feat: introduce ocp tshirts and cluster destroy automation

.secrets.baseline

@@ -159,6 +159,16 @@
         "verified_result": null
       }
     ],
+    "solutions/standard-openshift/ansible/templates-ansible/deploy-openshift-cluster/playbook-destroy-ocp-cluster.yml.tftpl": [
+      {
+        "hashed_secret": "d2e2ab0f407e4ee3cf2ab87d61c31b25a74085e5",
+        "is_secret": false,
+        "is_verified": false,
+        "line_number": 32,
+        "type": "Secret Keyword",
+        "verified_result": null
+      }
+    ],
     "solutions/standard-plus-vsi/catalogValidationValues.json.template": [
       {
         "hashed_secret": "fa501f2ceec739604d621b521446b88d41a7f76b",

ibm_catalog.json

@@ -64,7 +64,7 @@
           "label": "Standard Landscape",
           "name": "standard",
           "install_type": "fullstack",
-          "index": 2,
+          "index": 9,
           "working_directory": "solutions/standard",
           "compliance": {
             "authority": "scc-v3",
@@ -561,7 +561,7 @@
               {
                 "diagram": {
                   "caption": "Power Virtual Server with VPC landing zone 'Standard Landscape' variation",
-                  "url": "https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-powervs-infrastructure/refs/tags/v10.2.1/reference-architectures/standard/deploy-arch-ibm-pvs-inf-standard.svg",
+                  "url": "https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-powervs-infrastructure/refs/tags/v10.3.0/reference-architectures/standard/deploy-arch-ibm-pvs-inf-standard.svg",
                   "type": "image/svg+xml"
                 },
                 "description": "The Power Virtual Server with VPC landing zone as variation 'Create a new architecture' deploys VPC services and a Power Virtual Server workspace and interconnects them.\n \nRequired and optional management components are configured."
@@ -1266,7 +1266,7 @@
               {
                 "diagram": {
                   "caption": "Power Virtual Server with VPC landing zone 'Quickstart' variation",
-                  "url": "https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-powervs-infrastructure/refs/tags/v10.2.1/reference-architectures/standard-plus-vsi/deploy-arch-ibm-pvs-inf-standard-plus-vsi.svg",
+                  "url": "https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-powervs-infrastructure/refs/tags/v10.3.0/reference-architectures/standard-plus-vsi/deploy-arch-ibm-pvs-inf-standard-plus-vsi.svg",
                   "type": "image/svg+xml"
                 },
                 "description": "The Power Virtual Server with VPC landing zone as 'Quickstart' variation of 'Create a new architecture' option deploys VPC services and a Power Virtual Server workspace and interconnects them. It also creates one Power virtual server instance of chosen t-shirt size or custom configuration.\n \nRequired and optional management components are configured."
@@ -1429,6 +1429,9 @@
               "type": "string",
               "required": true
             },
+            {
+              "key": "destroy_cluster"
+            },
             {
               "key": "openshift_release",
               "type": "string"
@@ -1442,15 +1445,39 @@
               }
             },
             {
-              "key": "cluster_master_node_config",
+              "key": "tshirt_size",
+              "type": "string",
+              "default_value": "xs",
+              "options": [
+                {
+                  "displayname": "xs (2xW:1x32 3xM:1x32)",
+                  "value": "xs"
+                },
+                {
+                  "displayname": "s (3xW:1x32 3xM:1x32)",
+                  "value": "s"
+                },
+                {
+                  "displayname": "m (4xW:2x32 3xM:1x32)",
+                  "value": "m"
+                },
+                {
+                  "displayname": "l (4xW:1x64 3xM:1x32)",
+                  "value": "l"
+                }
+              ],
+              "custom_config": {}
+            },
+            {
+              "key": "custom_master_node_config",
               "custom_config": {
                 "grouping": "deployment",
                 "original_grouping": "deployment",
                 "type": "code_editor"
               }
             },
             {
-              "key": "cluster_worker_node_config",
+              "key": "custom_worker_node_config",
               "custom_config": {
                 "grouping": "deployment",
                 "original_grouping": "deployment",
@@ -1740,7 +1767,7 @@
               {
                 "diagram": {
                   "caption": "Power Virtual Server with VPC landing zone 'Quickstart OpenShift' variation",
-                  "url": "https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-powervs-infrastructure/refs/tags/v10.2.1/reference-architectures/standard-openshift/deploy-arch-ibm-pvs-inf-standard-openshift.svg",
+                  "url": "https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-powervs-infrastructure/refs/tags/v10.3.0/reference-architectures/standard-openshift/deploy-arch-ibm-pvs-inf-standard-openshift.svg",
                   "type": "image/svg+xml"
                 },
                 "description": "The Power Virtual Server with VPC landing zone as variation 'Quickstart OpenShift' deploys VPC services and an Openshift Cluster on PowerVS and interconnects them.\n \nRequired and optional management components are configured."

reference-architectures/standard-openshift/deploy-arch-ibm-pvs-inf-standard-openshift.md

@@ -1,7 +1,7 @@
 ---
 copyright:
   years: 2024, 2025
-lastupdated: "2025-10-24"
+lastupdated: "2025-11-19"
 keywords:
 subcollection: deployable-reference-architectures
 authors:
@@ -15,7 +15,7 @@ image_source: https://github.com/terraform-ibm-modules/terraform-ibm-powervs-inf
 use-case: ITServiceManagement
 industry: Technology
 content-type: reference-architecture
-version: v10.2.1
+version: v10.3.0
 compliance:
 
 ---
@@ -27,7 +27,7 @@ compliance:
 {: toc-content-type="reference-architecture"}
 {: toc-industry="Technology"}
 {: toc-use-case="ITServiceManagement"}
-{: toc-version="v10.2.1"}
+{: toc-version="v10.3.0"}
 
 The Quickstart OpenShift deployment on Power Virtual Server with a VPC landing zone uses the Red Hat IPI installer to set up an OpenShift cluster. Before the deployment begins, it provisions VPC services and creates a Power Virtual Server workspace, which together form the landing zone used to access and manage the cluster.
 

reference-architectures/standard-plus-vsi/deploy-arch-ibm-pvs-inf-standard-plus-vsi.md

@@ -1,7 +1,7 @@
 ---
 copyright:
   years: 2024, 2025
-lastupdated: "2025-10-24"
+lastupdated: "2025-11-19"
 keywords:
 subcollection: deployable-reference-architectures
 authors:
@@ -16,7 +16,7 @@ image_source: https://github.com/terraform-ibm-modules/terraform-ibm-powervs-inf
 use-case: ITServiceManagement
 industry: Technology
 content-type: reference-architecture
-version: v10.2.1
+version: v10.3.0
 compliance:
 
 ---
@@ -28,7 +28,7 @@ compliance:
 {: toc-content-type="reference-architecture"}
 {: toc-industry="Technology"}
 {: toc-use-case="ITServiceManagement"}
-{: toc-version="v10.2.1"}
+{: toc-version="v10.3.0"}
 
 Quickstart deployment of the Power Virtual Server with VPC landing zone creates VPC services, a Power Virtual Server workspace, and interconnects them. It also deploys a Power Virtual Server of chosen T-shirt size or custom configuration. Supported Os are Aix, IBM i, and Linux images.
 

reference-architectures/standard/deploy-arch-ibm-pvs-inf-standard.md

@@ -1,7 +1,7 @@
 ---
 copyright:
   years: 2024, 2025
-lastupdated: "2025-10-24"
+lastupdated: "2025-11-19"
 keywords:
 subcollection: deployable-reference-architectures
 authors:
@@ -15,7 +15,7 @@ image_source: https://github.com/terraform-ibm-modules/terraform-ibm-powervs-inf
 use-case: ITServiceManagement
 industry: Technology
 content-type: reference-architecture
-version: v10.2.1
+version: v10.3.0
 compliance: SAPCertified
 
 ---
@@ -28,7 +28,7 @@ compliance: SAPCertified
 {: toc-industry="Technology"}
 {: toc-use-case="ITServiceManagement"}
 {: toc-compliance="SAPCertified"}
-{: toc-version="v10.2.1"}
+{: toc-version="v10.3.0"}
 
 The Standard deployment of the Power Virtual Server with VPC landing zone creates VPC services and a Power Virtual Server workspace and interconnects them.
 

solutions/standard-openshift/README.md

@@ -59,6 +59,7 @@ Due to technical limitations, the cost estimate Projects gives does not include
 | <a name="module_ocp_cluster_deployment"></a> [ocp\_cluster\_deployment](#module\_ocp\_cluster\_deployment) | ./ansible | n/a |
 | <a name="module_ocp_cluster_install_configuration"></a> [ocp\_cluster\_install\_configuration](#module\_ocp\_cluster\_install\_configuration) | ./ansible | n/a |
 | <a name="module_ocp_cluster_manifest_creation"></a> [ocp\_cluster\_manifest\_creation](#module\_ocp\_cluster\_manifest\_creation) | ./ansible | n/a |
+| <a name="module_ocp_destroy_cluster"></a> [ocp\_destroy\_cluster](#module\_ocp\_destroy\_cluster) | ./ansible | n/a |
 | <a name="module_standard"></a> [standard](#module\_standard) | ../../modules/powervs-vpc-landing-zone | n/a |
 
 ### Resources
@@ -75,10 +76,11 @@ Due to technical limitations, the cost estimate Projects gives does not include
 | <a name="input_ansible_vault_password"></a> [ansible\_vault\_password](#input\_ansible\_vault\_password) | Vault password to encrypt ansible playbooks that contain sensitive information. Password requirements: 15-100 characters and at least one uppercase letter, one lowercase letter, one number, and one special character. Allowed characters: A-Z, a-z, 0-9, !#$%&()*+-.:;<=>?@[]\_{\|}~. | `string` | n/a | yes |
 | <a name="input_client_to_site_vpn"></a> [client\_to\_site\_vpn](#input\_client\_to\_site\_vpn) | VPN configuration - the client ip pool and list of users email ids to access the environment. If enabled, then a Secret Manager instance is also provisioned with certificates generated. See optional parameters to reuse an existing Secrets manager instance. | <pre>object({<br/>    enable                        = bool<br/>    client_ip_pool                = string<br/>    vpn_client_access_group_users = list(string)<br/>  })</pre> | <pre>{<br/>  "client_ip_pool": "192.168.0.0/16",<br/>  "enable": true,<br/>  "vpn_client_access_group_users": []<br/>}</pre> | no |
 | <a name="input_cluster_base_domain"></a> [cluster\_base\_domain](#input\_cluster\_base\_domain) | The base domain name that will be used by the cluster. Only .test, .example, and .invalid domains are supported (ie: domain.example). | `string` | n/a | yes |
-| <a name="input_cluster_master_node_config"></a> [cluster\_master\_node\_config](#input\_cluster\_master\_node\_config) | Configuration for the master nodes of the OpenShift cluster, including CPU, system type, processor type, and replica count. If system\_type is null, it's chosen based on whether it's supported in the region. This can be overwritten by passing a value, e.g. 's1022' or 's922'. Memory is in GB. | <pre>object({<br/>    processors  = number<br/>    memory      = number<br/>    system_type = string<br/>    proc_type   = string<br/>    replicas    = number<br/>  })</pre> | <pre>{<br/>  "memory": "32",<br/>  "proc_type": "Shared",<br/>  "processors": "4",<br/>  "replicas": "3",<br/>  "system_type": null<br/>}</pre> | no |
 | <a name="input_cluster_name"></a> [cluster\_name](#input\_cluster\_name) | The name of the cluster and a unique identifier used as prefix for resources. Must begin with a lowercase letter and end with a lowercase letter or number. Must contain only lowercase letters, numbers, and - characters. This prefix will be prepended to any resources provisioned by this template. Prefixes must be 16 or fewer characters. | `string` | n/a | yes |
 | <a name="input_cluster_network_config"></a> [cluster\_network\_config](#input\_cluster\_network\_config) | Configuration object for the OpenShift cluster and service network CIDRs. | <pre>object({<br/>    cluster_network_cidr         = string<br/>    cluster_service_network_cidr = string<br/>    cluster_machine_network_cidr = string<br/>  })</pre> | <pre>{<br/>  "cluster_machine_network_cidr": "10.72.0.0/24",<br/>  "cluster_network_cidr": "10.128.0.0/14",<br/>  "cluster_service_network_cidr": "10.67.0.0/16"<br/>}</pre> | no |
-| <a name="input_cluster_worker_node_config"></a> [cluster\_worker\_node\_config](#input\_cluster\_worker\_node\_config) | Configuration for the worker nodes of the OpenShift cluster, including CPU, system type, processor type, and replica count. If system\_type is null, it's chosen based on whether it's supported in the region. This can be overwritten by passing a value, e.g. 's1022' or 's922'. Memory is in GB. | <pre>object({<br/>    processors  = number<br/>    memory      = number<br/>    system_type = string<br/>    proc_type   = string<br/>    replicas    = number<br/>  })</pre> | <pre>{<br/>  "memory": "32",<br/>  "proc_type": "Shared",<br/>  "processors": "4",<br/>  "replicas": "3",<br/>  "system_type": null<br/>}</pre> | no |
+| <a name="input_custom_master_node_config"></a> [custom\_master\_node\_config](#input\_custom\_master\_node\_config) | This value is ignored if 'tshirt\_size' is not set to 'custom'. Configuration for the master nodes of the OpenShift cluster, including CPU, system type, processor type, and replica count. If system\_type is null, it's chosen based on whether it's supported in the region. This can be overwritten by passing a value, e.g. 's1022' or 's922'. Memory is in GB. | <pre>object({<br/>    processors  = number<br/>    memory      = number<br/>    system_type = string<br/>    proc_type   = string<br/>    replicas    = number<br/>  })</pre> | <pre>{<br/>  "memory": "32",<br/>  "proc_type": "Shared",<br/>  "processors": "4",<br/>  "replicas": "3",<br/>  "system_type": null<br/>}</pre> | no |
+| <a name="input_custom_worker_node_config"></a> [custom\_worker\_node\_config](#input\_custom\_worker\_node\_config) | This value is ignored if 'tshirt\_size' is not set to 'custom'. Configuration for the worker nodes of the OpenShift cluster, including CPU, system type, processor type, and replica count. If system\_type is null, it's chosen based on whether it's supported in the region. This can be overwritten by passing a value, e.g. 's1022' or 's922'. Memory is in GB. | <pre>object({<br/>    processors  = number<br/>    memory      = number<br/>    system_type = string<br/>    proc_type   = string<br/>    replicas    = number<br/>  })</pre> | <pre>{<br/>  "memory": "32",<br/>  "proc_type": "Shared",<br/>  "processors": "4",<br/>  "replicas": "3",<br/>  "system_type": null<br/>}</pre> | no |
+| <a name="input_destroy_cluster"></a> [destroy\_cluster](#input\_destroy\_cluster) | Destroying this environment is a 2-step process. 1. set this value to true and apply - this will destroy the cluster resources. 2. trigger a terraform destroy - this will destroy the landing zone resources. | `bool` | `false` | no |
 | <a name="input_enable_monitoring"></a> [enable\_monitoring](#input\_enable\_monitoring) | Specify whether Monitoring will be enabled. This creates a new IBM Cloud Monitoring Instance. | `bool` | `false` | no |
 | <a name="input_enable_scc_wp"></a> [enable\_scc\_wp](#input\_enable\_scc\_wp) | Enable SCC Workload Protection and install and configure the SCC Workload Protection agent on all intel VSIs in this deployment. | `bool` | `true` | no |
 | <a name="input_existing_sm_instance_guid"></a> [existing\_sm\_instance\_guid](#input\_existing\_sm\_instance\_guid) | An existing Secrets Manager GUID. If not provided a new instance will be provisioned. | `string` | `null` | no |
@@ -94,6 +96,7 @@ Due to technical limitations, the cost estimate Projects gives does not include
 | <a name="input_ssh_private_key"></a> [ssh\_private\_key](#input\_ssh\_private\_key) | Private SSH key (RSA format) to login to Intel VSIs to configure network management services (SQUID, NTP, DNS and ansible). Should match to public SSH key referenced by 'ssh\_public\_key'. The key is not uploaded or stored. If you're unsure how to create one, check [Generate a SSH Key Pair](https://cloud.ibm.com/docs/powervs-vpc?topic=powervs-vpc-powervs-automation-prereqs#powervs-automation-ssh-key) in our docs. For more information about SSH keys, see [SSH keys](https://cloud.ibm.com/docs/vpc?topic=vpc-ssh-keys) in the VPC docs. | `string` | n/a | yes |
 | <a name="input_ssh_public_key"></a> [ssh\_public\_key](#input\_ssh\_public\_key) | Public SSH Key for VSI creation. Must be an RSA key with a key size of either 2048 bits or 4096 bits (recommended). Must be a valid SSH key that does not already exist in the deployment region. If you're unsure how to create one, check [Generate a SSH Key Pair](https://cloud.ibm.com/docs/powervs-vpc?topic=powervs-vpc-powervs-automation-prereqs#powervs-automation-ssh-key) in our docs. For more information about SSH keys, see [SSH keys](https://cloud.ibm.com/docs/vpc?topic=vpc-ssh-keys) in the VPC docs. | `string` | n/a | yes |
 | <a name="input_tags"></a> [tags](#input\_tags) | List of tag names for the IBM Cloud PowerVS workspace | `list(string)` | `[]` | no |
+| <a name="input_tshirt_size"></a> [tshirt\_size](#input\_tshirt\_size) | OpenShift Cluster profiles for the master and worker nodes. These profiles can be overridden by setting this value to 'custom' and specifying 'custom\_master\_node\_config' and 'custom\_worker\_node\_config' values in the optional parameters section. | `string` | `"xs"` | no |
 | <a name="input_user_id"></a> [user\_id](#input\_user\_id) | The IBM Cloud login user ID associated with the account where the cluster will be deployed. | `string` | n/a | yes |
 | <a name="input_vpc_intel_images"></a> [vpc\_intel\_images](#input\_vpc\_intel\_images) | Stock OS image names for creating VPC landing zone VSI instances: RHEL (management and network services) and SLES (monitoring). | <pre>object({<br/>    rhel_image = string<br/>    sles_image = string<br/>  })</pre> | <pre>{<br/>  "rhel_image": "ibm-redhat-9-4-amd64-sap-applications-7",<br/>  "sles_image": "ibm-sles-15-7-amd64-sap-applications-1"<br/>}</pre> | no |
 

solutions/standard-openshift/ansible/templates-ansible/deploy-openshift-cluster/playbook-destroy-ocp-cluster.yml.tftpl

@@ -0,0 +1,37 @@
+---
+- name: Destroy the OpenShift Cluster
+  hosts: all
+
+  vars:
+    cluster_dir: "${CLUSTER_DIR}"
+    cluster_name: $"{CLUSTER_NAME}"
+    openshift_install_bootstrap_timeout: "${OPENSHIFT_INSTALL_BOOTSTRAP_TIMEOUT}"
+    openshift_install_machine_wait_timeout: "${OPENSHIFT_INSTALL_MACHINE_WAIT_TIMEOUT}"
+    openshift_install_cluster_timeout: "${OPENSHIFT_INSTALL_CLUSTER_TIMEOUT}"
+    openshift_install_destroy_timeout: "${OPENSHIFT_INSTALL_DESTROY_TIMEOUT}"
+
+  tasks:
+    - name: Destroy the Cluster resources
+      block:
+        - name: Run openshift-install destroy cluster
+          ansible.builtin.shell: |
+            openshift-install destroy cluster --dir={{ cluster_dir }} --log-level=debug
+          environment:
+            OPENSHIFT_INSTALL_BOOTSTRAP_TIMEOUT: "{{ openshift_install_bootstrap_timeout }}"
+            OPENSHIFT_INSTALL_MACHINE_WAIT_TIMEOUT: "{{ openshift_install_machine_wait_timeout }}"
+            OPENSHIFT_INSTALL_CLUSTER_TIMEOUT: "{{ openshift_install_cluster_timeout }}"
+            OPENSHIFT_INSTALL_DESTROY_TIMEOUT: "{{ openshift_install_destroy_timeout }}"
+          ignore_errors: false
+          retries: 3
+          delay: 30
+
+        - name: Delete the Service IDs
+          ansible.builtin.shell: |
+            ccoctl ibmcloud delete-service-id --credentials-requests-dir {{ cluster_dir }}/credreqs --name {{ cluster_name }}
+          environment:
+            IBMCLOUD_API_KEY: "{{ lookup('env', 'IBMCLOUD_API_KEY') }}"
+            OPENSHIFT_INSTALL_BOOTSTRAP_TIMEOUT: "{{ openshift_install_bootstrap_timeout }}"
+            OPENSHIFT_INSTALL_MACHINE_WAIT_TIMEOUT: "{{ openshift_install_machine_wait_timeout }}"
+            OPENSHIFT_INSTALL_CLUSTER_TIMEOUT: "{{ openshift_install_cluster_timeout }}"
+            OPENSHIFT_INSTALL_DESTROY_TIMEOUT: "{{ openshift_install_destroy_timeout }}"
+          ignore_errors: false