Closed faangbait closed 1 day ago
terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = ">= 5.0"
}
rhcs = {
source = "terraform-redhat/rhcs"
version = ">= 1.6.2"
}
}
}
# ROSA Cluster
provider "rhcs" {
token = var.rhcs_token
url = var.rhcs_url
}
# Start template expanded section
module "hcp" {
source = "terraform-redhat/rosa-hcp/rhcs"
version = "1.6.2"
cluster_name = each.key
openshift_version = "4.14.24"
machine_cidr = module.vpc[each.key].cidr_block
aws_subnet_ids = concat(module.vpc[each.key].public_subnets, module.vpc[each.key].private_subnets)
aws_availability_zones = module.vpc[each.key].availability_zones
replicas = length(module.vpc[each.key].availability_zones)
aws_billing_account_id = ###########
compute_machine_type = "m7i.4xlarge"
// Billing tags
tags = {
x-client-name = each.key
}
// STS configuration
create_account_roles = true
create_oidc = true
create_operator_roles = true
account_role_prefix = each.key
operator_role_prefix = each.key
// Automation control
wait_for_create_complete = true
wait_for_std_compute_nodes_complete = true
depends_on = [module.vpc]
for_each = toset(var.clusters)
}
module "vpc" {
source = "terraform-redhat/rosa-hcp/rhcs//modules/vpc"
name_prefix = each.key
availability_zones_count = 2
for_each = toset(var.clusters)
}
Confirmed that HCP ROSA uses Opaque secrets for the tls cert secret:
In ROSA with HCP, valid certificates are stored as type Opaque. This patch searches all secrets in the openshift-ingress namespace for pattern matching. See #1367