" {
+  value       = module.landing_zone.account_id
+  description = "Account ID"
+}
+
+output "map_service_ref_name_zoneid" {
+  value       = module.landing_zone.map_service_ref_name_zoneid
+  description = "Map of service reference and zone ids"
+}
+
+output "map_vpc_zoneid" {
+  value       = module.landing_zone.map_vpc_zoneid
+  description = "Map of VPC and zone ids"
+}
+
+output "map_target_service_rule_ids" {
+  value       = module.landing_zone.map_target_service_rule_ids
+  description = "Map of target service and rule ids"
+}
+
+##############################################################################
@@ -116,3 +116,30 @@ output "schematics_workspace_id" {
 }
 
 ##############################################################################
+
+##############################################################################
+# CBR data
+##############################################################################
+
+output "account_id" {
+  value       = module.vpc_landing_zone.account_id
+  description = "Account ID"
+}
+
+output "map_service_ref_name_zoneid" {
+  # value       = module.cbr_prewired_rules[0].map_service_ref_name_zoneid
+  value       = module.vpc_landing_zone.map_service_ref_name_zoneid
+  description = "Map of service reference and zone ids"
+}
+
+output "map_vpc_zoneid" {
+  value       = module.vpc_landing_zone.map_vpc_zoneid
+  description = "Map of VPC and zone ids"
+}
+
+output "map_target_service_rule_ids" {
+  value       = module.vpc_landing_zone.map_target_service_rule_ids
+  description = "Map of target service and rule ids"
+}
+
+##############################################################################
@@ -135,3 +135,29 @@ output "config" {
 }
 
 ##############################################################################
+
+##############################################################################
+# CBR data
+##############################################################################
+
+output "account_id" {
+  value       = module.landing_zone.account_id
+  description = "Account ID"
+}
+
+output "map_service_ref_name_zoneid" {
+  value       = module.landing_zone.map_service_ref_name_zoneid
+  description = "Map of service reference and zone ids"
+}
+
+output "map_vpc_zoneid" {
+  value       = module.landing_zone.map_vpc_zoneid
+  description = "Map of VPC and zone ids"
+}
+
+output "map_target_service_rule_ids" {
+  value       = module.landing_zone.map_target_service_rule_ids
+  description = "Map of target service and rule ids"
+}
+
+##############################################################################