Creating clusters with deployable architectures

Creating a secure, compliant, and tailored Red Hat® OpenShift® on IBM Cloud® cluster is often challenging and requires expertise. However, with careful planning and appropriate resources, it is feasible to automate most aspects of the deployment process. IBM Cloud provides you with well-architected patterns called deployable architectures (DA) that can help you set up your environment.

There are three different DAs that create a cluster or clusters for you. They are:

Red Hat OpenShift Container Platform on VPC Landing Zone - This DA creates a Red Hat® OpenShift® on IBM Cloud® cluster environment that adheres to the IBM Financial Services Cloud reference architecture.
OpenShift AI on IBM Cloud - This Community Registry DA will create a cluster for you with GPU-based worker nodes and install the Red Hat OpenShift AI operator and all of its dependents.
Red Hat OpenShift on IBM Cloud Starters - This Community Registry DA will create a simple cluster for your with or without integrated logging and monitoring.

Checking your permissions

Each DA has a set of permissions that the user must have in order to be successful in executing the DA. A DA cannot only create the cluster for you, but can also create other complementary services that the cluster can use or integrate with. When executing the DA, a permissions check will be done to ensure you have the necessary permissions to create the resources in the DA. See IAM roles and actions for details on the specific permission needed by related services.

Creating an API key

In order to authenticate yourself with the DA, an IBM Cloud API Key is required. After you have all the necessary permissions, create an API key and save it for use when executing the DA.

Creating the DA

When you are ready to create a cluster using a DA, click the appropriate DA tile in the catalog. If the DA has different variations, choose the variation that meets your needs. For each variation you should see an architecture diagram that shows what the DA will create.

To begin, click Add to Project in the lower right hand corner. Projects are a way to execute DAs and collect the resources created by the DAs. Give your project a name. The configuration name is actually the name of the IBM Cloud Schematics workspace, where the DA terraform will execute. Select the region where you want the Schematics workspace to be created. After providing all the information, click Create.

When you open the project, you will see the DA schematics name and version that you previously selected in the Define Details section. In the Configure section, there are three tabs:

Security - Enter the API key you created above in the api_key text box.
Required - Enter all required variables on the Required tab.
Optional - Enter all optional variables on the Optional tab.

After you specify all the variables, click Save and then click Validate.

The DA will now begin to execute in the Schematics workspace. The first phase is a validation phase. For some DAs, you can skip the results of the validation. The OpenShift AI and Starters DA are focused on getting you a cluster quickly. For the VPC Landing Zone DA you should pay attention to the validation errors if any are shown.

To continue, either fix your validation concerns by clicking Edit Configuration or override the validation by providing a comment and clicking Override and Approve. Then click Deploy to execute the DA terraform.

After the DA has finished provisioning, you can see your cluster in the IBM Cloud console.