AWSTemplateFormatVersion: '2010-09-09' Description: 'Root template for an IBM Cloud Pak for Data deployment. This is the root template for a collection of nested stacks that make up the full CloudPak for Data deployment. **WARNING** This template creates EC2 instances and related resources. You will be billed for the AWS resources used if you create a stack from this template. (qs-1rddjo02q)' Metadata: QuickStartDocumentation: EntrypointName: "Parameters for deploying into a new VPC" Order: "1" AWS::CloudFormation::Interface: ParameterGroups: - Label: default: VPC network configuration Parameters: - NumberOfAZs - AvailabilityZones - VPCCIDR - PrivateSubnet1CIDR - PrivateSubnet2CIDR - PrivateSubnet3CIDR - PublicSubnet1CIDR - PublicSubnet2CIDR - PublicSubnet3CIDR - BootNodeAccessCIDR - ClusterNetworkCIDR - Label: default: DNS configuration Parameters: - DomainName - Label: default: Amazon EC2 configuration Parameters: - KeyPairName - Label: default: OpenShift hosts configuration Parameters: - NumberOfMaster - NumberOfCompute - MasterInstanceType - ComputeInstanceType - AdminPassword - ClusterName - EnableFips - PrivateCluster - Label: default: Storage Configuration Parameters: - StorageType - PortworxSpec - NumberOfOCS - OCSInstanceType - Label: default: Red Hat subscription information Parameters: - RedhatPullSecret - Label: default: IBM Cloud Pak for Data configuration Parameters: - LicenseAgreement - ICPDVersion - APIUsername - APIKey - Namespace - ICPDDeploymentLogsBucketName - WKC - WML - DV - WSL - OpenScale - Spark - CDE - Label: default: AWS Quick Start configuration Parameters: - QSS3BucketName - QSS3BucketRegion - QSS3KeyPrefix ParameterLabels: KeyPairName: default: Key pair name PrivateSubnet1CIDR: default: Private subnet 1 CIDR PrivateSubnet2CIDR: default: Private subnet 2 CIDR PrivateSubnet3CIDR: default: Private subnet 3 CIDR PublicSubnet1CIDR: default: Public subnet 1 CIDR PublicSubnet2CIDR: default: Public subnet 2 CIDR PublicSubnet3CIDR: default: Public subnet 3 CIDR QSS3BucketName: default: Quick Start S3 bucket name QSS3BucketRegion: default: Quick Start S3 bucket region QSS3KeyPrefix: default: Quick Start S3 key prefix BootNodeAccessCIDR: default: Boot node external access CIDR ClusterNetworkCIDR: default: Cluster network CIDR VPCCIDR: default: VPC CIDR AdminPassword: default: Cloud Pak for Data UI password RedhatPullSecret: default: Red Hat pull secret MasterInstanceType: default: Master instance type ComputeInstanceType: default: Compute instance type OCSInstanceType: default: OCS instance type NumberOfMaster: default: Number of master nodes NumberOfCompute: default: Number of compute nodes NumberOfOCS: default: Number of OCS nodes ICPDDeploymentLogsBucketName: default: Output S3 bucket name DomainName: default: Domain name NumberOfAZs: default: Number of Availability Zones AvailabilityZones: default: Availability Zones ClusterName: default: Cluster name StorageType: default: Cluster storage type PortworxSpec: default: Portworx spec file EnableFips: default: Enable Fips PrivateCluster: default: Publish the user-facing endpoints of your cluster. LicenseAgreement: default: License agreement WSL: default: Watson Studio service WML: default: Watson Machine Learning service WKC: default: Watson Knowledge Catalog service DV: default: Data Virtualization service OpenScale: default: Watson OpenScale and Watson Machine Learning services CDE: default: Cognos Dashboard service Spark: default: Analytics Engine powered by Apache Spark service APIUsername: default: IBM Cloud Pak for Data API user name APIKey: default: IBM Cloud Pak for Data API key ICPDVersion: default: IBM Cloud Pak for Data version Namespace: default: OpenShift project Parameters: DV: Description: >- Choose True to install the Data Virtualization service. Type: String AllowedValues: - "False" - "True" Default: "False" WML: Description: >- Choose True to install the Watson Machine Learning service. Type: String AllowedValues: - "False" - "True" Default: "False" WSL: Description: >- Choose True to install the Watson Studio service. Type: String AllowedValues: - "False" - "True" Default: "False" WKC: Description: >- Choose True to install the Watson Knowledge Catalog service. Type: String AllowedValues: - "False" - "True" Default: "False" OpenScale: Description: >- Choose True to install the Watson OpenScale and Watson Machine Learning services. Type: String AllowedValues: - "False" - "True" Default: "False" CDE: Description: >- Choose True to install the Cognos Dashboard Engine service. Type: String AllowedValues: - "False" - "True" Default: "False" Spark: Description: >- Choose True to install the Analytics Engine powered by Apache Spark service. Type: String AllowedValues: - "False" - "True" Default: "False" APIUsername: Description: >- The IBM Cloud Pak for Data user name to access IBM Container Registry. Type: String Default: "cp" APIKey: Description: >- The IBM Cloud Pak for Data API key to access IBM Container Registry. Type: String NoEcho: 'true' NumberOfAZs: Description: >- The number of Availability Zones to be used for the deployment. Keep in mind that some regions may be limited to 2 Availability Zones. For a single ICPD cluster to be highly available, 3 Availability Zones are needed to avoid a single point of failure when using 3, 5 or 7 master nodes. With less than 3 Availability Zones, one of the AZs will have more master nodes. Type: Number Default: 3 # For now, only 1 or 3 AZs can be used. AllowedValues: - 1 - 3 AvailabilityZones: Description: The list of Availability Zones to use for the subnets in the VPC. The Quick Start uses one or three Availability Zones and preserves the logical order you specify. Type: List KeyPairName: Description: The name of an existing public/private key pair, which allows you to securely connect to your instance after it launches. Type: AWS::EC2::KeyPair::KeyName PrivateSubnet1CIDR: AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 Default: 10.0.0.0/19 Description: The CIDR block for the private subnet located in Availability Zone 1. Type: String PrivateSubnet2CIDR: AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 Default: 10.0.32.0/19 Description: The CIDR block for the private subnet located in Availability Zone 2. Type: String PrivateSubnet3CIDR: AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 Default: 10.0.64.0/19 Description: The CIDR block for the private subnet located in Availability Zone 3. Type: String PublicSubnet1CIDR: AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 Default: 10.0.128.0/20 Description: The CIDR block for the public subnet located in Availability Zone 1. Type: String PublicSubnet2CIDR: AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 Default: 10.0.144.0/20 Description: The CIDR block for the public subnet located in Availability Zone 2. Type: String PublicSubnet3CIDR: AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 Default: 10.0.160.0/20 Description: The CIDR block for the public subnet located in Availability Zone 3. Type: String QSS3BucketName: AllowedPattern: ^[0-9a-zA-Z]+([0-9a-zA-Z-]*[0-9a-zA-Z])*$ ConstraintDescription: Quick Start bucket name can include numbers, lowercase letters, uppercase letters, and hyphens (-). It cannot start or end with a hyphen (-). Default: aws-quickstart Description: S3 bucket name for the Quick Start assets. This string can include numbers, lowercase letters, uppercase letters, and hyphens (-). It cannot start or end with a hyphen (-). Type: String QSS3BucketRegion: Default: 'us-east-1' Description: 'The AWS Region where the Quick Start S3 bucket (QSS3BucketName) is hosted. When using your own bucket, you must specify this value.' Type: String QSS3KeyPrefix: AllowedPattern: ^[0-9a-zA-Z-/]*$ ConstraintDescription: Quick Start key prefix can include numbers, lowercase letters, uppercase letters, hyphens (-), and forward slash (/). Default: quickstart-ibm-icp-for-data/ Description: S3 key prefix for the Quick Start assets. Quick Start key prefix can include numbers, lowercase letters, uppercase letters, hyphens (-), and forward slash (/). Type: String BootNodeAccessCIDR: AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$ ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/x Description: The CIDR IP range that is permitted to access boot node instance. We recommend that you set this value to a trusted IP range. The value `0.0.0.0/0` permits all IP addresses to access. Additional values can be added post-deployment from the Amazon EC2 console. Type: String ClusterNetworkCIDR: AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$ ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/x Description: The Cluster Network CIDR IP range that is used as IP address pools for pods. Type: String Default: 10.128.0.0/14 AdminPassword: Description: The password for the Cloud Pak for Data web client. The password must contain at least 8 characters, including letters (with a minimum of one capital letter), numbers, and symbols. Type: String MinLength: '8' AllowedPattern: ^[^ \\']+$ NoEcho: 'true' RedhatPullSecret: Description: S3 path of OpenShift Installer Provisioned Infrastructure pull secret(e.g., s3://my-bucket/path/to/pull-secret). Type: String VPCCIDR: AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 Default: 10.0.0.0/16 Description: CIDR block for the VPC Type: String MasterInstanceType: Default: m5.xlarge AllowedValues: - m5.xlarge - m5.2xlarge - m5d.xlarge - m5d.2xlarge ConstraintDescription: Must contain valid instance type Description: The EC2 instance type for the OpenShift master instances. Type: String OCSInstanceType: Default: m4.4xlarge AllowedValues: - m4.4xlarge - m4.8xlarge - m5.8xlarge - m5.12xlarge - c5.8xlarge - c5.12xlarge - c5.9xlarge - r5.4xlarge - r5.8xlarge - r5.12xlarge - m4.10xlarge - c4.8xlarge ConstraintDescription: Must contain valid instance type Description: Update this value if Storage type selected is OCS. The EC2 instance type for the OpenShift Container Storage instances. Type: String ComputeInstanceType: Default: m5.4xlarge AllowedValues: - m5.4xlarge - m5.8xlarge - m5.12xlarge - m5.24xlarge - m5a.4xlarge - m5a.8xlarge - m5a.12xlarge - m5a.24xlarge - c5.4xlarge - c5.9xlarge - c5.12xlarge - c5.18xlarge - c5.24xlarge - r5.4xlarge - r5.9xlarge - r5.12xlarge - r5.18xlarge - r5.24xlarge ConstraintDescription: Must contain valid instance type Description: The EC2 instance type for the OpenShift compute instances. Type: String NumberOfMaster: Default: '3' Description: The desired capacity for the OpenShift master instances. Must be an odd number. A minimum of 3 is required. Type: String AllowedPattern: '^[3579]$|(^[3-9]+[3579]$)' NumberOfOCS: Default: '3' Description: Update this value if Storage type selected is OCS. The desired capacity for the OpenShift container storage instances. Minimum of 3 is required. Type: String AllowedPattern: '^[3579]$|(^[3-9]+[3579]$)' NumberOfCompute: Default: '3' Description: The desired capacity for the OpenShift compute instances. Minimum of 3 nodes required. If the number of compute instances exceeds your Red Hat entitlement limits or AWS instance limits, the stack will fail. Choose a number that is within your limits. Type: Number ICPDDeploymentLogsBucketName: Description: 'The name of the S3 bucket where IBM Cloud Pak for Data deployment logs are to be exported. The deployment logs provide a record of the boot strap scripting actions and are useful for problem determination if the deployment fails in some way.' Type: String DomainName: Description: 'Amazon Route 53 base domain configured for your OpenShift Container Platform cluster. Name must consist of lower case alphanumeric characters and must start and end with an alphanumeric character.' Type: String ClusterName: Description: Custom cluster name for kubernetes.io/cluster/tags. Type: String AllowedPattern: ^[0-9a-z-]*$ StorageType: Description: Select either EFS, Portworx or Openshift Container Storage as default Storage class. Type: String AllowedValues: - "OCS" - "Portworx" - "EFS" Default: "OCS" PortworxSpec: Description: Update this value if Storage type selected is Portworx. S3 path of Portworx Spec (e.g., s3://my-bucket/path/to/portworxspec.yaml). Type: String Default: "" EnableFips: Description: Enable Fips for Openshift Type: String AllowedValues: - "False" - "True" Default: "False" PrivateCluster: Description: Choose Internal to deploy a private cluster. For details visit OpenShift documentation (https://docs.openshift.com/container-platform/4.5/installing/installing_aws/installing-aws-private.html) Type: String AllowedValues: - "Internal" - "External" Default: "External" ICPDVersion: Description: The version of Cloud Pak for Data to be deployed. Currently only v3.5 is supported. Type: String AllowedValues: - 3.5.2 Default: 3.5.2 LicenseAgreement: Description: >- I have read and agree to the license terms for IBM Cloud Pak for Data (https://ibm.biz/BdfEkc). Type: String Default: '-' AllowedValues: - I agree - '-' ConstraintDescription: must answer 'I agree' Namespace: Description: >- The OpenShift project that will be created for deploying Cloud Pak for Data. It can be any lowercase string. Type: String Default: "zen" Rules: LicenseAgreementRule: Assertions: - Assert: Fn::Contains: - - I agree - Ref: LicenseAgreement AssertDescription: User must agree to the terms of the license agreement. Conditions: 3AZCondition: !Equals [!Ref NumberOfAZs, 3] UsingDefaultBucket: !Equals [!Ref QSS3BucketName, 'aws-quickstart'] Resources: VPCStack: Type: AWS::CloudFormation::Stack Properties: TemplateURL: !If - 3AZCondition - !Sub - https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}submodules/quickstart-aws-vpc/templates/aws-vpc.template.yaml - S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName] S3Region: !If [UsingDefaultBucket, !Ref 'AWS::Region', !Ref QSS3BucketRegion] - !Sub - https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}templates/aws-vpc.template.yaml - S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName] S3Region: !If [UsingDefaultBucket, !Ref 'AWS::Region', !Ref QSS3BucketRegion] Parameters: AvailabilityZones: !Join [ ',', !Ref 'AvailabilityZones'] NumberOfAZs: !Ref NumberOfAZs PrivateSubnet1ACIDR: !Ref 'PrivateSubnet1CIDR' PrivateSubnet2ACIDR: !Ref 'PrivateSubnet2CIDR' PrivateSubnet3ACIDR: !Ref 'PrivateSubnet3CIDR' PrivateSubnetATag2: !Sub "kubernetes.io/cluster/${AWS::StackName}-${AWS::Region}=owned" PrivateSubnetATag3: "kubernetes.io/role/internal-elb=" PublicSubnet1CIDR: !Ref 'PublicSubnet1CIDR' PublicSubnet2CIDR: !Ref 'PublicSubnet2CIDR' PublicSubnet3CIDR: !Ref 'PublicSubnet3CIDR' PublicSubnetTag2: !Sub "kubernetes.io/cluster/${AWS::StackName}-${AWS::Region}=owned" PublicSubnetTag3: "kubernetes.io/role/elb=" VPCCIDR: !Ref 'VPCCIDR' CloudPakDataStack: Type: AWS::CloudFormation::Stack Properties: TemplateURL: !Sub - >- https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}templates/ibm-cloudpak-data.template.yaml - S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName] S3Region: !If [UsingDefaultBucket, !Ref 'AWS::Region', !Ref QSS3BucketRegion] Parameters: NumberOfAZs: !Ref NumberOfAZs AvailabilityZones: !Join [ ',', !Ref 'AvailabilityZones'] MasterInstanceType: !Ref 'MasterInstanceType' ComputeInstanceType: !Ref 'ComputeInstanceType' OCSInstanceType: !Ref 'OCSInstanceType' NumberOfMaster: !Ref 'NumberOfMaster' NumberOfOCS: !Ref 'NumberOfOCS' NumberOfCompute: !Ref 'NumberOfCompute' KeyPairName: !Ref 'KeyPairName' PrivateSubnet1ID: !GetAtt 'VPCStack.Outputs.PrivateSubnet1AID' PrivateSubnet2ID: !If - 3AZCondition - !GetAtt 'VPCStack.Outputs.PrivateSubnet2AID' - "" PrivateSubnet3ID: !If - 3AZCondition - !GetAtt 'VPCStack.Outputs.PrivateSubnet3AID' - "" PublicSubnet1ID: !GetAtt 'VPCStack.Outputs.PublicSubnet1ID' PublicSubnet2ID: !If - 3AZCondition - !GetAtt 'VPCStack.Outputs.PublicSubnet2ID' - "" PublicSubnet3ID: !If - 3AZCondition - !GetAtt 'VPCStack.Outputs.PublicSubnet3ID' - "" BootNodeAccessCIDR: !Ref 'BootNodeAccessCIDR' ClusterNetworkCIDR: !Ref 'ClusterNetworkCIDR' QSS3BucketName: !Ref 'QSS3BucketName' QSS3BucketRegion: !Ref QSS3BucketRegion QSS3KeyPrefix: !Ref 'QSS3KeyPrefix' AdminPassword: !Ref 'AdminPassword' RedhatPullSecret: !Ref 'RedhatPullSecret' ICPDDeploymentLogsBucketName: !Ref 'ICPDDeploymentLogsBucketName' VPCCIDR: !Ref 'VPCCIDR' VPCID: !GetAtt 'VPCStack.Outputs.VPCID' DomainName: !Ref 'DomainName' ICPDVersion: !Ref ICPDVersion Namespace: !Ref Namespace LicenseAgreement: !Ref LicenseAgreement ClusterName: !Ref ClusterName StorageType: !Ref StorageType EnableFips: !Ref EnableFips PrivateCluster: !Ref PrivateCluster PortworxSpec: !Ref PortworxSpec WKC: !Ref WKC WML: !Ref WML WSL: !Ref WSL DV: !Ref DV OpenScale: !Ref OpenScale CDE: !Ref CDE Spark: !Ref Spark APIKey: !Ref APIKey APIUsername: !Ref APIUsername Outputs: BootnodePublicIp: Description: The boot node public IP address. Value: !GetAtt 'CloudPakDataStack.Outputs.BootnodePublicIp' OpenShiftUI: Description: The URL for the OpenShift UI. Value: !GetAtt 'CloudPakDataStack.Outputs.OpenshiftURLValue' ICPDWebClientURL: Description: CloudPak for Data web client URL. Value: !GetAtt 'CloudPakDataStack.Outputs.ICPDWebClientURL' OpenshiftPassword: Description: OpenShift password secret. Value: !GetAtt 'CloudPakDataStack.Outputs.OpenshiftPassword'