diff --git a/README.md b/README.md index d126ec9..39de0a3 100644 --- a/README.md +++ b/README.md @@ -55,27 +55,27 @@ ### Execute Plans in Terraform Cloud Workspaces -1. Open the Workspace "{cluster_name}_global_vars" in TFCB and queue a plan manually. This will populate the global variables that will be used by the other TFCB workspaces. +1. Open the Workspace "{organization}" in TFCB and queue a plan manually. This will Create the Organization Poliices and add outputs to be consumed by the next module {organization}_{cluster_name}. 2. You will execute the Runs in the workspaces in this order: - * {cluster_name}_iks - See section below on "Provision IKS Policies and IP Pools with TFCB" + * {organization}_{cluster_name} - See section below on "Provision IKS Cluster and IP Pools with TFCB" - * {cluster_name}_kube - See section below on "Provision a IKS Cluster with TFCB" + * {organization}_{cluster_name}_kube - See section below on "Provision a IKS Cluster with TFCB" - * {cluster_name}_iwo - See section below on "Deploy IWO collector using Helm" + * {organization}_{cluster_name}_iwo - See section below on "Deploy IWO collector using Helm" - * {cluster_name}_app_hello - See section below on "Deploy a sample "Hello IKS" App using Helm" + * {organization}_{cluster_name}_app_hello - See section below on "Deploy a sample "Hello IKS" App using Helm" -### Provision IP Pools, Kubernetes Policies, and an IKS Cluster with TFCB +### Provision Intersight Kubernetes Service Cluster with TFCB ![alt text](https://github.com/prathjan/images/blob/main/prof.png?raw=true) ### Get the Cluster kube_config -Currently due to order of operations in Intersight you must use a seperate task after Cluster creation to download the kube_config. the {cluster_name}_kube Workspace will be used to accomplish this. +Currently due to order of operations in Intersight you must use a seperate task after Cluster creation to download the kube_config. the {organization}_{cluster_name}_kube Workspace will be used to accomplish this. -Once you have confirmed in Intersight that the cluster has been fully provisioned run the plan in the {cluster_name}_kube workspace. +Once you have confirmed in Intersight that the cluster has been fully provisioned run the plan in the {organization}_{cluster_name}_kube workspace. Download the cluster kube_config from from the workspace and run a couple of kubectl commands to verify an operational cluster: @@ -87,13 +87,13 @@ Download the cluster kube_config from from the workspace and run a couple of kub If you don't have Intersight Workload Optimizer licensing tied to your Intersight Instance you can skip this section. -As a Cloud Admin it is imperative to be able to have insights into the infrastructure. The workspace "{cluster_name}_iwo" provides an example helm chart provisioning process to add the iwo collector pod to the deployed cluster. +As a Cloud Admin it is imperative to be able to have insights into the infrastructure. The workspace "{organization}_{cluster_name}_iwo" provides an example helm chart provisioning process to add the iwo collector pod to the deployed cluster. -Open "{cluster_name}_iwo" and Queue a plan manually. +Open "{organization}_{cluster_name}_iwo" and Queue a plan manually. Once successful, the collector is installed into your Kubernetes cluster and requires you to claim it as target in Intersight->Target. You will use the following steps to get the Device ID and Code: -Download kube_config for the {cluster_name} from Intersight or your {cluster_name}_kube workspace. +Download kube_config for the {organization}_{cluster_name} from Intersight or your {organization}_{cluster_name}_kube workspace. Execute: @@ -115,9 +115,9 @@ Note: This can take approximately 30 minutes to begin to see the cluster in IWO. ### Deploy the sample "Hello IKS" App using Helm -What use is a cluster without an Application? The workspace "{cluster_name}_app_hello" accounts for this. +What use is a cluster without an Application? The workspace "{organization}_{cluster_name}_app_hello" accounts for this. -Open "{cluster_name}_app_hello" and Queue a plan manually. +Open "{organization}_{cluster_name}_app_hello" and Queue a plan manually. Once successful, access the app with the loadbalancer IP: diff --git a/modules/iks/README.md b/modules/iks/README.md index 6ab8ce1..2fcdaa7 100644 --- a/modules/iks/README.md +++ b/modules/iks/README.md @@ -1,4 +1,4 @@ -# IKS Policies and Cluster Profile Module +# Intersight Kubernetes Service Cluster Profile Module ## Use this module to create Kubernetes policies and an IKS Cluster profile in Intersight @@ -15,64 +15,38 @@ Run the plan from the Terraform cloud workspace. | Name | Version | |------|---------| -| [intersight](#provider\_intersight) | 1.0.11 | +| [terraform](#provider\_terraform) | n/a | ## Modules | Name | Source | Version | |------|--------|---------| | [control\_plane\_node\_group](#module\_control\_plane\_node\_group) | terraform-cisco-modules/imm/intersight//modules/k8s_node_group_profile | n/a | -| [control\_plane\_vm\_infra\_provider](#module\_control\_plane\_vm\_infra\_provider) | terraform-cisco-modules/imm/intersight//modules/k8s_vm_infra_provider | n/a | +| [control\_plane\_vm\_infra\_provider](#module\_control\_plane\_vm\_infra\_provider) | terraform-cisco-modules/imm/intersight//modules/k8s_node_vm_infra_provider | n/a | | [iks\_cluster](#module\_iks\_cluster) | terraform-cisco-modules/imm/intersight//modules/k8s_cluster | n/a | -| [ip\_pools](#module\_ip\_pools) | terraform-cisco-modules/imm/intersight//modules/pools_ip | n/a | -| [k8s\_addon\_policies](#module\_k8s\_addon\_policies) | terraform-cisco-modules/imm/intersight//modules/policies_k8s_addons | n/a | -| [k8s\_network\_cidr](#module\_k8s\_network\_cidr) | terraform-cisco-modules/imm/intersight//modules/policies_k8s_network_cidr | n/a | -| [k8s\_nodeos\_config](#module\_k8s\_nodeos\_config) | terraform-cisco-modules/imm/intersight//modules/policies_k8s_nodeos_config | n/a | -| [k8s\_runtime\_policies](#module\_k8s\_runtime\_policies) | terraform-cisco-modules/imm/intersight//modules/policies_k8s_runtime | n/a | -| [k8s\_trusted\_registries](#module\_k8s\_trusted\_registries) | terraform-cisco-modules/imm/intersight//modules/k8s_trusted_registries | n/a | -| [k8s\_version\_policies](#module\_k8s\_version\_policies) | terraform-cisco-modules/imm/intersight//modules/policies_k8s_version | n/a | -| [k8s\_vm\_infra\_config](#module\_k8s\_vm\_infra\_config) | terraform-cisco-modules/imm/intersight//modules/policies_k8s_vm_infra | n/a | -| [k8s\_vm\_instance\_type](#module\_k8s\_vm\_instance\_type) | terraform-cisco-modules/imm/intersight//modules/policies_k8s_vm_instance_type | n/a | | [worker\_node\_group](#module\_worker\_node\_group) | terraform-cisco-modules/imm/intersight//modules/k8s_node_group_profile | n/a | -| [worker\_vm\_infra\_provider](#module\_worker\_vm\_infra\_provider) | terraform-cisco-modules/imm/intersight//modules/k8s_vm_infra_provider | n/a | +| [worker\_vm\_infra\_provider](#module\_worker\_vm\_infra\_provider) | terraform-cisco-modules/imm/intersight//modules/k8s_node_vm_infra_provider | n/a | ## Resources | Name | Type | |------|------| -| [intersight_organization_organization.org_moid](https://registry.terraform.io/providers/CiscoDevNet/intersight/1.0.11/docs/data-sources/organization_organization) | data source | -| [intersight_organization_organization.organization_moid](https://registry.terraform.io/providers/CiscoDevNet/intersight/1.0.11/docs/data-sources/organization_organization) | data source | +| [terraform_remote_state.organization](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source | ## Inputs | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| | [apikey](#input\_apikey) | Intersight API Key. | `string` | n/a | yes | -| [endpoint](#input\_endpoint) | Intersight URL. | `string` | `"https://intersight.com"` | no | -| [iks\_cluster](#input\_iks\_cluster) | Please Refer to the k8s\_version variable information in the tfe module. In the IKS module the variable is accepted as a string from terraform cloud in the terraform.auto.tfvars and extracted using locals. | `string` | n/a | yes | -| [ip\_pools](#input\_ip\_pools) | Please Refer to the ip\_pools variable information in the tfe module. In the IKS module the variable is accepted as a string from terraform cloud in the terraform.auto.tfvars and extracted using locals. | `string` | n/a | yes | -| [k8s\_addon\_policies](#input\_k8s\_addon\_policies) | Please Refer to the k8s\_addons variable information in the tfe module. In the IKS module the variable is accepted as a string from terraform cloud in the terraform.auto.tfvars and extracted using locals. | `string` | n/a | yes | -| [k8s\_network\_cidr](#input\_k8s\_network\_cidr) | Please Refer to the k8s\_network\_cidr variable information in the tfe module. In the IKS module the variable is accepted as a string from terraform cloud in the terraform.auto.tfvars and extracted using locals. | `string` | n/a | yes | -| [k8s\_nodeos\_config](#input\_k8s\_nodeos\_config) | Please Refer to the k8s\_nodeos\_config variable information in the tfe module. In the IKS module the variable is accepted as a string from terraform cloud in the terraform.auto.tfvars and extracted using locals. | `string` | n/a | yes | -| [k8s\_runtime\_create](#input\_k8s\_runtime\_create) | Flag to specify if the Kubernetes Runtime Policy should be created or not. | `bool` | `false` | no | -| [k8s\_runtime\_http\_password](#input\_k8s\_runtime\_http\_password) | Password for the HTTP Proxy Server, If required. | `string` | `""` | no | -| [k8s\_runtime\_https\_password](#input\_k8s\_runtime\_https\_password) | Password for the HTTPS Proxy Server, If required. | `string` | `""` | no | -| [k8s\_runtime\_policies](#input\_k8s\_runtime\_policies) | Please Refer to the k8s\_runtime\_policies variable information in the tfe module. In the IKS module the variable is accepted as a string from terraform cloud in the terraform.auto.tfvars and extracted using locals. | `string` | n/a | yes | -| [k8s\_trusted\_create](#input\_k8s\_trusted\_create) | Flag to specify if the Kubernetes Runtime Policy should be created or not. | `bool` | `false` | no | -| [k8s\_trusted\_registries](#input\_k8s\_trusted\_registries) | Please Refer to the k8s\_trusted\_registries variable information in the tfe module. In the IKS module the variable is accepted as a string from terraform cloud in the terraform.auto.tfvars and extracted using locals. | `string` | n/a | yes | -| [k8s\_version\_policies](#input\_k8s\_version\_policies) | Please Refer to the k8s\_version\_policies variable information in the tfe module. In the IKS module the variable is accepted as a string from terraform cloud in the terraform.auto.tfvars and extracted using locals. | `string` | n/a | yes | -| [k8s\_vm\_infra\_config](#input\_k8s\_vm\_infra\_config) | Please Refer to the k8s\_vm\_infra\_config variable information in the tfe module. In the IKS module the variable is accepted as a string from terraform cloud in the terraform.auto.tfvars and extracted using locals. | `string` | n/a | yes | -| [k8s\_vm\_infra\_password](#input\_k8s\_vm\_infra\_password) | vSphere Password. Note: this is the password of the Credentials used to register the vSphere Target. | `string` | n/a | yes | -| [k8s\_vm\_instance\_type](#input\_k8s\_vm\_instance\_type) | Please Refer to the k8s\_vm\_instance\_type variable information in the tfe module. In the IKS module the variable is accepted as a string from terraform cloud in the terraform.auto.tfvars and extracted using locals. | `string` | n/a | yes | -| [organization](#input\_organization) | Intersight Organization. | `string` | `"default"` | no | +| [iks\_cluster](#input\_iks\_cluster) | Please Refer to the iks\_cluster variable information in the tfe module. In the iks module the variable is accepted as a string from terraform cloud in the terraform.auto.tfvars and extracted using locals. | `string` | n/a | yes | +| [organization](#input\_organization) | Intersight Organization Name/Workspace. | `string` | `"default"` | no | | [secretkey](#input\_secretkey) | Intersight Secret Key. | `string` | n/a | yes | | [ssh\_key\_1](#input\_ssh\_key\_1) | Intersight Kubernetes Service Cluster SSH Public Key 1. | `string` | `""` | no | | [ssh\_key\_2](#input\_ssh\_key\_2) | Intersight Kubernetes Service Cluster SSH Public Key 2. These are place holders for Tenants that use different keys for different clusters. | `string` | `""` | no | | [ssh\_key\_3](#input\_ssh\_key\_3) | Intersight Kubernetes Service Cluster SSH Public Key 3. These are place holders for Tenants that use different keys for different clusters. | `string` | `""` | no | | [ssh\_key\_4](#input\_ssh\_key\_4) | Intersight Kubernetes Service Cluster SSH Public Key 4. These are place holders for Tenants that use different keys for different clusters. | `string` | `""` | no | | [ssh\_key\_5](#input\_ssh\_key\_5) | Intersight Kubernetes Service Cluster SSH Public Key 5. These are place holders for Tenants that use different keys for different clusters. | `string` | `""` | no | -| [tags](#input\_tags) | Please Refer to the tags variable information in the tfe module. In the IKS module the variable is accepted as a string from terraform cloud in the terraform.auto.tfvars and extracted using locals. | `string` | n/a | yes | -| [tenant\_name](#input\_tenant\_name) | Name of the Tenant. | `string` | `"default"` | no | +| [tfc\_organization](#input\_tfc\_organization) | Terraform Cloud Organization Name. | `string` | n/a | yes | ## Outputs @@ -80,17 +54,7 @@ Run the plan from the Terraform cloud workspace. |------|-------------| | [endpoint](#output\_endpoint) | Intersight URL. | | [iks\_cluster](#output\_iks\_cluster) | moid of the IKS Cluster. | -| [ip\_pools](#output\_ip\_pools) | moid of the IP Pool | -| [k8s\_addon\_policies](#output\_k8s\_addon\_policies) | moid of the Kubernetes CIDR Policies. | -| [k8s\_network\_cidr](#output\_k8s\_network\_cidr) | moid of the Kubernetes CIDR Policies. | -| [k8s\_nodeos\_config](#output\_k8s\_nodeos\_config) | moid of the Kubernetes Node OS Config Policies. | -| [k8s\_runtime\_policies](#output\_k8s\_runtime\_policies) | moid of the Kubernetes Runtime Policies. | -| [k8s\_trusted\_registries](#output\_k8s\_trusted\_registries) | moid of the Kubernetes Trusted Registry Policy. | -| [k8s\_version\_policies](#output\_k8s\_version\_policies) | moid of the Kubernetes Version Policies. | -| [k8s\_vm\_infra\_config](#output\_k8s\_vm\_infra\_config) | moid of the Kubernetes VM Infrastructure Configuration Policies. | -| [k8s\_vm\_instance\_type](#output\_k8s\_vm\_instance\_type) | moid of the Large Kubernetes Instance Type Policies. | | [org\_moid](#output\_org\_moid) | moid of the Intersight Organization. | | [organization](#output\_organization) | Intersight Organization Name. | | [tags](#output\_tags) | Tags to be Associated with Objects Created in Intersight. | -| [tenant\_name](#output\_tenant\_name) | Name of the Tenant. | diff --git a/modules/organization/README.md b/modules/organization/README.md index 6ab8ce1..b188535 100644 --- a/modules/organization/README.md +++ b/modules/organization/README.md @@ -1,6 +1,6 @@ -# IKS Policies and Cluster Profile Module +# Organization Kubernetes Policies Module -## Use this module to create Kubernetes policies and an IKS Cluster profile in Intersight +## Use this module to create Kubernetes policies within the Intersight organization Run the plan from the Terraform cloud workspace. @@ -21,65 +21,52 @@ Run the plan from the Terraform cloud workspace. | Name | Source | Version | |------|--------|---------| -| [control\_plane\_node\_group](#module\_control\_plane\_node\_group) | terraform-cisco-modules/imm/intersight//modules/k8s_node_group_profile | n/a | -| [control\_plane\_vm\_infra\_provider](#module\_control\_plane\_vm\_infra\_provider) | terraform-cisco-modules/imm/intersight//modules/k8s_vm_infra_provider | n/a | -| [iks\_cluster](#module\_iks\_cluster) | terraform-cisco-modules/imm/intersight//modules/k8s_cluster | n/a | | [ip\_pools](#module\_ip\_pools) | terraform-cisco-modules/imm/intersight//modules/pools_ip | n/a | | [k8s\_addon\_policies](#module\_k8s\_addon\_policies) | terraform-cisco-modules/imm/intersight//modules/policies_k8s_addons | n/a | | [k8s\_network\_cidr](#module\_k8s\_network\_cidr) | terraform-cisco-modules/imm/intersight//modules/policies_k8s_network_cidr | n/a | | [k8s\_nodeos\_config](#module\_k8s\_nodeos\_config) | terraform-cisco-modules/imm/intersight//modules/policies_k8s_nodeos_config | n/a | | [k8s\_runtime\_policies](#module\_k8s\_runtime\_policies) | terraform-cisco-modules/imm/intersight//modules/policies_k8s_runtime | n/a | -| [k8s\_trusted\_registries](#module\_k8s\_trusted\_registries) | terraform-cisco-modules/imm/intersight//modules/k8s_trusted_registries | n/a | +| [k8s\_trusted\_registries](#module\_k8s\_trusted\_registries) | terraform-cisco-modules/imm/intersight//modules/policies_k8s_trusted_registries | n/a | | [k8s\_version\_policies](#module\_k8s\_version\_policies) | terraform-cisco-modules/imm/intersight//modules/policies_k8s_version | n/a | | [k8s\_vm\_infra\_config](#module\_k8s\_vm\_infra\_config) | terraform-cisco-modules/imm/intersight//modules/policies_k8s_vm_infra | n/a | | [k8s\_vm\_instance\_type](#module\_k8s\_vm\_instance\_type) | terraform-cisco-modules/imm/intersight//modules/policies_k8s_vm_instance_type | n/a | -| [worker\_node\_group](#module\_worker\_node\_group) | terraform-cisco-modules/imm/intersight//modules/k8s_node_group_profile | n/a | -| [worker\_vm\_infra\_provider](#module\_worker\_vm\_infra\_provider) | terraform-cisco-modules/imm/intersight//modules/k8s_vm_infra_provider | n/a | ## Resources | Name | Type | |------|------| | [intersight_organization_organization.org_moid](https://registry.terraform.io/providers/CiscoDevNet/intersight/1.0.11/docs/data-sources/organization_organization) | data source | -| [intersight_organization_organization.organization_moid](https://registry.terraform.io/providers/CiscoDevNet/intersight/1.0.11/docs/data-sources/organization_organization) | data source | ## Inputs | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| | [apikey](#input\_apikey) | Intersight API Key. | `string` | n/a | yes | +| [dns\_servers\_v4](#input\_dns\_servers\_v4) | DNS Servers for Kubernetes Sysconfig Policy. | `list(string)` | 
[
  "198.18.0.100",
  "198.18.0.101"
]
| no | | [endpoint](#input\_endpoint) | Intersight URL. | `string` | `"https://intersight.com"` | no | -| [iks\_cluster](#input\_iks\_cluster) | Please Refer to the k8s\_version variable information in the tfe module. In the IKS module the variable is accepted as a string from terraform cloud in the terraform.auto.tfvars and extracted using locals. | `string` | n/a | yes | -| [ip\_pools](#input\_ip\_pools) | Please Refer to the ip\_pools variable information in the tfe module. In the IKS module the variable is accepted as a string from terraform cloud in the terraform.auto.tfvars and extracted using locals. | `string` | n/a | yes | -| [k8s\_addon\_policies](#input\_k8s\_addon\_policies) | Please Refer to the k8s\_addons variable information in the tfe module. In the IKS module the variable is accepted as a string from terraform cloud in the terraform.auto.tfvars and extracted using locals. | `string` | n/a | yes | -| [k8s\_network\_cidr](#input\_k8s\_network\_cidr) | Please Refer to the k8s\_network\_cidr variable information in the tfe module. In the IKS module the variable is accepted as a string from terraform cloud in the terraform.auto.tfvars and extracted using locals. | `string` | n/a | yes | -| [k8s\_nodeos\_config](#input\_k8s\_nodeos\_config) | Please Refer to the k8s\_nodeos\_config variable information in the tfe module. In the IKS module the variable is accepted as a string from terraform cloud in the terraform.auto.tfvars and extracted using locals. | `string` | n/a | yes | +| [ip\_pools](#input\_ip\_pools) | Please Refer to the ip\_pools variable information in the tfe module. In the organization module the variable is accepted as a string from terraform cloud in the terraform.auto.tfvars and extracted using locals. | `string` | n/a | yes | +| [k8s\_addon\_policies](#input\_k8s\_addon\_policies) | Please Refer to the k8s\_addons variable information in the tfe module. In the organization module the variable is accepted as a string from terraform cloud in the terraform.auto.tfvars and extracted using locals. | `string` | n/a | yes | +| [k8s\_network\_cidr](#input\_k8s\_network\_cidr) | Please Refer to the k8s\_network\_cidr variable information in the tfe module. In the organization module the variable is accepted as a string from terraform cloud in the terraform.auto.tfvars and extracted using locals. | `string` | n/a | yes | +| [k8s\_nodeos\_config](#input\_k8s\_nodeos\_config) | Please Refer to the k8s\_nodeos\_config variable information in the tfe module. In the organization module the variable is accepted as a string from terraform cloud in the terraform.auto.tfvars and extracted using locals. | `string` | n/a | yes | | [k8s\_runtime\_create](#input\_k8s\_runtime\_create) | Flag to specify if the Kubernetes Runtime Policy should be created or not. | `bool` | `false` | no | | [k8s\_runtime\_http\_password](#input\_k8s\_runtime\_http\_password) | Password for the HTTP Proxy Server, If required. | `string` | `""` | no | | [k8s\_runtime\_https\_password](#input\_k8s\_runtime\_https\_password) | Password for the HTTPS Proxy Server, If required. | `string` | `""` | no | -| [k8s\_runtime\_policies](#input\_k8s\_runtime\_policies) | Please Refer to the k8s\_runtime\_policies variable information in the tfe module. In the IKS module the variable is accepted as a string from terraform cloud in the terraform.auto.tfvars and extracted using locals. | `string` | n/a | yes | +| [k8s\_runtime\_policies](#input\_k8s\_runtime\_policies) | Please Refer to the k8s\_runtime\_policies variable information in the tfe module. In the organization module the variable is accepted as a string from terraform cloud in the terraform.auto.tfvars and extracted using locals. | `string` | n/a | yes | | [k8s\_trusted\_create](#input\_k8s\_trusted\_create) | Flag to specify if the Kubernetes Runtime Policy should be created or not. | `bool` | `false` | no | -| [k8s\_trusted\_registries](#input\_k8s\_trusted\_registries) | Please Refer to the k8s\_trusted\_registries variable information in the tfe module. In the IKS module the variable is accepted as a string from terraform cloud in the terraform.auto.tfvars and extracted using locals. | `string` | n/a | yes | -| [k8s\_version\_policies](#input\_k8s\_version\_policies) | Please Refer to the k8s\_version\_policies variable information in the tfe module. In the IKS module the variable is accepted as a string from terraform cloud in the terraform.auto.tfvars and extracted using locals. | `string` | n/a | yes | -| [k8s\_vm\_infra\_config](#input\_k8s\_vm\_infra\_config) | Please Refer to the k8s\_vm\_infra\_config variable information in the tfe module. In the IKS module the variable is accepted as a string from terraform cloud in the terraform.auto.tfvars and extracted using locals. | `string` | n/a | yes | +| [k8s\_trusted\_registries](#input\_k8s\_trusted\_registries) | Please Refer to the k8s\_trusted\_registries variable information in the tfe module. In the organization module the variable is accepted as a string from terraform cloud in the terraform.auto.tfvars and extracted using locals. | `string` | n/a | yes | +| [k8s\_version\_policies](#input\_k8s\_version\_policies) | Please Refer to the k8s\_version\_policies variable information in the tfe module. In the organization module the variable is accepted as a string from terraform cloud in the terraform.auto.tfvars and extracted using locals. | `string` | n/a | yes | +| [k8s\_vm\_infra\_config](#input\_k8s\_vm\_infra\_config) | Please Refer to the k8s\_vm\_infra\_config variable information in the tfe module. In the organization module the variable is accepted as a string from terraform cloud in the terraform.auto.tfvars and extracted using locals. | `string` | n/a | yes | | [k8s\_vm\_infra\_password](#input\_k8s\_vm\_infra\_password) | vSphere Password. Note: this is the password of the Credentials used to register the vSphere Target. | `string` | n/a | yes | -| [k8s\_vm\_instance\_type](#input\_k8s\_vm\_instance\_type) | Please Refer to the k8s\_vm\_instance\_type variable information in the tfe module. In the IKS module the variable is accepted as a string from terraform cloud in the terraform.auto.tfvars and extracted using locals. | `string` | n/a | yes | +| [k8s\_vm\_instance\_type](#input\_k8s\_vm\_instance\_type) | Please Refer to the k8s\_vm\_instance\_type variable information in the tfe module. In the organization module the variable is accepted as a string from terraform cloud in the terraform.auto.tfvars and extracted using locals. | `string` | n/a | yes | | [organization](#input\_organization) | Intersight Organization. | `string` | `"default"` | no | | [secretkey](#input\_secretkey) | Intersight Secret Key. | `string` | n/a | yes | -| [ssh\_key\_1](#input\_ssh\_key\_1) | Intersight Kubernetes Service Cluster SSH Public Key 1. | `string` | `""` | no | -| [ssh\_key\_2](#input\_ssh\_key\_2) | Intersight Kubernetes Service Cluster SSH Public Key 2. These are place holders for Tenants that use different keys for different clusters. | `string` | `""` | no | -| [ssh\_key\_3](#input\_ssh\_key\_3) | Intersight Kubernetes Service Cluster SSH Public Key 3. These are place holders for Tenants that use different keys for different clusters. | `string` | `""` | no | -| [ssh\_key\_4](#input\_ssh\_key\_4) | Intersight Kubernetes Service Cluster SSH Public Key 4. These are place holders for Tenants that use different keys for different clusters. | `string` | `""` | no | -| [ssh\_key\_5](#input\_ssh\_key\_5) | Intersight Kubernetes Service Cluster SSH Public Key 5. These are place holders for Tenants that use different keys for different clusters. | `string` | `""` | no | -| [tags](#input\_tags) | Please Refer to the tags variable information in the tfe module. In the IKS module the variable is accepted as a string from terraform cloud in the terraform.auto.tfvars and extracted using locals. | `string` | n/a | yes | -| [tenant\_name](#input\_tenant\_name) | Name of the Tenant. | `string` | `"default"` | no | +| [tags](#input\_tags) | Please Refer to the tags variable information in the tfe module. In the organization module the variable is accepted as a string from terraform cloud in the terraform.auto.tfvars and extracted using locals. | `string` | n/a | yes | ## Outputs | Name | Description | |------|-------------| | [endpoint](#output\_endpoint) | Intersight URL. | -| [iks\_cluster](#output\_iks\_cluster) | moid of the IKS Cluster. | | [ip\_pools](#output\_ip\_pools) | moid of the IP Pool | | [k8s\_addon\_policies](#output\_k8s\_addon\_policies) | moid of the Kubernetes CIDR Policies. | | [k8s\_network\_cidr](#output\_k8s\_network\_cidr) | moid of the Kubernetes CIDR Policies. | @@ -92,5 +79,4 @@ Run the plan from the Terraform cloud workspace. | [org\_moid](#output\_org\_moid) | moid of the Intersight Organization. | | [organization](#output\_organization) | Intersight Organization Name. | | [tags](#output\_tags) | Tags to be Associated with Objects Created in Intersight. | -| [tenant\_name](#output\_tenant\_name) | Name of the Tenant. | diff --git a/modules/tfe/README.md b/modules/tfe/README.md index 0515b4f..6940108 100644 --- a/modules/tfe/README.md +++ b/modules/tfe/README.md @@ -40,6 +40,10 @@ Follow the base repository instructions to obtain values for the following varia ### Import the Variables into your Environment before Running the Terraform Cloud Provider module(s) in this directory +Modify the terraform.tfvars file to the unique attributes of your environment + +Once finished with the modification commit the changes to your reposotiry. + The Following examples are for a Linux based Operating System. Note that the TF_VAR_ prefix is used as a notification to the terraform engine that the environment variable will be consumed by terraform. * Terraform Cloud Variables @@ -47,148 +51,25 @@ The Following examples are for a Linux based Operating System. Note that the TF ```bash export TF_VAR_terraform_cloud_token="your_cloud_token" export TF_VAR_tfc_oath_token="your_oath_token" -export TF_VAR_tfc_email="your_email" -export TF_VAR_agent_pool="your_agent_pool_name" -export TF_VAR_vcs_repo="your_vcs_repo" ``` -* Intersight Variables +* Intersight apikey and secretkey ```bash export TF_VAR_apikey="your_api_key" -export TF_VAR_secretkey="your_secret_key" +export TF_VAR_secretkey=`../../../../intersight_secretkey.txt` ``` -* Global Variables - Refer to explanation below on the purpose of the network_prefix variable - -```bash -export TF_VAR_network_prefix="10.200.0" -``` - -* vSphere Variables +* vSphere Password ```bash export TF_VAR_vsphere_password="your_vshpere_password" ``` -* Kubernetes Cluster Variables - -```bash -export TF_VAR_ssh_key="your_ssh_key" -``` - -* Kubernetes Cluster Add-ons Variables - -If you want to add both Add-ons that are supported today {ccp-monitor|kubernetes-dashboard} use the following list: - -```bash -export TF_VAR_addons_list="[\"ccp-monitor\", \"kubernetes-dashboard\"]" -``` - -You can also just include one or the other add-ons. - -## Optional Variables - -Below are additional variables that have been assigned default values already. Confirm anything that needs to change for your environment. The default values are shown below. - -* Terraform Cloud Default Variables - -```bash -export TF_VAR_tfc_organization="CiscoDevNet" -export TF_VAR_terraform_version="1.0.0" -``` - -* Intersight Default Variables - -```bash -export TF_VAR_organization="default" -``` - -* Kubernetes Cluster and Policies Default Variables - - To help simplify the number of variables that are required, the following manipulation rules have been added to the global_vars. - - network_prefix function ip_pool_gateway, ip_pool_from, and vsphere_target: - - The default value is shown below. For Example with vsphere_target showing the IPv4 last octet of 210. - - This is combined with the network_prefix to become 10.200.0.210. - - This combine function works with the following variables: - - ip_pool_gateway - - ip_pool_from - - vsphere_target - - Secondary Note: dns_servers will also be assigned to ntp_servers if you don't assign anything to ntp_servers. - -```bash -export TF_VAR_domain_name="demo.intra" -export TF_VAR_dns_servers="[\"10.200.0.100\"]" -export TF_VAR_ntp_servers="[]" -export TF_VAR_ip_pool_gateway="254" -export TF_VAR_ip_pool_from="20" -export TF_VAR_k8s_pod_cidr="100.65.0.0/16" -export TF_VAR_k8s_service_cidr="100.64.0.0/16" -export TF_VAR_k8s_k8s_version="1.19.5" -export TF_VAR_root_ca_registries="[]" -export TF_VAR_unsigned_registries="[]" -``` - -* Kubernetes Runtime Optional Variables - -```bash -export TF_VAR_docker_no_proxy="[]" -export TF_VAR_proxy_http_hostname="" -export TF_VAR_proxy_http_password="" -export TF_VAR_proxy_http_port="8080" -export TF_VAR_proxy_http_protocol="http" -export TF_VAR_proxy_http_username="" -export TF_VAR_proxy_https_hostname="" -export TF_VAR_proxy_https_password="" -export TF_VAR_proxy_https_port="8443" -export TF_VAR_proxy_https_username="" -``` - -Note: The proxy_http_hostname will be cloned to the proxy_https_hostname if left blank, when configuring runtime policies. - -Note: The proxy_http_username will be cloned to the proxy_https_username if left blank, when configuring runtime policies. - -* Kubernetes Cluster Optional Variables - -```bash -export TF_VAR_tags="[]" -export TF_VAR_action="Deploy" -export TF_VAR_cluster_name="iks" -export TF_VAR_load_balancers="3" -export TF_VAR_ssh_user="iksadmin" -export TF_VAR_master_instance_type="small" -export TF_VAR_master_desired_size="1" -export TF_VAR_master_max_size="1" -export TF_VAR_worker_instance_type="small" -export TF_VAR_worker_desired_size="0" -export TF_VAR_worker_max_size="1" -``` - -* vSphere Optional Variables - - Note: The same rules above apply to the vsphere_target address. But you can use dns or IPv4 values when modifying. - -```bash -export TF_VAR_vsphere_target="210" -export TF_VAR_vsphere_cluster="hx-demo" -export TF_VAR_vsphere_datastore="hx-demo-ds1" -export TF_VAR_vsphere_portgroup="[\"Management\"]" -export TF_VAR_vsphere_resource_pool="" -``` - -For the Cluster tags; below is an example key/value format. +* Kubernetes Cluster ssh_key ```bash -export TF_VAR_tags="[ { key = \"Terraform\", value = \"Module\" }, { key = \"Owner\", value = \"CiscoDevNet\" } ]" +export TF_VAR_ssh_key_1="your_ssh_key" ``` Once all Variables have been imported into your environment, run the plan in the tfe folder: @@ -218,11 +99,13 @@ No providers. | [app\_hello\_variables](#module\_app\_hello\_variables) | terraform-cisco-modules/modules/tfe//modules/tfc_variables | n/a | | [app\_hello\_workspaces](#module\_app\_hello\_workspaces) | terraform-cisco-modules/modules/tfe//modules/tfc_workspace | n/a | | [iks\_variables](#module\_iks\_variables) | terraform-cisco-modules/modules/tfe//modules/tfc_variables | n/a | -| [iks\_workspace](#module\_iks\_workspace) | terraform-cisco-modules/modules/tfe//modules/tfc_workspace | n/a | +| [iks\_workspaces](#module\_iks\_workspaces) | terraform-cisco-modules/modules/tfe//modules/tfc_workspace | n/a | | [iwo\_variables](#module\_iwo\_variables) | terraform-cisco-modules/modules/tfe//modules/tfc_variables | n/a | | [iwo\_workspaces](#module\_iwo\_workspaces) | terraform-cisco-modules/modules/tfe//modules/tfc_workspace | n/a | | [kube\_variables](#module\_kube\_variables) | terraform-cisco-modules/modules/tfe//modules/tfc_variables | n/a | | [kube\_workspaces](#module\_kube\_workspaces) | terraform-cisco-modules/modules/tfe//modules/tfc_workspace | n/a | +| [org\_variables](#module\_org\_variables) | terraform-cisco-modules/modules/tfe//modules/tfc_variables | n/a | +| [org\_workspace](#module\_org\_workspace) | terraform-cisco-modules/modules/tfe//modules/tfc_workspace | n/a | | [tfc\_agent\_pool](#module\_tfc\_agent\_pool) | terraform-cisco-modules/modules/tfe//modules/tfc_agent_pool | n/a | ## Resources @@ -235,22 +118,23 @@ No resources. |------|-------------|------|---------|:--------:| | [agent\_pool](#input\_agent\_pool) | Terraform Cloud Agent Pool. | `string` | n/a | yes | | [apikey](#input\_apikey) | Intersight API Key. | `string` | n/a | yes | +| [dns\_servers\_v4](#input\_dns\_servers\_v4) | DNS Servers for Kubernetes Sysconfig Policy. | `list(string)` | 
[
  "198.18.0.100",
  "198.18.0.101"
]
| no | | [endpoint](#input\_endpoint) | Intersight URL. | `string` | `"https://intersight.com"` | no | | [iks\_cluster](#input\_iks\_cluster) | Intersight Kubernetes Service Cluster Profile Variable Map.
1. action\_cluster - Action to perform on the Kubernetes Cluster. Options are {Delete\|Deploy\|Ready\|No-op\|Unassign}.
2. action\_control\_plane - Action to perform on the Kubernetes Control Plane Nodes. Options are {Delete\|Deploy\|Ready\|No-op\|Unassign}.
3. action\_worker - Action to perform on the Kubernetes Worker Nodes. Options are {Delete\|Deploy\|Ready\|No-op\|Unassign}.
4. control\_plane\_desired\_size - Desired number of control plane nodes in this node group, same as minsize initially and is updated by the auto-scaler. Options are {1\|3}.
5. control\_plane\_k8s\_labels - List of key/value Attributes to Assign to the control plane node configuration.
6. control\_plane\_max\_size - Maximum number of control plane nodes desired in this node group. Range is 1-128.
7. description - A description for the policy.
8. ip\_pool\_moid - Name of the IP Pool to assign to Cluster and Node Profiles.
9. k8s\_addon\_policy\_moid - Names of the Kubernetes Add-ons to add to the cluster. Options are {ccp-monitor\|kubernetes-dashboard} or [].
10. k8s\_network\_cidr\_moid - Name of the Kubneretes Network CIDR Policy to assign to Cluster.
11. k8s\_nodeos\_config\_moid - Name of the Kubneretes Node OS Config Policy to assign to Cluster and Node Profiles.
12. k8s\_registry\_moid - Name of the Kubernetes Trusted Registry Policy to assign to Cluster and Node Profiles
.13. k8s\_runtime\_moid - Name of the Kubernetes Runtime Policy to assign to Cluster and Node Profiles
.14. k8s\_version\_moid - Name of the Kubernetes Version Policy to assign to the Node Profiles.
15. k8s\_vm\_infra\_moid - Name of the Kubernetes Virtual Machine Infra Config Policy to assign to the Node Profiles.
16. k8s\_vm\_instance\_type\_ctrl\_plane - Name of the Kubernetes Virtual Machine Instance Type Policy to assign to control plane nodes.
17. k8s\_vm\_instance\_type\_worker - Name of the Kubernetes Virtual Machine Instance Type Policy to assign to worker nodes.
18. load\_balancers - Number of load balancer addresses to deploy. Range is 1-999.
19. ssh\_key - The SSH Key Name should be ssh\_key\_{1\|2\|3\|4\|5}. This will point to the ssh\_key variable that will be used.
20. ssh\_user - SSH Username for node login.
21. tags - tags - List of key/value Attributes to Assign to the Profile.
22. wait\_for\_complete - This model object can trigger workflows. Use this option to wait for all running workflows to reach a complete state.
23. worker\_desired\_size - Desired number of nodes in this worker node group, same as minsize initially and is updated by the auto-scaler. Range is 1-128.
24. worker\_k8s\_labels - List of key/value Attributes to Assign to the worker node configuration.
25. worker\_max\_size - Maximum number of worker nodes desired in this node group. Range is 1-128. | 
map(object(
    {
      action_cluster                  = optional(string)
      action_control_plane            = optional(string)
      action_worker                   = optional(string)
      control_plane_desired_size      = optional(number)
      control_plane_k8s_labels        = optional(list(map(string)))
      control_plane_max_size          = optional(number)
      description                     = optional(string)
      ip_pool_moid                    = string
      k8s_addon_policy_moid           = optional(set(string))
      k8s_network_cidr_moid           = string
      k8s_nodeos_config_moid          = string
      k8s_registry_moid               = optional(string)
      k8s_runtime_moid                = optional(string)
      k8s_version_moid                = string
      k8s_vm_infra_moid               = string
      k8s_vm_instance_type_ctrl_plane = string
      k8s_vm_instance_type_worker     = string
      load_balancers                  = optional(number)
      ssh_key                         = string
      ssh_user                        = string
      tags                            = optional(list(map(string)))
      wait_for_complete               = optional(bool)
      worker_desired_size             = optional(number)
      worker_k8s_labels               = optional(list(map(string)))
      worker_max_size                 = optional(number)
    }
  ))
| 
{
  "default": {
    "action_cluster": "Deploy",
    "action_control_plane": "No-op",
    "action_worker": "No-op",
    "control_plane_desired_size": 1,
    "control_plane_k8s_labels": [],
    "control_plane_max_size": 3,
    "description": "",
    "ip_pool_moid": "**REQUIRED**",
    "k8s_addon_policy_moid": [],
    "k8s_network_cidr_moid": "**REQUIRED**",
    "k8s_nodeos_config_moid": "**REQUIRED**",
    "k8s_registry_moid": "",
    "k8s_runtime_moid": "",
    "k8s_version_moid": "**REQUIRED**",
    "k8s_vm_infra_moid": "**REQUIRED**",
    "k8s_vm_instance_type_ctrl_plane": "**REQUIRED**",
    "k8s_vm_instance_type_worker": "**REQUIRED**",
    "load_balancers": 3,
    "ssh_key": "ssh_key_1",
    "ssh_user": "iksadmin",
    "tags": [],
    "wait_for_complete": false,
    "worker_desired_size": 0,
    "worker_k8s_labels": [],
    "worker_max_size": 4
  }
}
| no | -| [ip\_pools](#input\_ip\_pools) | Intersight IP Pool Variable Map.
1. description - A description for the policy.
2. from - host address of the pool starting address.
3. gateway - ip/prefix of the gateway.
4. name - Name of the IP Pool.
5. size - Number of host addresses to assign to the pool.
6. tags - List of key/value Attributes to Assign to the Policy. | 
map(object(
    {
      description = optional(string)
      from        = optional(number)
      gateway     = optional(string)
      name        = optional(string)
      size        = optional(number)
      tags        = optional(list(map(string)))
    }
  ))
| 
{
  "default": {
    "description": "",
    "from": 20,
    "gateway": "198.18.0.1/24",
    "name": "{tenant_name}_ip_pool",
    "size": 30,
    "tags": []
  }
}
| no | -| [k8s\_addon\_policies](#input\_k8s\_addon\_policies) | Intersight Kubernetes Service Add-ons Variable Map. Add-ons Options are {ccp-monitor\|kubernetes-dashboard} currently.
1. description - A description for the policy.
2. install\_strategy - Addon install strategy to determine whether an addon is installed if not present.
* None - Unspecified install strategy.
* NoAction - No install action performed.
* InstallOnly - Only install in green field. No action in case of failure or removal.
* Always - Attempt install if chart is not already installed.
3. name - Name of the concrete policy.
4. release\_name - Name for the helm release.
5. release\_namespace - Namespace for the helm release.
6. tags - List of key/value Attributes to Assign to the Policy.
7. upgrade\_strategy - Addon upgrade strategy to determine whether an addon configuration is overwritten on upgrade.
* None - Unspecified upgrade strategy.
* NoAction - This choice enables No upgrades to be performed.
* UpgradeOnly - Attempt upgrade if chart or overrides options change, no action on upgrade failure.
* ReinstallOnFailure - Attempt upgrade first. Remove and install on upgrade failure.
* AlwaysReinstall - Always remove older release and reinstall. | 
map(object(
    {
      description       = optional(string)
      install_strategy  = optional(string)
      name              = optional(string)
      release_name      = optional(string)
      release_namespace = optional(string)
      tags              = optional(list(map(string)))
      upgrade_strategy  = optional(string)
    }
  ))
| 
{
  "default": {
    "description": "",
    "install_strategy": "Always",
    "name": "{tenant_name}_{each.key}",
    "release_name": "",
    "release_namespace": "",
    "tags": [],
    "upgrade_strategy": "UpgradeOnly"
  }
}
| no | -| [k8s\_network\_cidr](#input\_k8s\_network\_cidr) | Intersight Kubernetes Network CIDR Policy Variable Map.
1. cidr\_pod - CIDR block to allocate pod network IP addresses from.
2. cidr\_service - Pod CIDR Block to be used to assign Pod IP Addresses.
3. cni\_type - Supported CNI type. Currently we only support Calico.
* Calico - Calico CNI plugin as described in https://github.com/projectcalico/cni-plugin.
* Aci - Cisco ACI Container Network Interface plugin.
4. description - A description for the policy.
5. name - Name of the concrete policy.
6. tags - tags - List of key/value Attributes to Assign to the Policy. | 
map(object(
    {
      cidr_pod     = optional(string)
      cidr_service = optional(string)
      cni_type     = optional(string)
      description  = optional(string)
      name         = optional(string)
      tags         = optional(list(map(string)))
    }
  ))
| 
{
  "default": {
    "cidr_pod": "100.64.0.0/16",
    "cidr_service": "100.65.0.0/16",
    "cni_type": "Calico",
    "description": "",
    "name": "{tenant_name}_network_cidr",
    "tags": []
  }
}
| no | -| [k8s\_nodeos\_config](#input\_k8s\_nodeos\_config) | Intersight Kubernetes Node OS Configuration Policy Variable Map.
1. description - A description for the policy.
2. dns\_servers\_v4 - DNS Servers for the Kubernetes Node OS Configuration Policy.
3. domain\_name - Domain Name for the Kubernetes Node OS Configuration Policy.
4. ntp\_servers - NTP Servers for the Kubernetes Node OS Configuration Policy.
5. name - Name of the concrete policy.
6. tags - tags - List of key/value Attributes to Assign to the Policy.
7. timezone - The timezone of the node's system clock. For a List of supported timezones see the following URL.
https://github.com/terraform-cisco-modules/terraform-intersight-imm/blob/master/modules/policies_ntp/README.md. | 
map(object(
    {
      description    = optional(string)
      dns_servers_v4 = optional(list(string))
      domain_name    = optional(string)
      ntp_servers    = optional(list(string))
      name           = optional(string)
      tags           = optional(list(map(string)))
      timezone       = optional(string)
    }
  ))
| 
{
  "default": {
    "description": "",
    "dns_servers_v4": [
      "208.67.220.220",
      "208.67.222.222"
    ],
    "domain_name": "example.com",
    "name": "{tenant_name}_nodeos_config",
    "ntp_servers": [],
    "tags": [],
    "timezone": "Etc/GMT"
  }
}
| no | +| [ip\_pools](#input\_ip\_pools) | Intersight IP Pool Variable Map.
1. description - A description for the policy.
2. from - host address of the pool starting address.
3. gateway - ip/prefix of the gateway.
4. name - Name of the IP Pool.
5. size - Number of host addresses to assign to the pool.
6. tags - List of key/value Attributes to Assign to the Policy. | 
map(object(
    {
      description = optional(string)
      from        = optional(number)
      gateway     = optional(string)
      name        = optional(string)
      size        = optional(number)
      tags        = optional(list(map(string)))
    }
  ))
| 
{
  "default": {
    "description": "",
    "from": 20,
    "gateway": "198.18.0.1/24",
    "name": "{organization}_ip_pool",
    "size": 30,
    "tags": []
  }
}
| no | +| [k8s\_addon\_policies](#input\_k8s\_addon\_policies) | Intersight Kubernetes Service Add-ons Variable Map. Add-ons Options are {ccp-monitor\|kubernetes-dashboard} currently.
1. description - A description for the policy.
2. install\_strategy - Addon install strategy to determine whether an addon is installed if not present.
* None - Unspecified install strategy.
* NoAction - No install action performed.
* InstallOnly - Only install in green field. No action in case of failure or removal.
* Always - Attempt install if chart is not already installed.
3. name - Name of the concrete policy.
4. release\_name - Name for the helm release.
5. release\_namespace - Namespace for the helm release.
6. tags - List of key/value Attributes to Assign to the Policy.
7. upgrade\_strategy - Addon upgrade strategy to determine whether an addon configuration is overwritten on upgrade.
* None - Unspecified upgrade strategy.
* NoAction - This choice enables No upgrades to be performed.
* UpgradeOnly - Attempt upgrade if chart or overrides options change, no action on upgrade failure.
* ReinstallOnFailure - Attempt upgrade first. Remove and install on upgrade failure.
* AlwaysReinstall - Always remove older release and reinstall. | 
map(object(
    {
      description       = optional(string)
      install_strategy  = optional(string)
      name              = optional(string)
      release_name      = optional(string)
      release_namespace = optional(string)
      tags              = optional(list(map(string)))
      upgrade_strategy  = optional(string)
    }
  ))
| 
{
  "default": {
    "description": "",
    "install_strategy": "Always",
    "name": "{organization}_{each.key}",
    "release_name": "",
    "release_namespace": "",
    "tags": [],
    "upgrade_strategy": "UpgradeOnly"
  }
}
| no | +| [k8s\_network\_cidr](#input\_k8s\_network\_cidr) | Intersight Kubernetes Network CIDR Policy Variable Map.
1. cidr\_pod - CIDR block to allocate pod network IP addresses from.
2. cidr\_service - Pod CIDR Block to be used to assign Pod IP Addresses.
3. cni\_type - Supported CNI type. Currently we only support Calico.
* Calico - Calico CNI plugin as described in https://github.com/projectcalico/cni-plugin.
* Aci - Cisco ACI Container Network Interface plugin.
4. description - A description for the policy.
5. name - Name of the concrete policy.
6. tags - tags - List of key/value Attributes to Assign to the Policy. | 
map(object(
    {
      cidr_pod     = optional(string)
      cidr_service = optional(string)
      cni_type     = optional(string)
      description  = optional(string)
      name         = optional(string)
      tags         = optional(list(map(string)))
    }
  ))
| 
{
  "default": {
    "cidr_pod": "100.64.0.0/16",
    "cidr_service": "100.65.0.0/16",
    "cni_type": "Calico",
    "description": "",
    "name": "{organization}_network_cidr",
    "tags": []
  }
}
| no | +| [k8s\_nodeos\_config](#input\_k8s\_nodeos\_config) | Intersight Kubernetes Node OS Configuration Policy Variable Map.
1. description - A description for the policy.
2. dns\_servers\_v4 - DNS Servers for the Kubernetes Node OS Configuration Policy.
3. domain\_name - Domain Name for the Kubernetes Node OS Configuration Policy.
4. ntp\_servers - NTP Servers for the Kubernetes Node OS Configuration Policy.
5. name - Name of the concrete policy.
6. tags - tags - List of key/value Attributes to Assign to the Policy.
7. timezone - The timezone of the node's system clock. For a List of supported timezones see the following URL.
https://github.com/terraform-cisco-modules/terraform-intersight-imm/blob/master/modules/policies_ntp/README.md. | 
map(object(
    {
      description    = optional(string)
      dns_servers_v4 = optional(list(string))
      domain_name    = optional(string)
      ntp_servers    = optional(list(string))
      name           = optional(string)
      tags           = optional(list(map(string)))
      timezone       = optional(string)
    }
  ))
| 
{
  "default": {
    "description": "",
    "dns_servers_v4": [
      "208.67.220.220",
      "208.67.222.222"
    ],
    "domain_name": "example.com",
    "name": "{organization}_nodeos_config",
    "ntp_servers": [],
    "tags": [],
    "timezone": "Etc/GMT"
  }
}
| no | | [k8s\_runtime\_create](#input\_k8s\_runtime\_create) | Flag to specify if the Kubernetes Runtime Policy should be created or not. | `bool` | `false` | no | | [k8s\_runtime\_http\_password](#input\_k8s\_runtime\_http\_password) | Password for the HTTP Proxy Server, If required. | `string` | `""` | no | | [k8s\_runtime\_https\_password](#input\_k8s\_runtime\_https\_password) | Password for the HTTPS Proxy Server, If required. | `string` | `""` | no | -| [k8s\_runtime\_policies](#input\_k8s\_runtime\_policies) | Intersight Kubernetes Runtime Policy Variable Map.
1. description - A description for the policy.
2. docker\_bridge\_cidr - The CIDR for docker bridge network. This address space must not collide with other CIDRs on your networks, including the cluster's service CIDR, pod CIDR and IP Pools.
3. docker\_no\_proxy - Docker no proxy list, when using internet proxy.
4. http\_hostname - Hostname of the HTTP Proxy Server.
5. http\_port - HTTP Proxy Port. Range is 1-65535.
6. http\_protocol - HTTP Proxy Protocol. Options are {http\|https}.
7. http\_username - Username for the HTTP Proxy Server.
8. https\_hostname - Hostname of the HTTPS Proxy Server.
9. https\_port - HTTPS Proxy Port. Range is 1-65535
10. https\_protocol - HTTPS Proxy Protocol. Options are {http\|https}.
11. https\_username - Username for the HTTPS Proxy Server.
12. name - Name of the concrete policy.
13. tags - List of key/value Attributes to Assign to the Policy. | 
map(object(
    {
      description        = optional(string)
      docker_bridge_cidr = optional(string)
      docker_no_proxy    = optional(list(string))
      http_hostname      = optional(string)
      http_port          = optional(number)
      http_protocol      = optional(string)
      http_username      = optional(string)
      https_hostname     = optional(string)
      https_port         = optional(number)
      https_protocol     = optional(string)
      https_username     = optional(string)
      name               = optional(string)
      tags               = optional(list(map(string)))
    }
  ))
| 
{
  "default": {
    "description": "",
    "docker_bridge_cidr": "",
    "docker_no_proxy": [],
    "http_hostname": "",
    "http_port": 8080,
    "http_protocol": "http",
    "http_username": "",
    "https_hostname": "",
    "https_port": 8443,
    "https_protocol": "https",
    "https_username": "",
    "name": "{tenant_name}_runtime",
    "tags": []
  }
}
| no | +| [k8s\_runtime\_policies](#input\_k8s\_runtime\_policies) | Intersight Kubernetes Runtime Policy Variable Map.
1. description - A description for the policy.
2. docker\_bridge\_cidr - The CIDR for docker bridge network. This address space must not collide with other CIDRs on your networks, including the cluster's service CIDR, pod CIDR and IP Pools.
3. docker\_no\_proxy - Docker no proxy list, when using internet proxy.
4. http\_hostname - Hostname of the HTTP Proxy Server.
5. http\_port - HTTP Proxy Port. Range is 1-65535.
6. http\_protocol - HTTP Proxy Protocol. Options are {http\|https}.
7. http\_username - Username for the HTTP Proxy Server.
8. https\_hostname - Hostname of the HTTPS Proxy Server.
9. https\_port - HTTPS Proxy Port. Range is 1-65535
10. https\_protocol - HTTPS Proxy Protocol. Options are {http\|https}.
11. https\_username - Username for the HTTPS Proxy Server.
12. name - Name of the concrete policy.
13. tags - List of key/value Attributes to Assign to the Policy. | 
map(object(
    {
      description        = optional(string)
      docker_bridge_cidr = optional(string)
      docker_no_proxy    = optional(list(string))
      http_hostname      = optional(string)
      http_port          = optional(number)
      http_protocol      = optional(string)
      http_username      = optional(string)
      https_hostname     = optional(string)
      https_port         = optional(number)
      https_protocol     = optional(string)
      https_username     = optional(string)
      name               = optional(string)
      tags               = optional(list(map(string)))
    }
  ))
| 
{
  "default": {
    "description": "",
    "docker_bridge_cidr": "",
    "docker_no_proxy": [],
    "http_hostname": "",
    "http_port": 8080,
    "http_protocol": "http",
    "http_username": "",
    "https_hostname": "",
    "https_port": 8443,
    "https_protocol": "https",
    "https_username": "",
    "name": "{organization}_runtime",
    "tags": []
  }
}
| no | | [k8s\_trusted\_create](#input\_k8s\_trusted\_create) | Flag to specify if the Kubernetes Runtime Policy should be created or not. | `bool` | `false` | no | -| [k8s\_trusted\_registries](#input\_k8s\_trusted\_registries) | Intersight Kubernetes Trusted Registry Policy Variable Map.
1. description - A description for the policy.
2. name - Name of the concrete policy.
3. root\_ca - List of root CA Signed Registries.
4. tags - List of key/value Attributes to Assign to the Policy.
5. unsigned - List of unsigned registries to be supported. | 
map(object(
    {
      description = optional(string)
      name        = optional(string)
      root_ca     = optional(list(string))
      tags        = optional(list(map(string)))
      unsigned    = optional(list(string))
    }
  ))
| 
{
  "default": {
    "description": "",
    "name": "{tenant_name}_registry",
    "root_ca": [],
    "tags": [],
    "unsigned": []
  }
}
| no | -| [k8s\_version\_policies](#input\_k8s\_version\_policies) | Intersight Kubernetes Version Policy Variable Map.
1. description - A description for the policy.
2. name - Name of the concrete policy.
3. tags - List of key/value Attributes to Assign to the Policy.
4. version - Desired Kubernetes version. Options are {1.19.5} | 
map(object(
    {
      description = optional(string)
      name        = optional(string)
      tags        = optional(list(map(string)))
      version     = optional(string)
    }
  ))
| 
{
  "default": {
    "description": "",
    "name": "{tenant_name}_v{each.value.version}",
    "tags": [],
    "version": "1.19.5"
  }
}
| no | -| [k8s\_vm\_infra\_config](#input\_k8s\_vm\_infra\_config) | Intersight Kubernetes Virtual Machine Infra Config Policy Variable Map.

1. description - A description for the policy.
2. name - Name of the concrete policy.
3. tags - List of key/value Attributes to Assign to the Policy.
4. vsphere\_cluster - vSphere Cluster to assign the K8S Cluster Deployment.
5. vsphere\_datastore - vSphere Datastore to assign the K8S Cluster Deployment.r
6. vsphere\_portgroup - vSphere Port Group to assign the K8S Cluster Deployment.r
7. vsphere\_resource\_pool - vSphere Resource Pool to assign the K8S Cluster Deployment.r
8. vsphere\_target - Name of the vSphere Target discovered in Intersight, to provision the cluster on. | 
map(object(
    {
      description           = optional(string)
      name                  = optional(string)
      tags                  = optional(list(map(string)))
      vsphere_cluster       = string
      vsphere_datastore     = string
      vsphere_portgroup     = list(string)
      vsphere_resource_pool = optional(string)
      vsphere_target        = string
    }
  ))
| 
{
  "default": {
    "description": "",
    "name": "{tenant_name}_vm_infra",
    "tags": [],
    "vsphere_cluster": "default",
    "vsphere_datastore": "datastore1",
    "vsphere_portgroup": [
      "VM Network"
    ],
    "vsphere_resource_pool": "",
    "vsphere_target": ""
  }
}
| no | +| [k8s\_trusted\_registries](#input\_k8s\_trusted\_registries) | Intersight Kubernetes Trusted Registry Policy Variable Map.
1. description - A description for the policy.
2. name - Name of the concrete policy.
3. root\_ca - List of root CA Signed Registries.
4. tags - List of key/value Attributes to Assign to the Policy.
5. unsigned - List of unsigned registries to be supported. | 
map(object(
    {
      description = optional(string)
      name        = optional(string)
      root_ca     = optional(list(string))
      tags        = optional(list(map(string)))
      unsigned    = optional(list(string))
    }
  ))
| 
{
  "default": {
    "description": "",
    "name": "{organization}_registry",
    "root_ca": [],
    "tags": [],
    "unsigned": []
  }
}
| no | +| [k8s\_version\_policies](#input\_k8s\_version\_policies) | Intersight Kubernetes Version Policy Variable Map.
1. description - A description for the policy.
2. name - Name of the concrete policy.
3. tags - List of key/value Attributes to Assign to the Policy.
4. version - Desired Kubernetes version. Options are {1.19.5} | 
map(object(
    {
      description = optional(string)
      name        = optional(string)
      tags        = optional(list(map(string)))
      version     = optional(string)
    }
  ))
| 
{
  "default": {
    "description": "",
    "name": "{organization}_v{each.value.version}",
    "tags": [],
    "version": "1.19.5"
  }
}
| no | +| [k8s\_vm\_infra\_config](#input\_k8s\_vm\_infra\_config) | Intersight Kubernetes Virtual Machine Infra Config Policy Variable Map.

1. description - A description for the policy.
2. name - Name of the concrete policy.
3. tags - List of key/value Attributes to Assign to the Policy.
4. vsphere\_cluster - vSphere Cluster to assign the K8S Cluster Deployment.
5. vsphere\_datastore - vSphere Datastore to assign the K8S Cluster Deployment.r
6. vsphere\_portgroup - vSphere Port Group to assign the K8S Cluster Deployment.r
7. vsphere\_resource\_pool - vSphere Resource Pool to assign the K8S Cluster Deployment.r
8. vsphere\_target - Name of the vSphere Target discovered in Intersight, to provision the cluster on. | 
map(object(
    {
      description           = optional(string)
      name                  = optional(string)
      tags                  = optional(list(map(string)))
      vsphere_cluster       = string
      vsphere_datastore     = string
      vsphere_portgroup     = list(string)
      vsphere_resource_pool = optional(string)
      vsphere_target        = string
    }
  ))
| 
{
  "default": {
    "description": "",
    "name": "{organization}_vm_infra",
    "tags": [],
    "vsphere_cluster": "default",
    "vsphere_datastore": "datastore1",
    "vsphere_portgroup": [
      "VM Network"
    ],
    "vsphere_resource_pool": "",
    "vsphere_target": ""
  }
}
| no | | [k8s\_vm\_infra\_password](#input\_k8s\_vm\_infra\_password) | vSphere Password. Note: this is the password of the Credentials used to register the vSphere Target. | `string` | n/a | yes | -| [k8s\_vm\_instance\_type](#input\_k8s\_vm\_instance\_type) | Intersight Kubernetes Node OS Configuration Policy Variable Map. Name of the policy will be {tenant\_name}\_{each.key}.
1. cpu - Number of CPUs allocated to virtual machine. Range is 1-40.
2. description - A description for the policy.
3. disk - Ephemeral disk capacity to be provided with units example - 10 for 10 Gigabytes.
4. memory - Virtual machine memory defined in mebibytes (MiB). Range is 1-4177920.
5. tags - List of key/value Attributes to Assign to the Policy. | 
map(object(
    {
      cpu         = optional(number)
      description = optional(string)
      disk        = optional(number)
      memory      = optional(number)
      tags        = optional(list(map(string)))
    }
  ))
| 
{
  "default": {
    "cpu": 4,
    "description": "",
    "disk": 40,
    "memory": 16384,
    "tags": []
  }
}
| no | +| [k8s\_vm\_instance\_type](#input\_k8s\_vm\_instance\_type) | Intersight Kubernetes Node OS Configuration Policy Variable Map. Name of the policy will be {organization}\_{each.key}.
1. cpu - Number of CPUs allocated to virtual machine. Range is 1-40.
2. description - A description for the policy.
3. disk - Ephemeral disk capacity to be provided with units example - 10 for 10 Gigabytes.
4. memory - Virtual machine memory defined in mebibytes (MiB). Range is 1-4177920.
5. tags - List of key/value Attributes to Assign to the Policy. | 
map(object(
    {
      cpu         = optional(number)
      description = optional(string)
      disk        = optional(number)
      memory      = optional(number)
      tags        = optional(list(map(string)))
    }
  ))
| 
{
  "default": {
    "cpu": 4,
    "description": "",
    "disk": 40,
    "memory": 16384,
    "tags": []
  }
}
| no | | [organization](#input\_organization) | Intersight Organization Name. | `string` | `"default"` | no | | [secretkey](#input\_secretkey) | Intersight Secret Key. | `string` | n/a | yes | | [ssh\_key\_1](#input\_ssh\_key\_1) | Intersight Kubernetes Service Cluster SSH Public Key 1. | `string` | `""` | no | @@ -259,7 +143,6 @@ No resources. | [ssh\_key\_4](#input\_ssh\_key\_4) | Intersight Kubernetes Service Cluster SSH Public Key 4. These are place holders for Tenants that use different keys for different clusters. | `string` | `""` | no | | [ssh\_key\_5](#input\_ssh\_key\_5) | Intersight Kubernetes Service Cluster SSH Public Key 5. These are place holders for Tenants that use different keys for different clusters. | `string` | `""` | no | | [tags](#input\_tags) | Tags to be Associated with Objects Created in Intersight. | `list(map(string))` | `[]` | no | -| [tenant\_name](#input\_tenant\_name) | Tenant Name for Workspace Creation in Terraform Cloud and IKS Cluster Naming. | `string` | `"default"` | no | | [terraform\_cloud\_token](#input\_terraform\_cloud\_token) | Token to Authenticate to the Terraform Cloud. | `string` | n/a | yes | | [terraform\_version](#input\_terraform\_version) | Terraform Target Version. | `string` | `"1.0.0"` | no | | [tfc\_oath\_token](#input\_tfc\_oath\_token) | Terraform Cloud OAuth Token for VCS\_Repo Integration. | `string` | n/a | yes | @@ -271,8 +154,9 @@ No resources. | Name | Description | |------|-------------| | [app\_hello\_workspaces](#output\_app\_hello\_workspaces) | Terraform Cloud App Hello Workspace ID(s). | -| [iks\_workspace](#output\_iks\_workspace) | Terraform Cloud IKS Workspace ID(s). | +| [iks\_workspaces](#output\_iks\_workspaces) | Terraform Cloud IKS Workspace ID(s). | | [iwo\_workspaces](#output\_iwo\_workspaces) | Terraform Cloud IWO Workspace ID(s). | | [kube\_workspaces](#output\_kube\_workspaces) | Terraform Cloud Kube Workspace ID(s). | +| [org\_workspace](#output\_org\_workspace) | Terraform Cloud Intersight Organization Workspace ID. | | [tfc\_agent\_pool](#output\_tfc\_agent\_pool) | Terraform Cloud Agent Pool ID. | diff --git a/modules/tfe/terraform.tfvars b/modules/tfe/terraform.tfvars index 4dd1c3c..fb5ea7a 100644 --- a/modules/tfe/terraform.tfvars +++ b/modules/tfe/terraform.tfvars @@ -49,7 +49,7 @@ dns_servers_v4 = ["10.101.128.15", "10.101.128.16"] # Cluster Variables #__________________________________________________________ -tags = [{ key = "Terraform", value = "Module" }, { key = "Owner", value = "tyscott" }] +tags = [{ key = "Module", value = "terraform-intersight-iks-iwo" }, { key = "Owner", value = "tyscott" }] ip_pools = { pool_1 = {