openshift · openshift-merge-robot · Feb 16, 2023 · Sep 20, 2022 · Feb 9, 2023
diff --git a/data/data/ibmcloud/network/main.tf b/data/data/ibmcloud/network/main.tf
@@ -1,11 +1,17 @@
 locals {
-  resource_group_id = var.ibmcloud_resource_group_name == "" ? ibm_resource_group.group.0.id : data.ibm_resource_group.group.0.id
+  network_resource_group_id = var.ibmcloud_network_resource_group_name == "" ? local.resource_group_id : data.ibm_resource_group.network_group.0.id
+  resource_group_id         = var.ibmcloud_resource_group_name == "" ? ibm_resource_group.group.0.id : data.ibm_resource_group.group.0.id
 }
 
 ############################################
-# Resource group
+# Resource groups
 ############################################
 
+data "ibm_resource_group" "network_group" {
+  count = var.ibmcloud_network_resource_group_name == "" ? 0 : 1
+  name  = var.ibmcloud_network_resource_group_name
+}
+
 resource "ibm_resource_group" "group" {
   count = var.ibmcloud_resource_group_name == "" ? 1 : 0
   name  = var.cluster_id
@@ -100,12 +106,13 @@ module "dhost" {
 module "vpc" {
   source = "./vpc"
 
-  cluster_id        = var.cluster_id
-  public_endpoints  = local.public_endpoints
-  resource_group_id = local.resource_group_id
-  tags              = local.tags
-  zones_master      = distinct(var.ibmcloud_master_availability_zones)
-  zones_worker      = distinct(var.ibmcloud_worker_availability_zones)
+  cluster_id                = var.cluster_id
+  network_resource_group_id = local.network_resource_group_id
+  public_endpoints          = local.public_endpoints
+  resource_group_id         = local.resource_group_id
+  tags                      = local.tags
+  zones_master              = distinct(var.ibmcloud_master_availability_zones)
+  zones_worker              = distinct(var.ibmcloud_worker_availability_zones)
 
   preexisting_vpc       = var.ibmcloud_preexisting_vpc
   cluster_vpc           = var.ibmcloud_vpc

diff --git a/data/data/ibmcloud/network/vpc/variables.tf b/data/data/ibmcloud/network/vpc/variables.tf
@@ -6,6 +6,10 @@ variable "cluster_id" {
   type = string
 }
 
+variable "network_resource_group_id" {
+  type = string
+}
+
 variable "public_endpoints" {
   type = bool
 }

diff --git a/data/data/ibmcloud/network/vpc/vpc.tf b/data/data/ibmcloud/network/vpc/vpc.tf
@@ -5,7 +5,7 @@
 resource "ibm_is_vpc" "vpc" {
   count          = var.preexisting_vpc ? 0 : 1
   name           = "${local.prefix}-vpc"
-  resource_group = var.resource_group_id
+  resource_group = var.network_resource_group_id
   tags           = var.tags
 }
 
@@ -17,7 +17,7 @@ resource "ibm_is_public_gateway" "public_gateway" {
   count = var.preexisting_vpc ? 0 : length(local.zones_all)
 
   name           = "${local.prefix}-public-gateway-${local.zones_all[count.index]}"
-  resource_group = var.resource_group_id
+  resource_group = var.network_resource_group_id
   tags           = var.tags
   vpc            = ibm_is_vpc.vpc[0].id
   zone           = local.zones_all[count.index]
@@ -31,7 +31,7 @@ resource "ibm_is_subnet" "control_plane" {
   count = var.preexisting_vpc ? 0 : length(var.zones_master)
 
   name                     = "${local.prefix}-subnet-control-plane-${var.zones_master[count.index]}"
-  resource_group           = var.resource_group_id
+  resource_group           = var.network_resource_group_id
   tags                     = var.tags
   vpc                      = ibm_is_vpc.vpc[0].id
   zone                     = var.zones_master[count.index]
@@ -43,7 +43,7 @@ resource "ibm_is_subnet" "compute" {
   count = var.preexisting_vpc ? 0 : length(var.zones_worker)
 
   name                     = "${local.prefix}-subnet-compute-${var.zones_worker[count.index]}"
-  resource_group           = var.resource_group_id
+  resource_group           = var.network_resource_group_id
   tags                     = var.tags
   vpc                      = ibm_is_vpc.vpc[0].id
   zone                     = var.zones_worker[count.index]

diff --git a/data/data/ibmcloud/variables-ibmcloud.tf b/data/data/ibmcloud/variables-ibmcloud.tf
@@ -117,9 +117,19 @@ variable "ibmcloud_publish_strategy" {
   # }
 }
 
-variable "ibmcloud_resource_group_name" {
+variable "ibmcloud_network_resource_group_name" {
   type = string
   description = <<EOF
+(optional) The name of the resource group for existing cluster network resources. If this is set, the existing network resources
+(VPC, Subnets, etc.) must exist in the resource group to be used for cluster creation. Otherwise, new network resources are
+created in the same resource group as the other cluster resources (see 'ibmcloud_resource_group_name').
+EOF
+  default = ""
+}
+
+variable "ibmcloud_resource_group_name" {
+  type        = string
+  description = <<EOF
 (optional) The name of the resource group for the cluster. If this is set, the cluster is installed to that existing resource group
 otherwise a new resource group will be created using cluster id.
 EOF

diff --git a/data/data/install.openshift.io_installconfigs.yaml b/data/data/install.openshift.io_installconfigs.yaml
@@ -4,7 +4,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.9.2
+    controller-gen.kubebuilder.io/version: v0.10.0
   creationTimestamp: null
   name: installconfigs.install.openshift.io
 spec:
@@ -2475,6 +2475,11 @@ spec:
                           type: string
                         type: array
                     type: object
+                  networkResourceGroupName:
+                    description: NetworkResourceGroupName is the name of an already
+                      existing resource group where an existing VPC and set of Subnets
+                      exist, to be used during cluster creation.
+                    type: string
                   region:
                     description: Region specifies the IBM Cloud region where the cluster
                       will be created.
@@ -2485,8 +2490,8 @@ spec:
                       a new resource group will be created for the cluster.
                     type: string
                   vpcName:
-                    description: VPCName is the name of an already existing VPC where
-                      the cluster should be installed.
+                    description: VPCName is the name of an already existing VPC to
+                      be used during cluster creation.
                     type: string
                 required:
                 - region

diff --git a/go.mod b/go.mod
@@ -62,11 +62,11 @@ require (
 	github.com/openshift/client-go v0.0.0-20221019143426-16aed247da5c
 	github.com/openshift/cloud-credential-operator v0.0.0-20200316201045-d10080b52c9e
 	github.com/openshift/cluster-api-provider-baremetal v0.0.0-20220408122422-7a548effc26e
-	github.com/openshift/cluster-api-provider-ibmcloud v0.0.1-0.20220201105455-8014e5e894b0
 	github.com/openshift/cluster-api-provider-libvirt v0.2.1-0.20230203123120-e55e92c14b2c
 	github.com/openshift/cluster-api-provider-ovirt v0.1.1-0.20220323121149-e3f2850dd519
 	github.com/openshift/hive/apis v0.0.0-20220222213051-def9088fdb5a
 	github.com/openshift/library-go v0.0.0-20220920133651-093893cf326b
+	github.com/openshift/machine-api-provider-ibmcloud v0.0.0-20230124105206-50aa171a52e1
 	github.com/openshift/machine-config-operator v0.0.0
 	github.com/ovirt/go-ovirt v0.0.0-20210809163552-d4276e35d3db
 	github.com/pborman/uuid v1.2.0
@@ -102,7 +102,7 @@ require (
 	k8s.io/klog v1.0.0
 	k8s.io/klog/v2 v2.90.0
 	k8s.io/utils v0.0.0-20230115233650-391b47cb4029
-	sigs.k8s.io/controller-tools v0.9.2
+	sigs.k8s.io/controller-tools v0.10.0
 	sigs.k8s.io/yaml v1.3.0
 )
 

diff --git a/go.sum b/go.sum
@@ -1088,8 +1088,6 @@ github.com/openshift/cloud-provider-vsphere v1.19.1-0.20211222185833-7829863d055
 github.com/openshift/cloud-provider-vsphere v1.19.1-0.20211222185833-7829863d0558/go.mod h1:bgZfB07YK1CBbJRkFE13BHG+k53Qq0IuQyrehZAbv7M=
 github.com/openshift/cluster-api-provider-baremetal v0.0.0-20220408122422-7a548effc26e h1:FWzYb0sH16yVOyySUwY5yXtZFW/U2bPoK38SEGjC5D8=
 github.com/openshift/cluster-api-provider-baremetal v0.0.0-20220408122422-7a548effc26e/go.mod h1:Q5WzHV1JZw/XNRnXCo8JfyOSegL13a+lhV4sc44lpSI=
-github.com/openshift/cluster-api-provider-ibmcloud v0.0.1-0.20220201105455-8014e5e894b0 h1:G68R/I4HB4F4LawreWxKruqThNpmmXf5DSAsJALc9FY=
-github.com/openshift/cluster-api-provider-ibmcloud v0.0.1-0.20220201105455-8014e5e894b0/go.mod h1:CLnQ32mWHZtlQeHX0lYLMA+QTrrdXbg9K8smrWOPXMk=
 github.com/openshift/cluster-api-provider-libvirt v0.2.1-0.20230203123120-e55e92c14b2c h1:gq3EVbCFath848QkE71dMjdBTnzpRoYvD+Nnj2Wp97U=
 github.com/openshift/cluster-api-provider-libvirt v0.2.1-0.20230203123120-e55e92c14b2c/go.mod h1:lApSDY9c9SRjLgLAnwMhyuENQRHR/o1yBtH6RG8GScw=
 github.com/openshift/cluster-api-provider-ovirt v0.1.1-0.20220323121149-e3f2850dd519 h1:foU7/s6DQczTFdZ/8H++pUC2Pzygqdz5ZgqUakksR5w=
@@ -1102,6 +1100,8 @@ github.com/openshift/library-go v0.0.0-20191003152030-97c62d8a2901/go.mod h1:NBt
 github.com/openshift/library-go v0.0.0-20200831114015-2ab0c61c15de/go.mod h1:6vwp+YhYOIlj8MpkQKkebTTSn2TuYyvgiAFQ206jIEQ=
 github.com/openshift/library-go v0.0.0-20220920133651-093893cf326b h1:LWwB7uN91G/JsMnZFd0+q6ZzAXlB4/oUOfpZWA585gw=
 github.com/openshift/library-go v0.0.0-20220920133651-093893cf326b/go.mod h1:KPBAXGaq7pPmA+1wUVtKr5Axg3R68IomWDkzaOxIhxM=
+github.com/openshift/machine-api-provider-ibmcloud v0.0.0-20230124105206-50aa171a52e1 h1:winAA43R7imUj8uzAF7NVs3QWIxheF+rhpRF+O+0/R8=
+github.com/openshift/machine-api-provider-ibmcloud v0.0.0-20230124105206-50aa171a52e1/go.mod h1:UDA+gKaUSWbZsKbUbzybyaIqdksOQF5iKc+OsYnHL9k=
 github.com/openshift/machine-config-operator v0.0.1-0.20201009041932-4fe8559913b8 h1:C4gCipkWTDp0B9jb0wZdLgB+HWC7EzVVwQOeNaKnTRA=
 github.com/openshift/machine-config-operator v0.0.1-0.20201009041932-4fe8559913b8/go.mod h1:fjKreLaKEeUKsyIkT4wlzIQwUVJ2ZKDUh3CI73ckYIY=
 github.com/openshift/runtime-utils v0.0.0-20200415173359-c45d4ff3f912/go.mod h1:0OXNy7VoqFexkxKqyQbHJLPwn1MFp1/CxRJAgKHM+/o=

diff --git a/pkg/asset/cluster/tfvars.go b/pkg/asset/cluster/tfvars.go
@@ -20,7 +20,6 @@ import (
 	configv1 "github.com/openshift/api/config/v1"
 	machinev1 "github.com/openshift/api/machine/v1"
 	machinev1beta1 "github.com/openshift/api/machine/v1beta1"
-	ibmcloudprovider "github.com/openshift/cluster-api-provider-ibmcloud/pkg/apis/ibmcloudprovider/v1"
 	libvirtprovider "github.com/openshift/cluster-api-provider-libvirt/pkg/apis/libvirtproviderconfig/v1beta1"
 	ovirtprovider "github.com/openshift/cluster-api-provider-ovirt/pkg/apis/ovirtprovider/v1beta1"
 	"github.com/openshift/installer/pkg/asset"
@@ -67,6 +66,7 @@ import (
 	"github.com/openshift/installer/pkg/types/ovirt"
 	"github.com/openshift/installer/pkg/types/powervs"
 	"github.com/openshift/installer/pkg/types/vsphere"
+	ibmcloudprovider "github.com/openshift/machine-api-provider-ibmcloud/pkg/apis/ibmcloudprovider/v1"
 )
 
 const (
@@ -603,18 +603,19 @@ func (t *TerraformVariables) Generate(parents asset.Parents) error {
 
 		data, err = ibmcloudtfvars.TFVars(
 			ibmcloudtfvars.TFVarsSources{
-				Auth:                 auth,
-				CISInstanceCRN:       cisCRN,
-				DNSInstanceID:        dnsID,
-				ImageURL:             string(*rhcosImage),
-				MasterConfigs:        masterConfigs,
-				MasterDedicatedHosts: masterDedicatedHosts,
-				PreexistingVPC:       preexistingVPC,
-				PublishStrategy:      installConfig.Config.Publish,
-				ResourceGroupName:    installConfig.Config.Platform.IBMCloud.ResourceGroupName,
-				VPCPermitted:         vpcPermitted,
-				WorkerConfigs:        workerConfigs,
-				WorkerDedicatedHosts: workerDedicatedHosts,
+				Auth:                     auth,
+				CISInstanceCRN:           cisCRN,
+				DNSInstanceID:            dnsID,
+				ImageURL:                 string(*rhcosImage),
+				MasterConfigs:            masterConfigs,
+				MasterDedicatedHosts:     masterDedicatedHosts,
+				NetworkResourceGroupName: installConfig.Config.Platform.IBMCloud.NetworkResourceGroupName,
+				PreexistingVPC:           preexistingVPC,
+				PublishStrategy:          installConfig.Config.Publish,
+				ResourceGroupName:        installConfig.Config.Platform.IBMCloud.ResourceGroupName,
+				VPCPermitted:             vpcPermitted,
+				WorkerConfigs:            workerConfigs,
+				WorkerDedicatedHosts:     workerDedicatedHosts,
 			},
 		)
 		if err != nil {

diff --git a/pkg/asset/installconfig/ibmcloud/validation.go b/pkg/asset/installconfig/ibmcloud/validation.go
@@ -39,10 +39,10 @@ func validatePlatform(client API, ic *types.InstallConfig, path *field.Path) fie
 	allErrs := field.ErrorList{}
 
 	if ic.Platform.IBMCloud.ResourceGroupName != "" {
-		allErrs = append(allErrs, validateResourceGroup(client, ic, path)...)
+		allErrs = append(allErrs, validateResourceGroup(client, ic.IBMCloud.ResourceGroupName, "resourceGroupName", path)...)
 	}
 
-	if ic.Platform.IBMCloud.VPCName != "" {
+	if ic.Platform.IBMCloud.NetworkResourceGroupName != "" || ic.Platform.IBMCloud.VPCName != "" {
 		allErrs = append(allErrs, validateExistingVPC(client, ic, path)...)
 	}
 
@@ -196,27 +196,27 @@ func validateMachinePoolBootVolume(client API, bootVolume ibmcloud.BootVolume, p
 	return allErrs
 }
 
-func validateResourceGroup(client API, ic *types.InstallConfig, path *field.Path) field.ErrorList {
+func validateResourceGroup(client API, resourceGroupName string, platformField string, path *field.Path) field.ErrorList {
 	allErrs := field.ErrorList{}
 
-	if ic.IBMCloud.ResourceGroupName == "" {
+	if resourceGroupName == "" {
 		return allErrs
 	}
 
 	resourceGroups, err := client.GetResourceGroups(context.TODO())
 	if err != nil {
-		return append(allErrs, field.InternalError(path.Child("resourceGroupName"), err))
+		return append(allErrs, field.InternalError(path.Child(platformField), err))
 	}
 
 	found := false
 	for _, rg := range resourceGroups {
-		if *rg.ID == ic.IBMCloud.ResourceGroupName || *rg.Name == ic.IBMCloud.ResourceGroupName {
+		if *rg.ID == resourceGroupName || *rg.Name == resourceGroupName {
 			found = true
 		}
 	}
 
 	if !found {
-		return append(allErrs, field.NotFound(path.Child("resourceGroupName"), ic.IBMCloud.ResourceGroupName))
+		return append(allErrs, field.NotFound(path.Child(platformField), resourceGroupName))
 	}
 
 	return allErrs
@@ -226,12 +226,13 @@ func validateExistingVPC(client API, ic *types.InstallConfig, path *field.Path)
 	allErrs := field.ErrorList{}
 
 	if ic.IBMCloud.VPCName == "" {
-		return allErrs
+		return append(allErrs, field.Invalid(path.Child("vpcName"), ic.IBMCloud.VPCName, fmt.Sprintf("vpcName cannot be empty when providing a networkResourceGroupName: %s", ic.IBMCloud.NetworkResourceGroupName)))
 	}
 
-	if ic.IBMCloud.ResourceGroupName == "" {
-		return append(allErrs, field.NotFound(path.Child("resourceGroupName"), ic.IBMCloud.ResourceGroupName))
+	if ic.IBMCloud.NetworkResourceGroupName == "" {
+		return append(allErrs, field.Invalid(path.Child("networkResourceGroupName"), ic.IBMCloud.NetworkResourceGroupName, fmt.Sprintf("networkResourceGroupName cannot be empty when providing a vpcName: %s", ic.IBMCloud.VPCName)))
 	}
+	allErrs = append(allErrs, validateResourceGroup(client, ic.IBMCloud.NetworkResourceGroupName, "networkResourceGroupName", path)...)
 
 	vpcs, err := client.GetVPCs(context.TODO(), ic.IBMCloud.Region)
 	if err != nil {
@@ -241,8 +242,8 @@ func validateExistingVPC(client API, ic *types.InstallConfig, path *field.Path)
 	found := false
 	for _, vpc := range vpcs {
 		if *vpc.Name == ic.IBMCloud.VPCName {
-			if *vpc.ResourceGroup.ID != ic.IBMCloud.ResourceGroupName && *vpc.ResourceGroup.Name != ic.IBMCloud.ResourceGroupName {
-				return append(allErrs, field.Invalid(path.Child("vpcName"), ic.IBMCloud.VPCName, fmt.Sprintf("vpc is not in provided ResourceGroup: %s", ic.IBMCloud.ResourceGroupName)))
+			if *vpc.ResourceGroup.ID != ic.IBMCloud.NetworkResourceGroupName && *vpc.ResourceGroup.Name != ic.IBMCloud.NetworkResourceGroupName {
+				return append(allErrs, field.Invalid(path.Child("vpcName"), ic.IBMCloud.VPCName, fmt.Sprintf("vpc is not in provided Network ResourceGroup: %s", ic.IBMCloud.NetworkResourceGroupName)))
 			}
 			found = true
 			allErrs = append(allErrs, validateExistingSubnets(client, ic, path, *vpc.ID)...)
@@ -276,8 +277,8 @@ func validateExistingSubnets(client API, ic *types.InstallConfig, path *field.Pa
 				if *subnet.VPC.ID != vpcID {
 					allErrs = append(allErrs, field.Invalid(path.Child("controlPlaneSubnets"), controlPlaneSubnet, fmt.Sprintf("controlPlaneSubnets contains subnet: %s, not found in expected vpcID: %s", controlPlaneSubnet, vpcID)))
 				}
-				if *subnet.ResourceGroup.ID != ic.IBMCloud.ResourceGroupName && *subnet.ResourceGroup.Name != ic.IBMCloud.ResourceGroupName {
-					allErrs = append(allErrs, field.Invalid(path.Child("controlPlaneSubnets"), controlPlaneSubnet, fmt.Sprintf("controlPlaneSubnets contains subnet: %s, not found in expected resourceGroupName: %s", controlPlaneSubnet, ic.IBMCloud.ResourceGroupName)))
+				if *subnet.ResourceGroup.ID != ic.IBMCloud.NetworkResourceGroupName && *subnet.ResourceGroup.Name != ic.IBMCloud.NetworkResourceGroupName {
+					allErrs = append(allErrs, field.Invalid(path.Child("controlPlaneSubnets"), controlPlaneSubnet, fmt.Sprintf("controlPlaneSubnets contains subnet: %s, not found in expected networkResourceGroupName: %s", controlPlaneSubnet, ic.IBMCloud.NetworkResourceGroupName)))
 				}
 				controlPlaneSubnetZones[*subnet.Zone.Name]++
 			}
@@ -323,8 +324,8 @@ func validateExistingSubnets(client API, ic *types.InstallConfig, path *field.Pa
 				if *subnet.VPC.ID != vpcID {
 					allErrs = append(allErrs, field.Invalid(path.Child("computeSubnets"), computeSubnet, fmt.Sprintf("computeSubnets contains subnet: %s, not found in expected vpcID: %s", computeSubnet, vpcID)))
 				}
-				if *subnet.ResourceGroup.ID != ic.IBMCloud.ResourceGroupName && *subnet.ResourceGroup.Name != ic.IBMCloud.ResourceGroupName {
-					allErrs = append(allErrs, field.Invalid(path.Child("computeSubnets"), computeSubnet, fmt.Sprintf("computeSubnets contains subnet: %s, not found in expected resourceGroupName: %s", computeSubnet, ic.IBMCloud.ResourceGroupName)))
+				if *subnet.ResourceGroup.ID != ic.IBMCloud.NetworkResourceGroupName && *subnet.ResourceGroup.Name != ic.IBMCloud.NetworkResourceGroupName {
+					allErrs = append(allErrs, field.Invalid(path.Child("computeSubnets"), computeSubnet, fmt.Sprintf("computeSubnets contains subnet: %s, not found in expected networkResourceGroupName: %s", computeSubnet, ic.IBMCloud.NetworkResourceGroupName)))
 				}
 				computeSubnetZones[*subnet.Zone.Name]++
 			}