fix: tests

Author: Jordan-Williams2

README.md

@@ -40,12 +40,6 @@ provider "helm" {
     token                  = data.ibm_container_cluster_config.cluster_config.token
     cluster_ca_certificate = data.ibm_container_cluster_config.cluster_config.ca_certificate
   }
-  # IBM Cloud credentials are required to authenticate to the helm repo
-  registry {
-    url = "oci://icr.io/ibm/observe/logs-agent-helm"
-    username = "iamapikey"
-    password = "XXXXXXXXXXXXXXXXX" # replace with an IBM cloud apikey  # pragma: allowlist secret
-  }
 }
 
 # ############################################################################
@@ -94,7 +88,7 @@ No modules.
 | <a name="input_agent_additional_metadata"></a> [agent\_additional\_metadata](#input\_agent\_additional\_metadata) | The list of additional metadata fields to add to the routed logs. | <pre>list(object({<br/>    key   = optional(string)<br/>    value = optional(string)<br/>  }))</pre> | `[]` | no |
 | <a name="input_agent_iam_api_key"></a> [agent\_iam\_api\_key](#input\_agent\_iam\_api\_key) | The IBM Cloud API key for the Logs agent to authenticate and communicate with the IBM Cloud Logs. | `string` | n/a | yes |
 | <a name="input_agent_name"></a> [agent\_name](#input\_agent\_name) | The name of the Logs agent. The name is used in all Kubernetes and Helm resources in the cluster. | `string` | `"logs-agent"` | no |
-| <a name="input_agent_namespace"></a> [agent\_namespace](#input\_agent\_namespace) | The namespace where the Logs agent is deployed. The default value is `ibm-agent`. | `string` | `"ibm-agent"` | no |
+| <a name="input_agent_namespace"></a> [agent\_namespace](#input\_agent\_namespace) | The namespace where the Logs agent is deployed. The default value is `ibm-agent`. | `string` | `"ibm-observe"` | no |
 | <a name="input_agent_resources"></a> [agent\_resources](#input\_agent\_resources) | The resources configuration for cpu/memory/storage. [Learn More](https://cloud.ibm.com/docs/cloud-logs?topic=cloud-logs-agent-helm-template-clusters#agent-helm-template-clusters-chart-options-resources) | <pre>object({<br/>    limits = object({<br/>      cpu    = string<br/>      memory = string<br/>    })<br/>    requests = object({<br/>      cpu    = string<br/>      memory = string<br/>    })<br/>  })</pre> | <pre>{<br/>  "limits": {<br/>    "cpu": "500m",<br/>    "memory": "3Gi"<br/>  },<br/>  "requests": {<br/>    "cpu": "100m",<br/>    "memory": "1Gi"<br/>  }<br/>}</pre> | no |
 | <a name="input_agent_tolerations"></a> [agent\_tolerations](#input\_agent\_tolerations) | List of tolerations to apply to Logs agent. The default value means a pod will run on every node. | <pre>list(object({<br/>    key               = optional(string)<br/>    operator          = optional(string)<br/>    value             = optional(string)<br/>    effect            = optional(string)<br/>    tolerationSeconds = optional(number)<br/>  }))</pre> | <pre>[<br/>  {<br/>    "operator": "Exists"<br/>  }<br/>]</pre> | no |
 | <a name="input_chart_location"></a> [chart\_location](#input\_chart\_location) | The location of the Helm chart for the Sysdig agent. | `string` | `"sysdig-deploy"` | no |
@@ -105,7 +99,7 @@ No modules.
 | <a name="input_cluster_id"></a> [cluster\_id](#input\_cluster\_id) | The ID of the cluster to deploy the agent. | `string` | n/a | yes |
 | <a name="input_cluster_resource_group_id"></a> [cluster\_resource\_group\_id](#input\_cluster\_resource\_group\_id) | The resource group ID of the cluster. | `string` | n/a | yes |
 | <a name="input_is_vpc_cluster"></a> [is\_vpc\_cluster](#input\_is\_vpc\_cluster) | Specify true if the target cluster for the agent is a VPC cluster, false if it is a classic cluster. | `bool` | `true` | no |
-| <a name="input_node_analyzer_enabled"></a> [node\_analyzer\_enabled](#input\_node\_analyzer\_enabled) | Enable or disable the Node Analyzer feature in the Sysdig agent. | `bool` | `true` | no |
+| <a name="input_node_analyzer_enabled"></a> [node\_analyzer\_enabled](#input\_node\_analyzer\_enabled) | Enable or disable the Node Analyzer feature in the Sysdig agent. | `bool` | `false` | no |
 | <a name="input_wait_till"></a> [wait\_till](#input\_wait\_till) | To avoid long wait times when you run your Terraform code, you can specify the stage when you want Terraform to mark the cluster resource creation as completed. Depending on what stage you choose, the cluster creation might not be fully completed and continues to run in the background. However, your Terraform code can continue to run without waiting for the cluster to be fully created. Supported args are `MasterNodeReady`, `OneWorkerNodeReady`, `IngressReady` and `Normal` | `string` | `"Normal"` | no |
 | <a name="input_wait_till_timeout"></a> [wait\_till\_timeout](#input\_wait\_till\_timeout) | Timeout for wait\_till in minutes. | `number` | `90` | no |
 

examples/logs-agent-iks/provider.tf

@@ -9,12 +9,6 @@ provider "helm" {
     token                  = data.ibm_container_cluster_config.cluster_config.token
     cluster_ca_certificate = data.ibm_container_cluster_config.cluster_config.ca_certificate
   }
-  # IBM Cloud credentials are required to authenticate to the helm repo
-  registry {
-    url      = "oci://icr.io/ibm/observe/logs-agent-helm"
-    username = "iamapikey"
-    password = var.ibmcloud_api_key
-  }
 }
 
 provider "kubernetes" {

examples/logs-agent-ocp/provider.tf

@@ -9,12 +9,6 @@ provider "helm" {
     token                  = data.ibm_container_cluster_config.cluster_config.token
     cluster_ca_certificate = data.ibm_container_cluster_config.cluster_config.ca_certificate
   }
-  # IBM Cloud credentials are required to authenticate to the helm repo
-  registry {
-    url      = "oci://icr.io/ibm/observe/logs-agent-helm"
-    username = "iamapikey"
-    password = var.ibmcloud_api_key
-  }
 }
 
 provider "kubernetes" {

kubeconfig/.gitignore

@@ -1,2 +1,2 @@
 This directory must exist in source control so the `ibm_container_cluster_config` data lookup can use it to place the
-config.yml used to connect to a kubernetes cluster.
+config.yml used to connect to a kubernetes cluster (See https://github.ibm.com/GoldenEye/issues/issues/552).

kubeconfig/README.md

@@ -13,12 +13,6 @@ provider "helm" {
     token                  = data.ibm_container_cluster_config.cluster_config.token
     cluster_ca_certificate = data.ibm_container_cluster_config.cluster_config.ca_certificate
   }
-  # IBM Cloud credentials are required to authenticate to the helm repo
-  registry {
-    url      = "oci://icr.io/ibm/observe/logs-agent-helm"
-    username = "iamapikey"
-    password = var.ibmcloud_api_key
-  }
 }
 
 # Retrieve information about an existing VPC cluster

solutions/fully-configurable/kubeconfig/README.md

@@ -70,7 +70,7 @@ variable "chart_version" {
 variable "node_analyzer_enabled" {
   description = "Enable or disable the Node Analyzer feature in the Sysdig agent."
   type        = bool
-  default     = true # Set the default value as needed
+  default     = false
 }
 
 variable "agent_name" {
@@ -83,7 +83,7 @@ variable "agent_name" {
 variable "agent_namespace" {
   type        = string
   description = "The namespace where the Logs agent is deployed. The default value is `ibm-agent`."
-  default     = "ibm-agent"
+  default     = "ibm-observe"
   nullable    = false
 }
 
@@ -143,5 +143,4 @@ variable "agent_additional_metadata" {
 variable "cloud_logs_ingress_endpoint" {
   description = "The host for IBM Cloud Logs ingestion. Ensure you use the ingress endpoint. See https://cloud.ibm.com/docs/cloud-logs?topic=cloud-logs-endpoints_ingress."
   type        = string
-  default     = "7c6d96d2-b0c6-4164-96ce-3a1fd142a853.ingress.eu-de.logs.cloud.ibm.com"
 }

solutions/fully-configurable/provider.tf

@@ -10,21 +10,79 @@ module "resource_group" {
   existing_resource_group_name = var.resource_group
 }
 
-##############################################################################
-# SLZ ROKS Pattern
-##############################################################################
+########################################################################################################################
+# VPC + Subnet + Public Gateway
+#
+# NOTE: This is a very simple VPC with single subnet in a single zone with a public gateway enabled, that will allow
+# all traffic ingress/egress by default.
+# For production use cases this would need to be enhanced by adding more subnets and zones for resiliency, and
+# ACLs/Security Groups for network security.
+########################################################################################################################
+
+resource "ibm_is_vpc" "vpc" {
+  name                      = "${var.prefix}-vpc"
+  resource_group            = module.resource_group.resource_group_id
+  address_prefix_management = "auto"
+  tags                      = var.resource_tags
+}
+
+resource "ibm_is_public_gateway" "gateway" {
+  name           = "${var.prefix}-gateway-1"
+  vpc            = ibm_is_vpc.vpc.id
+  resource_group = module.resource_group.resource_group_id
+  zone           = "${var.region}-1"
+}
+
+resource "ibm_is_subnet" "subnet_zone_1" {
+  name                     = "${var.prefix}-subnet-1"
+  vpc                      = ibm_is_vpc.vpc.id
+  resource_group           = module.resource_group.resource_group_id
+  zone                     = "${var.region}-1"
+  total_ipv4_address_count = 256
+  public_gateway           = ibm_is_public_gateway.gateway.id
+}
+
+########################################################################################################################
+# OCP VPC cluster (single zone)
+########################################################################################################################
+
+locals {
+  cluster_vpc_subnets = {
+    default = [
+      {
+        id         = ibm_is_subnet.subnet_zone_1.id
+        cidr_block = ibm_is_subnet.subnet_zone_1.ipv4_cidr_block
+        zone       = ibm_is_subnet.subnet_zone_1.zone
+      }
+    ]
+  }
+
+  worker_pools = [
+    {
+      subnet_prefix    = "default"
+      pool_name        = "default" # ibm_container_vpc_cluster automatically names default pool "default" (See https://github.com/IBM-Cloud/terraform-provider-ibm/issues/2849)
+      machine_type     = "bx2.4x16"
+      workers_per_zone = 2 # minimum of 2 is allowed when using single zone
+      operating_system = "REDHAT_8_64"
+    }
+  ]
+}
 
-module "landing_zone" {
-  source                              = "git::https://github.com/terraform-ibm-modules/terraform-ibm-landing-zone//patterns//roks//module?ref=v7.3.0"
+module "ocp_base" {
+  source                              = "terraform-ibm-modules/base-ocp-vpc/ibm"
+  version                             = "3.43.0"
+  resource_group_id                   = module.resource_group.resource_group_id
   region                              = var.region
-  prefix                              = var.prefix
   tags                                = var.resource_tags
-  add_atracker_route                  = false
-  enable_transit_gateway              = false
-  cluster_force_delete_storage        = true
-  verify_cluster_network_readiness    = false
-  use_ibm_cloud_private_api_endpoints = false
-  ignore_vpcs_for_cluster_deployment  = ["management"]
+  cluster_name                        = var.prefix
+  force_delete_storage                = true
+  vpc_id                              = ibm_is_vpc.vpc.id
+  vpc_subnets                         = local.cluster_vpc_subnets
+  ocp_version                         = null
+  worker_pools                        = local.worker_pools
+  access_tags                         = []
+  ocp_entitlement                     = null
+  disable_outbound_traffic_protection = true # set as True to enable outbound traffic; required for accessing Operator Hub in the OpenShift console.
 }
 
 ##############################################################################
@@ -79,8 +137,8 @@ module "buckets" {
 ##############################################################################
 
 locals {
-  cluster_resource_group_id = module.landing_zone.cluster_data["${var.prefix}-workload-cluster"].resource_group_id
-  cluster_crn               = module.landing_zone.cluster_data["${var.prefix}-workload-cluster"].crn
+  cluster_resource_group_id = module.resource_group.resource_group_id
+  cluster_crn               = module.ocp_base.crn
 }
 
 module "cloud_logs" {

solutions/fully-configurable/variables.tf

@@ -78,7 +78,7 @@ variable "chart_version" {
 variable "node_analyzer_enabled" {
   description = "Enable or disable the Node Analyzer feature in the Sysdig agent."
   type        = bool
-  default     = true # Set the default value as needed
+  default     = false # Set the default value as needed
 }
 
 variable "agent_name" {
@@ -91,7 +91,7 @@ variable "agent_name" {
 variable "agent_namespace" {
   type        = string
   description = "The namespace where the Logs agent is deployed. The default value is `ibm-agent`."
-  default     = "ibm-agent"
+  default     = "ibm-observe"
   nullable    = false
 }