|
1196 | 1196 | "IaC", |
1197 | 1197 | "infrastructure as code", |
1198 | 1198 | "terraform", |
1199 | | - "solution", |
1200 | | - "Red Hat OpenShift Container Platform", |
1201 | | - "OCP" |
| 1199 | + "ocp", |
| 1200 | + "cluster", |
| 1201 | + "red_hat_openshift", |
| 1202 | + "redhat", |
| 1203 | + "ROKS" |
1202 | 1204 | ], |
1203 | | - "short_description": "Creates Red Hat OpenShift workload clusters on a secure VPC network", |
1204 | | - "long_description": "The Red Hat OpenShift Container Platform on VPC landing zone provides the tools to deploy a Red Hat OpenShift Container Platform cluster in a single Virtual Private Cloud (VPC) network. The VPC is a multi-zoned, multi-subnet implementation that keeps your VPC secure and highly available.\n", |
| 1205 | + "short_description": "Deploys an OpenShift topology on VPC with flexible configurations, QuickStart options for simplified setup, and advanced features for security and compliance", |
| 1206 | + "long_description": "This solution enables the provisioning of Red Hat OpenShift clusters on IBM Cloud VPC using a range of configurations tailored to different needs — from sandbox experimentation to validated financial services deployments. Each variation offers a distinct balance of customization, integration with security and observability features, and readiness for production or evaluation use. Whether you're exploring OpenShift capabilities or deploying in regulated environments, these configurations help accelerate your cloud-native journey.", |
1205 | 1207 | "offering_docs_url": "https://cloud.ibm.com/docs/secure-infrastructure-vpc?topic=secure-infrastructure-vpc-overview#overview-ocp", |
1206 | | - "offering_icon_url": "https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-landing-zone/main/.docs/images/deploy-arch-slz-ocp-lt.svg", |
| 1208 | + "offering_icon_url": "https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-base-ocp-vpc/main/images/ocp_icon.svg", |
1207 | 1209 | "provider_name": "IBM", |
1208 | 1210 | "features": [ |
1209 | 1211 | { |
1210 | | - "description": "Creates and configures one or more clusters to handle workloads. You can specify the version and cluster size.\n", |
1211 | | - "title": "Creates Open Shift Container Platform clusters for workloads" |
| 1212 | + "title": "Configurable OpenShift deployment options", |
| 1213 | + "description": "Provides multiple configuration paths for provisioning [Red Hat OpenShift clusters](https://cloud.ibm.com/docs/openshift) on IBM Cloud VPC. Supports use cases ranging from quick experimentation to production-grade deployments in regulated environments. Capabilities vary by variation, with some offering simplified onboarding and others enabling advanced integrations and compliance alignment." |
| 1214 | + }, |
| 1215 | + { |
| 1216 | + "title": "OpenShift Cluster with Scalable Access and Worker Management", |
| 1217 | + "description": "Deploys a Red Hat OpenShift cluster with Kubernetes-native orchestration and automated lifecycle management. All variations support [public and private access endpoints](https://cloud.ibm.com/docs/openshift?topic=openshift-access_cluster) and [worker pool](https://cloud.ibm.com/docs/openshift?topic=openshift-add-workers-vpc) configurations, enabling secure connectivity and scalable workload deployment." |
| 1218 | + }, |
| 1219 | + { |
| 1220 | + "title": "Infrastructure Setup", |
| 1221 | + "description": "Automatically provisions multi-zone VPCs, [subnets](https://cloud.ibm.com/docs/openshift?topic=openshift-vpc-subnets&interface=ui#vpc_basics_subnets), and networking components. QuickStart variations abstract this setup to minimize required IBM Cloud knowledge, while other configurations expose full control for advanced users." |
| 1222 | + }, |
| 1223 | + { |
| 1224 | + "title": "IBM Cloud Services Integrations", |
| 1225 | + "description": "Depending on the variation, clusters may include integrations with IBM Cloud services such as [Key Protect](https://cloud.ibm.com/docs/openshift?topic=openshift-encryption-setup&interface=ui), [Hyper Protect Crypto Services](https://cloud.ibm.com/catalog/services/hyper-protect-crypto-services), [Secrets Manager](https://cloud.ibm.com/catalog/7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3/architecture/deploy-arch-ibm-secrets-manager-6d6ebc76-7bbd-42f5-8bc7-78f4fabd5944-global), [Object Storage](https://cloud.ibm.com/docs/openshift?topic=openshift-storage-cos-understand), and Observability services." |
1212 | 1226 | }, |
1213 | 1227 | { |
1214 | | - "description": "With worker pools, you can group and manage worker nodes with similar configurations, such as compute resources and availability zones.\n", |
1215 | | - "title": "Creates worker pools" |
| 1228 | + "title": "Security and Compliance Alignment", |
| 1229 | + "description": "Advanced configurations include features such as [audit logging](https://cloud.ibm.com/docs/containers?topic=containers-health-audit#audit-api-server) and encryption key management, and may align with [IBM Cloud Framework for Financial Services](https://cloud.ibm.com/docs/framework-financial-services?topic=framework-financial-services-about) for production use in regulated environments." |
1216 | 1230 | }, |
1217 | 1231 | { |
1218 | | - "description": "Configures the subnets for the cluster, and specifies the subnets to deploy the worker nodes in.\n", |
1219 | | - "title": "Configures subnets for containers" |
| 1232 | + "title": "Sets up logging for the OpenShift cluster", |
| 1233 | + "description": "Optionally, you can deploy [Cloud automation for Cloud Logs](https://cloud.ibm.com/catalog/7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3/architecture/deploy-arch-ibm-cloud-logs-63d8ae58-fbf3-41ce-b844-0fb5b85882ab-global) to route, alert, and visualize platform logs that are generated by your OpenShift cluster." |
1220 | 1234 | }, |
1221 | 1235 | { |
1222 | | - "description": "Configures private and public endpoints for the cluster.\n", |
1223 | | - "title": "Supports private and public endpoints" |
| 1236 | + "title": "Sets up monitoring operational metrics for the OpenShift cluster", |
| 1237 | + "description": "Optionally, you can deploy [Cloud automation for Cloud Monitoring](https://cloud.ibm.com/catalog/7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3/architecture/deploy-arch-ibm-cloud-monitoring-73debdbf-894f-4c14-81c7-5ece3a70b67d-global) to measure how users and applications interact with your OpenShift cluster." |
1224 | 1238 | }, |
1225 | 1239 | { |
1226 | | - "description": "Configures the ingress controller for the cluster, responsible for routing external traffic to the appropriate services within the cluster.\n", |
1227 | | - "title": "Configures ingress" |
| 1240 | + "title": "Sets up activity tracking for the OpenShift cluster", |
| 1241 | + "description": "Optionally, you can deploy [Cloud automation for Activity Tracker Event Routing](https://cloud.ibm.com/catalog/7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3/architecture/deploy-arch-ibm-activity-tracker-918453c3-4f97-4583-8c4a-83ef12fc7916-global) to route and securely store auditing events that are related to your OpenShift cluster." |
1228 | 1242 | } |
1229 | 1243 | ], |
1230 | 1244 | "flavors": [ |
1231 | 1245 | { |
1232 | | - "label": "QuickStart", |
| 1246 | + "label": "QuickStart - Financial Services edition", |
1233 | 1247 | "name": "quickstart", |
| 1248 | + "index": 3, |
1234 | 1249 | "install_type": "fullstack", |
1235 | 1250 | "working_directory": "patterns/roks-quickstart", |
1236 | 1251 | "release_notes_url": "https://cloud.ibm.com/docs/secure-infrastructure-vpc?topic=secure-infrastructure-vpc-secure-infrastructure-vpc-relnotes", |
|
1484 | 1499 | "role_crns": [ |
1485 | 1500 | "crn:v1:bluemix:public:iam::::serviceRole:Manager" |
1486 | 1501 | ], |
1487 | | - "service_name": "cloud-object-storage" |
| 1502 | + "service_name": "cloud-object-storage", |
| 1503 | + "notes": "Required to manage Object Storage for the cluster internal registry." |
1488 | 1504 | }, |
1489 | 1505 | { |
1490 | 1506 | "role_crns": [ |
1491 | 1507 | "crn:v1:bluemix:public:iam::::role:Administrator", |
1492 | 1508 | "crn:v1:bluemix:public:iam-identity::::serviceRole:UserApiKeyCreator" |
1493 | 1509 | ], |
1494 | | - "service_name": "iam-identity" |
| 1510 | + "service_name": "iam-identity", |
| 1511 | + "notes": "Required to create the containers-kubernetes-key for the OpenShift cluster." |
1495 | 1512 | }, |
1496 | 1513 | { |
1497 | 1514 | "role_crns": [ |
1498 | 1515 | "crn:v1:bluemix:public:iam::::serviceRole:Manager" |
1499 | 1516 | ], |
1500 | | - "service_name": "kms" |
| 1517 | + "service_name": "kms", |
| 1518 | + "notes": "[Optional] Required if Key Protect is used for encryption." |
1501 | 1519 | }, |
1502 | 1520 | { |
1503 | 1521 | "role_crns": [ |
1504 | 1522 | "crn:v1:bluemix:public:iam::::role:Administrator" |
1505 | 1523 | ], |
1506 | | - "service_name": "containers-kubernetes" |
| 1524 | + "service_name": "containers-kubernetes", |
| 1525 | + "notes": "Required to create and manage the OpenShift cluster." |
1507 | 1526 | }, |
1508 | 1527 | { |
1509 | 1528 | "role_crns": [ |
1510 | 1529 | "crn:v1:bluemix:public:iam::::role:Administrator" |
1511 | 1530 | ], |
1512 | | - "service_name": "is.vpc" |
| 1531 | + "service_name": "is.vpc", |
| 1532 | + "notes": "Required to create VPC." |
1513 | 1533 | } |
1514 | 1534 | ], |
1515 | 1535 | "architecture": { |
1516 | 1536 | "features": [ |
1517 | 1537 | { |
1518 | | - "title": "Management VPC with one subnet, allow-all ACL and Security Group", |
1519 | | - "description": "Yes" |
1520 | | - }, |
1521 | | - { |
1522 | | - "title": "Workload VPC with two subnets, in two zones, allow-all ACL and Security Group", |
1523 | | - "description": "Yes" |
1524 | | - }, |
1525 | | - { |
1526 | | - "title": "Transit Gateway connecting VPCs", |
1527 | | - "description": "Yes" |
1528 | | - }, |
1529 | | - { |
1530 | | - "title": "One OCP cluster in workload VPC with two worker nodes, public endpoint enabled", |
1531 | | - "description": "Yes" |
1532 | | - }, |
1533 | | - { |
1534 | | - "title": "Key Protect for cluster encryption keys", |
1535 | | - "description": "Yes" |
| 1538 | + "title": " ", |
| 1539 | + "description": "Ideal for sandbox environments, experimentation, and familiarization with architecture patterns." |
1536 | 1540 | }, |
1537 | 1541 | { |
1538 | | - "title": "Cloud Object Storage instance (required for cluster)", |
1539 | | - "description": "Yes" |
| 1542 | + "title": " ", |
| 1543 | + "description": "An introductory, non-certified deployment aligned with the Financial Services Cloud VPCs topology. Not suitable for production workloads or upgrade paths." |
1540 | 1544 | } |
1541 | 1545 | ], |
1542 | 1546 | "diagrams": [ |
1543 | 1547 | { |
1544 | 1548 | "diagram": { |
1545 | | - "caption": "Red Hat OpenShift Container Platform on VPC landing zone - QuickStart variation", |
| 1549 | + "caption": "Red Hat OpenShift cluster topology - QuickStart (Financial Services edition)", |
1546 | 1550 | "url": "https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-landing-zone/main/reference-architectures/roks-quickstart.drawio.svg", |
1547 | 1551 | "type": "image/svg+xml" |
1548 | 1552 | }, |
1549 | | - "description": "The QuickStart variation of the Red Hat OpenShift Container Platform on VPC landing zone deployable architecture creates one Red Hat OpenShift Container Platform cluster in workload VPC with two worker nodes and public endpoint enabled. The QuickStart variation is designed to help you get started quickly, but is not highly available or validated for the IBM Cloud Framework for Financial Services." |
| 1553 | + "description": "This deployable architecture creates one Red Hat OpenShift Container Platform in workload VPC with two worker nodes and public endpoint enabled.<br> <br> It configures <b>Management VPC</b> with one subnet and <b>Workload VPC</b> with two subnets in two zones with allow-all ACL and security group. It creates <b>Transit Gateway</b> connecting to VPCs. It requires a <b> Object Storage instance</b> to provision the cluster and integrates with <b>Key Protect</b> for managing the cluster encryption keys. <br> <br> It is ideal for sandbox environments and helps you get started quickly." |
1550 | 1554 | } |
1551 | 1555 | ] |
1552 | 1556 | }, |
1553 | 1557 | "terraform_version": "1.10.5", |
1554 | 1558 | "dependency_version_2": true |
1555 | 1559 | }, |
1556 | 1560 | { |
1557 | | - "label": "Standard", |
| 1561 | + "label": "Standard - Financial Services edition", |
1558 | 1562 | "name": "standard", |
| 1563 | + "index": 4, |
1559 | 1564 | "install_type": "fullstack", |
1560 | 1565 | "working_directory": "patterns/roks", |
1561 | 1566 | "compliance": { |
|
2113 | 2118 | "role_crns": [ |
2114 | 2119 | "crn:v1:bluemix:public:iam::::serviceRole:Manager" |
2115 | 2120 | ], |
2116 | | - "service_name": "appid" |
| 2121 | + "service_name": "appid", |
| 2122 | + "notes": "Required to create and manage App ID service instance." |
2117 | 2123 | }, |
2118 | 2124 | { |
2119 | 2125 | "role_crns": [ |
2120 | 2126 | "crn:v1:bluemix:public:iam::::serviceRole:Manager" |
2121 | 2127 | ], |
2122 | | - "service_name": "cloud-object-storage" |
| 2128 | + "service_name": "cloud-object-storage", |
| 2129 | + "notes": "Required to manage Object Storage for the cluster internal registry." |
2123 | 2130 | }, |
2124 | 2131 | { |
2125 | 2132 | "role_crns": [ |
2126 | 2133 | "crn:v1:bluemix:public:iam::::serviceRole:Manager" |
2127 | 2134 | ], |
2128 | | - "service_name": "hs-crypto" |
| 2135 | + "service_name": "hs-crypto", |
| 2136 | + "notes": "[Optional] Required if Hyper Protect Crypto Service is used for encryption." |
2129 | 2137 | }, |
2130 | 2138 | { |
2131 | 2139 | "role_crns": [ |
2132 | 2140 | "crn:v1:bluemix:public:iam::::role:Administrator", |
2133 | 2141 | "crn:v1:bluemix:public:iam-identity::::serviceRole:UserApiKeyCreator" |
2134 | 2142 | ], |
2135 | | - "service_name": "iam-identity" |
| 2143 | + "service_name": "iam-identity", |
| 2144 | + "notes": "Required to create foundational IBM Cloud account resources, like IAM settings, resource groups." |
2136 | 2145 | }, |
2137 | 2146 | { |
2138 | 2147 | "role_crns": [ |
2139 | 2148 | "crn:v1:bluemix:public:iam::::serviceRole:Manager" |
2140 | 2149 | ], |
2141 | | - "service_name": "kms" |
| 2150 | + "service_name": "kms", |
| 2151 | + "notes": "[Optional] Required if Key Protect is used for encryption." |
2142 | 2152 | }, |
2143 | 2153 | { |
2144 | 2154 | "role_crns": [ |
2145 | 2155 | "crn:v1:bluemix:public:iam::::role:Administrator" |
2146 | 2156 | ], |
2147 | | - "service_name": "containers-kubernetes" |
| 2157 | + "service_name": "containers-kubernetes", |
| 2158 | + "notes": "Required to create and manage the Openshift cluster." |
2148 | 2159 | }, |
2149 | 2160 | { |
2150 | 2161 | "role_crns": [ |
2151 | 2162 | "crn:v1:bluemix:public:iam::::role:Administrator" |
2152 | 2163 | ], |
2153 | | - "service_name": "is.vpc" |
| 2164 | + "service_name": "is.vpc", |
| 2165 | + "notes": "Required to create VPC." |
2154 | 2166 | } |
2155 | 2167 | ], |
2156 | 2168 | "architecture": { |
2157 | 2169 | "features": [ |
2158 | 2170 | { |
2159 | | - "title": "Separate VPC for management", |
2160 | | - "description": "Yes" |
2161 | | - }, |
2162 | | - { |
2163 | | - "title": "Separate VPC for workloads", |
2164 | | - "description": "Yes" |
2165 | | - }, |
2166 | | - { |
2167 | | - "title": "Red Hat OpenShift", |
2168 | | - "description": "Yes" |
2169 | | - }, |
2170 | | - { |
2171 | | - "title": "Increases security with Key Management", |
2172 | | - "description": "Yes" |
2173 | | - }, |
2174 | | - { |
2175 | | - "title": "Reduces failure events by using multizone regions", |
2176 | | - "description": "Yes" |
2177 | | - }, |
2178 | | - { |
2179 | | - "title": "Collects and stores Internet Protocol (IP) traffic information with Activity Tracker and Flow Logs", |
2180 | | - "description": "Yes" |
2181 | | - }, |
2182 | | - { |
2183 | | - "title": "Securely connects to multiple networks with a site-to-site virtual private network", |
2184 | | - "description": "Yes" |
2185 | | - }, |
2186 | | - { |
2187 | | - "title": "Simplifies risk management and demonstrates regulatory compliance with Financial Services", |
2188 | | - "description": "Yes" |
2189 | | - }, |
2190 | | - { |
2191 | | - "title": "Uses an edge VPC for secure access through the public internet", |
2192 | | - "description": "Yes, if enabled" |
2193 | | - }, |
2194 | | - { |
2195 | | - "title": "Uses Floating IP address for access through the public internet", |
2196 | | - "description": "No" |
| 2171 | + "title": " ", |
| 2172 | + "description": "Ideal for production workloads requiring compliance with financial services standards." |
2197 | 2173 | }, |
2198 | 2174 | { |
2199 | | - "description": "Configures existing CBR (Context-based restrictions) rules to allow traffic to flow only from the landing zone VPCs to specific cloud services.\n", |
2200 | | - "title": "Configures CBR" |
| 2175 | + "title": " ", |
| 2176 | + "description": "Validated configuration aligned with IBM Cloud Framework for Financial Services." |
2201 | 2177 | } |
2202 | 2178 | ], |
2203 | 2179 | "diagrams": [ |
2204 | 2180 | { |
2205 | 2181 | "diagram": { |
2206 | | - "caption": "Red Hat OpenShift Container Platform on VPC landing zone - Standard variation", |
| 2182 | + "caption": "Red Hat OpenShift cluster topology - Standard (Financial Services edition)", |
2207 | 2183 | "url": "https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-landing-zone/main/reference-architectures/roks.drawio.svg", |
2208 | 2184 | "type": "image/svg+xml" |
2209 | 2185 | }, |
2210 | | - "description": "The Standard variation of the Red Hat OpenShift Container Platform on VPC landing zone is based on the IBM Cloud for Financial Services reference architecture. The architecture creates secure and compliant Red Hat OpenShift Container Platform workload clusters on a Virtual Private Cloud (VPC) network." |
| 2186 | + "description": "This deployable architecture deploys the <b>Red Hat OpenShift Container Platform on VPC</b> based on the IBM Cloud for Financial Services reference architecture.<br> <br> This architecture creates two separate <b>VPCs</b> for management and workloads, respectively. It configures two <b>OpenShift clusters</b> in each VPC with a single worker pool distributed across all three zones, with two worker nodes per zone. It uses an <b>edge VPC</b> for secure access through the public internet and creates <b>Transit Gateway</b> connecting to the VPCs. <br> <br> It integrates with <b>key management</b> services to enhance security and reduces failure events by using multizone regions. It securely connects to multiple networks using a <b>site-to-site virtual private network</b> and configures <b>CBR (Context-based Restrictions)</b> rules to restrict traffic flow only between landing zone VPCs and specific IBM Cloud services. <br> <br> Using this architecture, secure and compliant Red Hat OpenShift Container Platform is created on a VPC network." |
2211 | 2187 | } |
2212 | 2188 | ] |
2213 | 2189 | }, |
|
0 commit comments