Merge remote-tracking branch 'internal/main'

.docs/powervs-poc.md

@@ -47,7 +47,15 @@ To set the public SSH key value for the VPC VSI, click on the red `VPC Deploymen
 To set the public SSH key value for the Power VS VSIs, click on the red `Power VS` item on the left navigation bar, then click on the key icon. Click on the key icon, expand the SSH Keys section, fill in the public key value, and click the Save button.
 
 ### On-premises network CIDRS and Peer Address
-To set network CIDRs that are being used by the on-prem environment, click on `VPC Deployments` on the left navigation bar. Scroll down and click on the gateway icon in the `vpn-zone-1` network. Expand the connection section and update the network CIDR in the `Additional Address Prefixes` and `Peer CIDRs` fields. Set VPN connection Peer Address, the address for the on-prem connection, in the `Peer Address` field. Click on both blue Save buttons when finished.
+To set network CIDRs that are being used by the on-prem environment the VPN Gateway and a routing table must be updated.
+
+To update the VPN Gateway, click on `VPC Deployments` on the left navigation bar. Scroll down and click on the gateway icon in the `vpn-zone-1` network. Expand the connection section and update the network CIDR in the `Additional Address Prefixes` and `Peer CIDRs` fields. Set VPN connection Peer Address, the address for the on-prem connection, in the `Peer Address` field. Click on both blue Save buttons when finished.
+
+To update the VPN Gateway, click on `VPC Deployments` on the left navigation bar then click on the `poweringress` routing table icon. Change the on-prem CIDR in the `Destination` field and click the blue Save button.
+
+#### On-premises network CIDR outside of 10.0.0.0/8
+If you are using an on-premises network CIDR outside of the `10.0.0.0/8` range in addition to the changes above you will need to add inbound and outbound rules to the `transit-vsi` and `transit-vpe` security groups. These security groups can be found by clicking on `VPC Deployments` on the left navigation bar and then clicking on each security group icon.
+
 
 ### Activity Tracker
 By default the template will create an IBM Cloud Activity Tracker in the us-south region. Since only one activity tracker is allowed per region in an account the project will fail to deploy if the account already has an Activity Tracker instance in the region. If the target account already has an Activity Tracker instance the project must be modified to not create an instance. Navigate to the the Activity Tracker by choosing `Cloud Services` from the left navigation bar and click on the `Activity Tracker` icon. Set `Create Activity Tracker Instance` to `False` and click the Save button.
@@ -83,6 +91,8 @@ To change the CIDR of a Power VS network, click on the `Power VS`icon in the lef
 
 The CIDR must also be changed in the VPN Gateway. Click on `VPC Deployments` on the left navigation bar. Scroll down and click on the gateway icon in the `vpn-zone-1` network. Expand the connection section and update the network CIDR in the `Local CIDRs` field.
 
+The CIDR must be changed on both the `transit-vpe` and `transit-vsi` security groups. To modify a security group, click on `VPC Deployments` on the left navigation bar and click on the icon for the security group you want to modify. To modify the security group rules, click the `Manage Rules` button above the table. Expand the rule you want to modify, modify the rule, and click the Save button. Modify the CIDR in the `powervs-inbound` rule in both security groups.
+
 ### Power Virtual Server VSIs / LPARs
 
 The template comes with an AIX and an IBM i VSI. These VSIs are using stock images provided by Power Virtual Server for their boot disk (rootvg or *SYSBAS). The VSIs also have additional storage volumes which will be blank and unformatted when the VSI is provisioned. Specifications such as CPU, memory, storage, image version, and more can be customized in CRAIG before deployment. The VSIs can also be remove and additional VSIs can be added.
@@ -125,6 +135,24 @@ IBM Cloud Schematics provides a cost estimation for the project resources after
 
 ## Post-deployment configuration
 
+### Update Power VS route to VPN Gateway
+After deploying the PoC resources the routing table for traffic from Power VS to the VPN Gateway for on-premises must be updated.
+
+First, find the VPN Gateway for VPC's active private address.
+> * You can find this address from [IBM cloud console](https://cloud.ibm.com/).
+> * From left menu click on `VPC Infrastructures > VPNs`. 
+> * Select the region where VPN has been deployed and all VPNs in that region will be listed. 
+> * Select the VPN that was deployed.
+> * Copy or write down the Private IP of the active gateway member
+
+Update the routing table:
+> * From left menu click on `VPC Infrastructures > Routing Tables`. 
+> * Select the VPC that was deployed.
+> * Select the routing table with `poweringress` in its name.
+> Modify the route by clicking the 3 vertical dot icon and choosing Edit.
+> Set the Next hop IP address to the private IP address of the active VPN gateway member
+
+### Virtual server configuration
 After deploying the PoC resources additional configuration in the VSI operating systems is usually required. IBM i VSIs deployed using the stock images have [required post-deployment configuration](https://cloud.ibm.com/docs/power-iaas?topic=power-iaas-configuring-ibmi).
 
 Any additional non-boot disk (rootvg, *SYSBAS, etc) volumes will be blank and require formatting, volume group restores, mount point configuration, ASP configuration, etc depending on the operating system and intended use case.

.tekton/ci/ci-pipeline.yml

@@ -224,71 +224,71 @@ spec:
       workspaces:
         - name: output
           workspace: pipeline-ws
-    - name: code-risk-analyzer
-      runAfter:
-        - git-clone
-      taskRef:
-        name: cra-v2-cra
-      params:
-        - name: pipeline-debug
-          value: $(params.pipeline-debug)
-        - name: ibmcloud-region
-          value: $(params.ibmcloud-region)
-        - name: registry-region
-          value: $(params.registry-region)
-        - name: env-props
-          value: $(params.env-props)
-        - name: fileignore
-          value: $(params.fileignore)
-        - name: ibmcloud-trace
-          value: $(params.ibmcloud-trace)
-        - name: output
-          value: $(params.output)
-        - name: path
-          value: $(params.path)
-        - name: strict
-          value: $(params.strict)
-        - name: toolchainid
-          value: $(params.toolchainid)
-        - name: verbose
-          value: $(params.verbose)
-        - name: asset-type
-          value: $(params.asset-type)
-        - name: bom-report
-          value: $(params.bom-report)
-        - name: docker-build-flags
-          value: $(params.docker-build-flags)
-        - name: docker-build-context
-          value: $(params.docker-build-context)
-        - name: dockerfile-pattern
-          value: $(params.dockerfile-pattern)
-        - name: docker-registry-url
-          value: $(params.docker-registry-url)
-        - name: docker-registry-username
-          value: $(params.docker-registry-username)
-        - name: gradle-exclude-configs
-          value: $(params.gradle-exclude-configs)
-        - name: maven-exclude-scopes
-          value: $(params.maven-exclude-scopes)
-        - name: nodejs-create-package-lock
-          value: $(params.nodejs-create-package-lock)
-        - name: prev-report
-          value: $(params.prev-report)
-        - name: deploy-report
-          value: $(params.deploy-report)
-        - name: cveignore
-          value: $(params.cveignore)
-        - name: exclude-dev
-          value: $(params.exclude-dev)
-        - name: vulnerability-report
-          value: $(params.vulnerability-report)
-        - name: cra-scan-image
-          value: $(params.cra-scan-image)
-        - name: custom-script
-          value: $(params.custom-script)
-      workspaces:
-        - name: artifacts
-          workspace: pipeline-ws
+    # - name: code-risk-analyzer
+    #   runAfter:
+    #     - git-clone
+    #   taskRef:
+    #     name: cra-v2-cra
+    #   params:
+    #     - name: pipeline-debug
+    #       value: $(params.pipeline-debug)
+    #     - name: ibmcloud-region
+    #       value: $(params.ibmcloud-region)
+    #     - name: registry-region
+    #       value: $(params.registry-region)
+    #     - name: env-props
+    #       value: $(params.env-props)
+    #     - name: fileignore
+    #       value: $(params.fileignore)
+    #     - name: ibmcloud-trace
+    #       value: $(params.ibmcloud-trace)
+    #     - name: output
+    #       value: $(params.output)
+    #     - name: path
+    #       value: $(params.path)
+    #     - name: strict
+    #       value: $(params.strict)
+    #     - name: toolchainid
+    #       value: $(params.toolchainid)
+    #     - name: verbose
+    #       value: $(params.verbose)
+    #     - name: asset-type
+    #       value: $(params.asset-type)
+    #     - name: bom-report
+    #       value: $(params.bom-report)
+    #     - name: docker-build-flags
+    #       value: $(params.docker-build-flags)
+    #     - name: docker-build-context
+    #       value: $(params.docker-build-context)
+    #     - name: dockerfile-pattern
+    #       value: $(params.dockerfile-pattern)
+    #     - name: docker-registry-url
+    #       value: $(params.docker-registry-url)
+    #     - name: docker-registry-username
+    #       value: $(params.docker-registry-username)
+    #     - name: gradle-exclude-configs
+    #       value: $(params.gradle-exclude-configs)
+    #     - name: maven-exclude-scopes
+    #       value: $(params.maven-exclude-scopes)
+    #     - name: nodejs-create-package-lock
+    #       value: $(params.nodejs-create-package-lock)
+    #     - name: prev-report
+    #       value: $(params.prev-report)
+    #     - name: deploy-report
+    #       value: $(params.deploy-report)
+    #     - name: cveignore
+    #       value: $(params.cveignore)
+    #     - name: exclude-dev
+    #       value: $(params.exclude-dev)
+    #     - name: vulnerability-report
+    #       value: $(params.vulnerability-report)
+    #     - name: cra-scan-image
+    #       value: $(params.cra-scan-image)
+    #     - name: custom-script
+    #       value: $(params.custom-script)
+    #   workspaces:
+    #     - name: artifacts
+    #       workspace: pipeline-ws
     - name: extract-doi-enablement
       taskRef:
         name: toolchain-extract-value

CHANGELOG.md

@@ -2,7 +2,7 @@
 
 All notable changes to this project will be documented in this file.
 
-## 1.11.0
+## 1.11.1
 
 ### Upgrade Notes
 

client/src/lib/docs/release-notes.json

@@ -1,6 +1,6 @@
 [
   {
-    "version": "1.11.0",
+    "version": "1.11.1",
     "features": [
       "Users can now view Power VS Resources with no selected workspace on the CRAIG V2 Power VS page",
       "Users can now view Power VS Resources with no selected subnets on the CRAIG V2 Power VS page",

client/src/lib/docs/templates/from-scratch.json

@@ -10,7 +10,7 @@
     "enable_classic": false,
     "dynamic_subnets": true,
     "enable_power_vs": false,
-    "craig_version": "1.11.0",
+    "craig_version": "1.11.1",
     "power_vs_zones": [],
     "power_vs_high_availability": false
   },

client/src/lib/docs/templates/oracle-si.json

@@ -10,7 +10,7 @@
     "dynamic_subnets": false,
     "enable_power_vs": true,
     "power_vs_zones": ["dal12", "dal10", "us-south"],
-    "craig_version": "1.11.0",
+    "craig_version": "1.11.1",
     "power_vs_high_availability": false
   },
   "access_groups": [],