feat: add support for [Virtual Network Interface](https://cloud.ibm.c…

…om/docs/vpc?topic=vpc-vni-about) in all VSI patterns.<br>- The VSI patterns will now creates VSIs using the next gen virtual network interface by default, these VNIs are created independent of the VSIs. (#915)
terraform-ibm-modules · Nov 15, 2024 · 99ad28e · 99ad28e
1 parent 7fe4b2a
commit 99ad28e
Show file tree

Hide file tree

Showing 13 changed files with 107 additions and 65 deletions.
diff --git a/README.md b/README.md
diff --git a/bastion_host.tf b/bastion_host.tf
@@ -41,18 +41,20 @@ module "teleport_config" {
 ##############################################################################
 
 module "bastion_host" {
-  source                        = "terraform-ibm-modules/landing-zone-vsi/ibm"
-  version                       = "4.2.0"
-  for_each                      = local.bastion_vsi_map
-  resource_group_id             = each.value.resource_group == null ? null : local.resource_groups[each.value.resource_group]
-  create_security_group         = each.value.security_group == null ? false : true
-  prefix                        = "${var.prefix}-${each.value.name}"
-  vpc_id                        = module.vpc[each.value.vpc_name].vpc_id
-  subnets                       = each.value.subnets
-  access_tags                   = each.value.access_tags
-  kms_encryption_enabled        = true
-  skip_iam_authorization_policy = true
-  vsi_per_subnet                = 1
+  source                          = "terraform-ibm-modules/landing-zone-vsi/ibm"
+  version                         = "4.3.0"
+  for_each                        = local.bastion_vsi_map
+  resource_group_id               = each.value.resource_group == null ? null : local.resource_groups[each.value.resource_group]
+  create_security_group           = each.value.security_group == null ? false : true
+  prefix                          = "${var.prefix}-${each.value.name}"
+  vpc_id                          = module.vpc[each.value.vpc_name].vpc_id
+  subnets                         = each.value.subnets
+  access_tags                     = each.value.access_tags
+  kms_encryption_enabled          = true
+  skip_iam_authorization_policy   = true
+  vsi_per_subnet                  = 1
+  primary_vni_additional_ip_count = each.value.primary_vni_additional_ip_count
+  use_legacy_network_interface    = each.value.use_legacy_network_interface
   boot_volume_encryption_key = each.value.boot_volume_encryption_key_name == null ? "" : [
     for keys in module.key_management.keys :
     keys.crn if keys.name == each.value.boot_volume_encryption_key_name

diff --git a/examples/override-example/override.json b/examples/override-example/override.json
@@ -420,7 +420,8 @@
         "vsi-zone-1"
       ],
       "vpc_name": "management",
-      "vsi_per_subnet": 1
+      "vsi_per_subnet": 1,
+      "use_legacy_network_interface": false
     },
     {
       "access_tags": [],
@@ -453,7 +454,8 @@
         "vsi-zone-1"
       ],
       "vpc_name": "workload",
-      "vsi_per_subnet": 1
+      "vsi_per_subnet": 1,
+      "use_legacy_network_interface": false
     },
     {
       "access_tags": [],
@@ -502,7 +504,8 @@
           "health_type": "tcp",
           "idle_connection_timeout": 50
         }
-      ]
+      ],
+      "use_legacy_network_interface": false
     }
   ],
   "wait_till": "IngressReady"

diff --git a/f5_vsi.tf b/f5_vsi.tf
@@ -117,7 +117,7 @@ locals {
 
 module "f5_vsi" {
   source                        = "terraform-ibm-modules/landing-zone-vsi/ibm"
-  version                       = "4.2.0"
+  version                       = "4.3.0"
   for_each                      = local.f5_vsi_map
   resource_group_id             = each.value.resource_group == null ? null : local.resource_groups[each.value.resource_group]
   create_security_group         = each.value.security_group == null ? false : true
@@ -136,12 +136,14 @@ module "f5_vsi" {
       interface_name    = group.interface_name
     }
   ]
-  image_id       = local.public_image_map[each.value.f5_image_name][var.region]
-  user_data      = module.dynamic_values.f5_template_map[each.key].user_data
-  machine_type   = each.value.machine_type
-  vsi_per_subnet = 1
-  security_group = each.value.security_group
-  load_balancers = each.value.load_balancers == null ? [] : each.value.load_balancers
+  image_id                        = local.public_image_map[each.value.f5_image_name][var.region]
+  user_data                       = module.dynamic_values.f5_template_map[each.key].user_data
+  machine_type                    = each.value.machine_type
+  vsi_per_subnet                  = 1
+  security_group                  = each.value.security_group
+  primary_vni_additional_ip_count = each.value.primary_vni_additional_ip_count
+  use_legacy_network_interface    = each.value.use_legacy_network_interface
+  load_balancers                  = each.value.load_balancers == null ? [] : each.value.load_balancers
   # Get boot volume
   boot_volume_encryption_key = each.value.boot_volume_encryption_key_name == null ? "" : [
     for keys in module.key_management.keys :

diff --git a/patterns/vsi-extension/main.tf b/patterns/vsi-extension/main.tf
@@ -38,27 +38,29 @@ locals {
 }
 
 module "vsi" {
-  source                        = "terraform-ibm-modules/landing-zone-vsi/ibm"
-  version                       = "4.2.0"
-  resource_group_id             = data.ibm_is_vpc.vpc_by_id.resource_group
-  create_security_group         = true
-  prefix                        = "${var.prefix}-vsi"
-  vpc_id                        = var.vpc_id
-  subnets                       = var.subnet_names != null ? local.subnets : data.ibm_is_vpc.vpc_by_id.subnets
-  tags                          = var.resource_tags
-  access_tags                   = var.access_tags
-  kms_encryption_enabled        = true
-  skip_iam_authorization_policy = true
-  user_data                     = var.user_data
-  image_id                      = data.ibm_is_image.image.id
-  boot_volume_encryption_key    = var.boot_volume_encryption_key
-  security_group_ids            = var.security_group_ids
-  ssh_key_ids                   = [local.ssh_key_id]
-  machine_type                  = var.vsi_instance_profile
-  vsi_per_subnet                = var.vsi_per_subnet
-  security_group                = local.env.security_groups[0]
-  load_balancers                = var.load_balancers
-  block_storage_volumes         = var.block_storage_volumes
-  enable_floating_ip            = var.enable_floating_ip
-  placement_group_id            = var.placement_group_id
+  source                          = "terraform-ibm-modules/landing-zone-vsi/ibm"
+  version                         = "4.3.0"
+  resource_group_id               = data.ibm_is_vpc.vpc_by_id.resource_group
+  create_security_group           = true
+  prefix                          = "${var.prefix}-vsi"
+  vpc_id                          = var.vpc_id
+  subnets                         = var.subnet_names != null ? local.subnets : data.ibm_is_vpc.vpc_by_id.subnets
+  tags                            = var.resource_tags
+  access_tags                     = var.access_tags
+  kms_encryption_enabled          = true
+  skip_iam_authorization_policy   = true
+  user_data                       = var.user_data
+  image_id                        = data.ibm_is_image.image.id
+  boot_volume_encryption_key      = var.boot_volume_encryption_key
+  security_group_ids              = var.security_group_ids
+  ssh_key_ids                     = [local.ssh_key_id]
+  machine_type                    = var.vsi_instance_profile
+  vsi_per_subnet                  = var.vsi_per_subnet
+  security_group                  = local.env.security_groups[0]
+  load_balancers                  = var.load_balancers
+  block_storage_volumes           = var.block_storage_volumes
+  enable_floating_ip              = var.enable_floating_ip
+  placement_group_id              = var.placement_group_id
+  primary_vni_additional_ip_count = var.primary_vni_additional_ip_count
+  use_legacy_network_interface    = var.use_legacy_network_interface
 }
diff --git a/patterns/vsi-extension/variables.tf b/patterns/vsi-extension/variables.tf
@@ -173,3 +173,16 @@ variable "load_balancers" {
   )
   default = []
 }
+
+variable "primary_vni_additional_ip_count" {
+  description = "The number of secondary reversed IPs to attach to a Virtual Network Interface (VNI). Additional IPs are created only if `manage_reserved_ips` is set to true."
+  type        = number
+  nullable    = false
+  default     = 0
+}
+
+variable "use_legacy_network_interface" {
+  description = "Set this to true to use legacy network interface for the created instances."
+  type        = bool
+  default     = false
+}
diff --git a/patterns/vsi-quickstart/variables.tf b/patterns/vsi-quickstart/variables.tf
@@ -272,7 +272,8 @@ variable "override_json_string" {
          ],
          "vpc_name": "management",
          "vsi_per_subnet": 1,
-         "enable_floating_ip": true
+         "enable_floating_ip": true,
+         "use_legacy_network_interface": false
       },
       {
          "boot_volume_encryption_key_name": "slz-vsi-volume-key",
@@ -308,7 +309,8 @@ variable "override_json_string" {
          ],
          "vpc_name": "workload",
          "vsi_per_subnet": 1,
-         "enable_floating_ip": false
+         "enable_floating_ip": false,
+         "use_legacy_network_interface": false
       }
    ]
 }

diff --git a/patterns/vsi/main.tf b/patterns/vsi/main.tf
@@ -87,6 +87,7 @@ module "vsi_landing_zone" {
   override_json_string                   = var.override_json_string
   override_json_path                     = local.override_json_path
   existing_vpc_cbr_zone_id               = var.existing_vpc_cbr_zone_id
+  use_legacy_network_interface           = var.use_legacy_network_interface
 }
 
 moved {

diff --git a/patterns/vsi/module/config.tf b/patterns/vsi/module/config.tf
@@ -94,6 +94,7 @@ locals {
         vsi_per_subnet                  = var.vsi_per_subnet
         machine_type                    = var.vsi_instance_profile
         boot_volume_encryption_key_name = "${var.prefix}-vsi-volume-key"
+        use_legacy_network_interface    = var.use_legacy_network_interface
         security_group = {
           name     = "${var.prefix}-${network}"
           vpc_name = var.vpcs[0]

diff --git a/patterns/vsi/module/variables.tf b/patterns/vsi/module/variables.tf
@@ -140,6 +140,12 @@ variable "vsi_per_subnet" {
   default     = 1
 }
 
+variable "use_legacy_network_interface" {
+  description = "Set this to true to use legacy network interface for the created instances."
+  type        = bool
+  default     = false
+}
+
 ##############################################################################
 
 

diff --git a/patterns/vsi/variables.tf b/patterns/vsi/variables.tf
@@ -146,6 +146,12 @@ variable "vsi_per_subnet" {
   default     = 1
 }
 
+variable "use_legacy_network_interface" {
+  description = "Set this to true to use legacy network interface for the created instances."
+  type        = bool
+  default     = false
+}
+
 ##############################################################################
 
 

diff --git a/variables.tf b/variables.tf
@@ -305,6 +305,8 @@ variable "vsi" {
       enable_floating_ip              = optional(bool)
       security_groups                 = optional(list(string))
       boot_volume_encryption_key_name = optional(string)
+      primary_vni_additional_ip_count = optional(number)
+      use_legacy_network_interface    = optional(bool)
       access_tags                     = optional(list(string), [])
       security_group = optional(
         object({

diff --git a/virtual_servers.tf b/virtual_servers.tf
@@ -40,20 +40,22 @@ data "ibm_is_image" "image" {
 ##############################################################################
 
 module "vsi" {
-  source                        = "terraform-ibm-modules/landing-zone-vsi/ibm"
-  version                       = "4.2.0"
-  for_each                      = local.vsi_map
-  resource_group_id             = each.value.resource_group == null ? null : local.resource_groups[each.value.resource_group]
-  create_security_group         = each.value.security_group == null ? false : true
-  prefix                        = "${var.prefix}-${each.value.name}"
-  vpc_id                        = module.vpc[each.value.vpc_name].vpc_id
-  subnets                       = each.value.subnets
-  tags                          = var.tags
-  access_tags                   = each.value.access_tags
-  kms_encryption_enabled        = true
-  skip_iam_authorization_policy = true
-  user_data                     = lookup(each.value, "user_data", null)
-  image_id                      = data.ibm_is_image.image["${var.prefix}-${each.value.name}"].id
+  source                          = "terraform-ibm-modules/landing-zone-vsi/ibm"
+  version                         = "4.3.0"
+  for_each                        = local.vsi_map
+  resource_group_id               = each.value.resource_group == null ? null : local.resource_groups[each.value.resource_group]
+  create_security_group           = each.value.security_group == null ? false : true
+  prefix                          = "${var.prefix}-${each.value.name}"
+  vpc_id                          = module.vpc[each.value.vpc_name].vpc_id
+  subnets                         = each.value.subnets
+  tags                            = var.tags
+  access_tags                     = each.value.access_tags
+  kms_encryption_enabled          = true
+  skip_iam_authorization_policy   = true
+  user_data                       = lookup(each.value, "user_data", null)
+  image_id                        = data.ibm_is_image.image["${var.prefix}-${each.value.name}"].id
+  primary_vni_additional_ip_count = each.value.primary_vni_additional_ip_count
+  use_legacy_network_interface    = each.value.use_legacy_network_interface
   boot_volume_encryption_key = each.value.boot_volume_encryption_key_name == null ? "" : [
     for keys in module.key_management.keys :
     keys.crn if keys.name == each.value.boot_volume_encryption_key_name