feat: initial creation of autoscale vsi module (#1)

terraform-ibm-modules · Apr 18, 2024 · b6b90d8 · b6b90d8
1 parent 8e94bdc
commit b6b90d8
Show file tree

Hide file tree

Showing 23 changed files with 1,423 additions and 111 deletions.
diff --git a/.docs/vsi-autoscale.png b/.docs/vsi-autoscale.png
diff --git a/README.md b/README.md
diff --git a/cra-tf-validate-ignore-rules.json b/cra-tf-validate-ignore-rules.json
@@ -1,3 +1,28 @@
 {
-    "scc_rules": []
+    "scc_rules": [
+        {
+            "scc_rule_id": "rule-0e5151b1-9caf-433c-b4e5-be3d505e458e",
+            "description": "Check whether Application Load Balancer for VPC is configured with multiple members in the pool",
+            "ignore_reason": "This rule is not relevant to since the autoscale vsi are not attached at provision time",
+            "is_valid": false
+        },
+        {
+            "scc_rule_id": "rule-8c923215-afdc-41b1-886c-64ce78741f8c",
+            "description": "Check whether Application Load Balancer for VPC has health check configured when created",
+            "ignore_reason": "Health check is configured on Application Load Balancer",
+            "is_valid": false
+        },
+        {
+            "scc_rule_id": "rule-65b61a0f-ffdb-41ba-873d-ad329e7fc0ee",
+            "description": "Check whether Application Load Balancer for VPC is configured to convert HTTP client requests to HTTPS",
+            "ignore_reason": "This rule is not relevant since example is using a tcp listener",
+            "is_valid": false
+        },
+        {
+            "scc_rule_id": "rule-d544f217-3723-4376-b3aa-037c5f201e8d",
+            "description": "Check whether Application Load Balancer for VPC uses HTTPS (SSL & TLS) instead of HTTP",
+            "ignore_reason": "This rule is not relevant since example is using a tcp listener",
+            "is_valid": false
+        }
+    ]
 }
diff --git a/examples/basic/README.md b/examples/basic/README.md
@@ -1,11 +1,11 @@
 # Basic example
 
-<!--
-The basic example should call the module(s) stored in this repository with a basic configuration.
-Note, there is a pre-commit hook that will take the title of each example and include it in the repos main README.md.
-The text below should describe exactly what resources are provisioned / configured by the example.
--->
-
 An end-to-end basic example that will provision the following:
+
 - A new resource group if one is not passed in.
-- A new Cloud Object Storage instance.
+- A new public SSH key if one is not passed in.
+- A new VPC with 3 subnets
+- A new placement group
+- A new instance template
+- An instance group manager using the template with an autoscale manager with an minimum membership of 1 VSI and max membership of 4
+- A policy with a CPU metric of 70
diff --git a/examples/basic/main.tf b/examples/basic/main.tf
@@ -1,6 +1,16 @@
-########################################################################################################################
-# Resource group
-########################################################################################################################
+##############################################################################
+# Locals
+##############################################################################
+
+locals {
+  ssh_key_id = var.ssh_key != null ? data.ibm_is_ssh_key.existing_ssh_key[0].id : resource.ibm_is_ssh_key.ssh_key[0].id
+  vpc_name   = "basic-test"
+  image      = "ibm-centos-7-9-minimal-amd64-12"
+}
+
+##############################################################################
+# Resource Group
+##############################################################################
 
 module "resource_group" {
   source  = "terraform-ibm-modules/resource-group/ibm"
@@ -10,15 +20,98 @@ module "resource_group" {
   existing_resource_group_name = var.resource_group
 }
 
-########################################################################################################################
-# COS instance
-########################################################################################################################
+##############################################################################
+# Create new SSH key
+##############################################################################
+
+resource "tls_private_key" "tls_key" {
+  count     = var.ssh_key != null ? 0 : 1
+  algorithm = "RSA"
+  rsa_bits  = 4096
+}
+
+resource "ibm_is_ssh_key" "ssh_key" {
+  count      = var.ssh_key != null ? 0 : 1
+  name       = "${var.prefix}-ssh-key"
+  public_key = resource.tls_private_key.tls_key[0].public_key_openssh
+}
+
+data "ibm_is_ssh_key" "existing_ssh_key" {
+  count = var.ssh_key != null ? 1 : 0
+  name  = var.ssh_key
+}
 
-resource "ibm_resource_instance" "cos_instance" {
-  name              = "${var.prefix}-cos"
+#############################################################################
+# Provision VPC
+#############################################################################
+
+module "slz_vpc" {
+  source            = "terraform-ibm-modules/landing-zone-vpc/ibm"
+  version           = "7.17.1"
   resource_group_id = module.resource_group.resource_group_id
-  service           = "cloud-object-storage"
-  plan              = "standard"
-  location          = "global"
+  region            = var.region
+  prefix            = var.prefix
   tags              = var.resource_tags
+  name              = local.vpc_name
+}
+
+#############################################################################
+# Placement group
+#############################################################################
+
+resource "ibm_is_placement_group" "placement_group" {
+  name           = "${var.prefix}-host-spread"
+  resource_group = module.resource_group.resource_group_id
+  strategy       = "host_spread"
+  tags           = var.resource_tags
+}
+
+#############################################################################
+# Provision Autoscale VSI
+#############################################################################
+data "ibm_is_image" "image" {
+  name = local.image
+}
+
+module "auto_scale" {
+  source                        = "../../"
+  resource_group_id             = module.resource_group.resource_group_id
+  zone                          = "${var.region}-1"
+  image_id                      = data.ibm_is_image.image.id
+  create_security_group         = false
+  security_group                = null
+  tags                          = var.resource_tags
+  access_tags                   = var.access_tags
+  subnets                       = module.slz_vpc.subnet_zone_list
+  vpc_id                        = module.slz_vpc.vpc_id
+  prefix                        = var.prefix
+  placement_group_id            = ibm_is_placement_group.placement_group.id
+  machine_type                  = "cx2-2x4"
+  user_data                     = null
+  skip_iam_authorization_policy = true
+  existing_kms_instance_guid    = null
+  kms_encryption_enabled        = false
+  boot_volume_encryption_key    = null
+  ssh_key_ids                   = [local.ssh_key_id]
+  block_storage_volumes         = []
+  instance_count                = 1
+  load_balancers                = []
+  application_port              = null
+  group_managers = [
+    {
+      name                 = "test"
+      aggregation_window   = 120
+      cooldown             = 300
+      manager_type         = "autoscale"
+      enable_manager       = true
+      max_membership_count = 4
+      min_membership_count = 1
+      policies = [{
+        name         = "policy-1"
+        metric_type  = "cpu"
+        metric_value = 70
+        policy_type  = "target"
+      }]
+    }
+  ]
 }
diff --git a/examples/basic/outputs.tf b/examples/basic/outputs.tf
@@ -2,11 +2,6 @@
 # Outputs
 ########################################################################################################################
 
-output "cos_instance_id" {
-  description = "COS instance id"
-  value       = ibm_resource_instance.cos_instance.id
-}
-
 output "resource_group_name" {
   description = "Resource group name"
   value       = module.resource_group.resource_group_name

diff --git a/examples/basic/provider.tf b/examples/basic/provider.tf
@@ -1,7 +1,3 @@
-########################################################################################################################
-# Provider config
-########################################################################################################################
-
 provider "ibm" {
   ibmcloud_api_key = var.ibmcloud_api_key
   region           = var.region

diff --git a/examples/basic/variables.tf b/examples/basic/variables.tf
@@ -1,33 +1,41 @@
-########################################################################################################################
-# Input variables
-########################################################################################################################
-
 variable "ibmcloud_api_key" {
+  description = "APIkey that's associated with the account to provision resources to"
   type        = string
-  description = "The IBM Cloud API Key"
   sensitive   = true
 }
 
+variable "resource_group" {
+  type        = string
+  description = "An existing resource group name to use for this example, if unset a new resource group will be created"
+  default     = null
+}
+
 variable "region" {
+  description = "The region to which to deploy the VPC"
   type        = string
-  description = "Region to provision all resources created by this example"
-  default     = "us-south"
+  default     = "us-east"
 }
 
 variable "prefix" {
+  description = "The prefix that you would like to append to your resources"
   type        = string
-  description = "Prefix to append to all resources created by this example"
-  default     = "basic"
+  default     = "slz-vsi"
 }
 
-variable "resource_group" {
-  type        = string
-  description = "The name of an existing resource group to provision resources in to. If not set a new resource group will be created using the prefix variable"
+variable "resource_tags" {
+  description = "List of Tags for the resource created"
+  type        = list(string)
   default     = null
 }
 
-variable "resource_tags" {
+variable "access_tags" {
   type        = list(string)
-  description = "Optional list of tags to be added to created resources"
+  description = "A list of access tags to apply to the VSI resources created by the module."
   default     = []
 }
+
+variable "ssh_key" {
+  type        = string
+  description = "An existing ssh key name to use for this example, if unset a new ssh key will be created"
+  default     = null
+}
diff --git a/examples/basic/version.tf b/examples/basic/version.tf
@@ -1,12 +1,13 @@
 terraform {
   required_version = ">= 1.3.0, <1.7.0"
-
-  # Ensure that there is always 1 example locked into the lowest provider version of the range defined in the main
-  # module's version.tf (usually a basic example), and 1 example that will always use the latest provider version.
   required_providers {
     ibm = {
       source  = "IBM-Cloud/ibm"
-      version = "1.49.0"
+      version = ">= 1.63.0, < 2.0.0"
+    }
+    tls = {
+      source  = "hashicorp/tls"
+      version = ">= 4.0.4"
     }
   }
 }
diff --git a/examples/complete/README.md b/examples/complete/README.md
@@ -1,4 +1,12 @@
 # Complete example
 
-<!-- There is a pre-commit hook that will take the title of each example add include it in the repos main README.md  -->
-<!-- Add text below should describe exactly what resources are provisioned / configured by the example  -->
+An end-to-end complete example that will provision the following:
+
+- A new resource group if one is not passed in.
+- A new public SSH key if one is not passed in.
+- A new VPC with 3 subnets
+- A new placement group
+- A new instance template
+- An instance group manager using the template with an autoscale manager with an minimum membership of 1 VSI and max membership of 4
+- A policy with a CPU metric of 70
+- A VPC Application load balancer which the instances attach to