Merge pull request #106 from oci-landing-zones/v2.1.0-RC1

V2.1.0 rc1

README.md

@@ -25,8 +25,8 @@ This repository is the source of truth for the OCI Open LZ and includes three ty
 | <img src="commons/images/size_m.svg" width="23" align="center"> |...[`one-oe/`](blueprints/one-oe/) |  Onboards **[One](/blueprints/one-oe/readme.md) OE** with its environments, platforms, and projects in **one tenancy**. [<img src="commons/images/DeployToOCI.svg"  height="22" align="center">](/blueprints/one-oe/runtime/one-stack/readme.md)|
 |  <img src="commons/images/size_l.svg" width="23" align="center"> |...[`multi-oe/`](blueprints/multi-oe/) |  Onboards **[Multiple](/blueprints/multi-oe/readme.md) OEs** with shared services and OE-dedicated resources, sharing **one tenancy**. |
 | <img src="commons/images/size_xl.svg" width="23" align="center">  |...[`multi-tenancy/`](blueprints/multi-tenancy/) | Uses One-OE and Multi-OE to onboard all your organizations or customers into **several tenancies**.
-**2** |**[`addons/`](addons/)** | **Complement** your landing zone with add-ons to run OCI with best practices. (e.g., [Network Hubs](/addons/oci-hub-models/readme.md))|
-| **3** |**[`workload-extensions/`](workload-extensions/)** | **Extend** your landing zone with pluggable workload extensions (e.g., [EBS](/workload-extensions/ebs/readme.md), [OCVS](/workload-extensions/oci-lz-ext-ocvs/README.md), [...](/workload-extensions/readme.md)).|
+**2** |**[`addons/`](addons/)** | **Complement** your blueprint to run OCI with **best practices**. (e.g., [**Network Hubs**](/addons/oci-hub-models/readme.md), [**OAG**](/addons/oci-oag/README.md))|
+| **3** |**[`workload-extensions/`](workload-extensions/)** | **Extend** your landing zone with pluggable **workloads** (e.g., [**EBS**](/workload-extensions/ebs/readme.md), [**OCVS**](/workload-extensions/oci-lz-ext-ocvs/README.md), [**AI**](/workload-extensions/ai-services/) [...](/workload-extensions/readme.md)).|
 
 &nbsp; 
 
@@ -49,21 +49,23 @@ The OCI Open LZ uses a [declarative Infrastructure-as-Code (IaC)](https://github
 | [OCI Landing Zones Observability][oci-lz-observability] | Covers OCI Monitoring resources (e.g., Logging, Events, Alarms, Notifications, etc.).
 | [OCI Landing Zones Governance][oci-lz-governance] | Covers OCI Tagging.
 
+&nbsp; 
+
 ## Contributing
 
-*If your project has specific contribution requirements, update the CONTRIBUTING.md file to ensure those requirements are clearly explained*
 
 This project welcomes contributions from the community. Before submitting a pull request, please [review our contribution guide](./CONTRIBUTING.md)
 
+&nbsp; 
 ## Security
 
 Please consult the [security guide](./SECURITY.md) for our responsible security vulnerability disclosure process
 
 &nbsp; 
 
-&nbsp; 
 
-# License
+
+## License
 
 Copyright (c) 2024 Oracle and/or its affiliates.
 

addons/oci-hub-models/hub_a/readme.md

@@ -9,7 +9,7 @@
 [2. Components](#2-components)</br>
 [3. Specifications and Considerations](#3-specifications-and-considerations)</br>
 [4. Routing](#4-routing)</br>
-[5. Automation](#5-automation)</br>
+[5. Deploy](#5-deploy)</br>
 
 &nbsp;
 
@@ -71,9 +71,21 @@ For a comprehensive understanding of how network packets flow within **Hub A** a
 
 &nbsp;
 
-### 5. Automation
+### 5. Deploy
 
-For automating this Hub model use the [CIS Network](https://github.com/oci-landing-zones/terraform-oci-modules-networking) Terraform modules. As an example configuration please refer to [oci_open_lz_one-oe_network.auto.tfvars.json](/blueprints/one-oe/runtime/one-stack/oci_open_lz_one-oe_network.auto.tfvars.json).
+Follow the deployment sheet below to have Hub A deployed in your tenancy with IaC declarations.
+
+
+&nbsp;
+
+
+| |  | |
+|---|---|--| 
+| **OPERATION** | **Hub A Deployment (Light Version - No Cost)** | **Hub A Deployment (Complete Version - With Cost)** | 
+| **TARGET RESOURCES**  </br></br><img src="../../../commons/images/icon_oci.jpg" width="32">| </br>This operation creates the resources described in [Section 2](#2-components) **without** Firewall and with 1 always free Load Balancer.  |  </br>This operation creates all the resources described in [Section 2](#2-components). **Note** that some resources, such as Network Firewalls and Load Balancers incur **costs**.</br></br> 
+| **INPUT CONFIGURATIONS** </br></br><img src="../../../commons/images/icon_json.jpg" width="30" align="center">&nbsp; +&nbsp; <img src="../../../commons/images/icon_terraform.jpg" width="32" align="center">|</br>[**IAM Configuration**](oci_open_lz_hub_a_iam.auto.tfvars.json) as input to the [OCI Landing Zone IAM](https://github.com/oracle-quickstart/terraform-oci-cis-landing-zone-iam) module. </br>[**Network Configuration**](oci_open_lz_hub_a_network_light.auto.tfvars.json) as input to the [OCI Landing Zone Network](https://github.com/oci-landing-zones/terraform-oci-modules-networking) module.</br></br> | [**IAM Configuration**](oci_open_lz_hub_a_iam.auto.tfvars.json) as input to the [OCI Landing Zone IAM](https://github.com/oracle-quickstart/terraform-oci-cis-landing-zone-iam) module. </br>[**Network Configuration**](oci_open_lz_hub_a_network.auto.tfvars.json) as input to the [OCI Landing Zone Network](https://github.com/oci-landing-zones/terraform-oci-modules-networking) module.</br></br> | 
+| **DEPLOY WITH ORM** </br>*- STEP #1* </br></br><img src="../../../commons/images/icon_orm.jpg" width="40">| </br>[<img src="/commons/images/DeployToOCI.svg"  height="25" align="center">](https://cloud.oracle.com/resourcemanager/stacks/create?zipUrl=https://github.com/oci-landing-zones/terraform-oci-modules-orchestrator/archive/refs/tags/v2.0.3.zip&zipUrlVariables={"input_config_files_urls":"https://raw.githubusercontent.com/oci-landing-zones/oci-landing-zone-operating-entities/master/addons/oci-hub-models/hub_a/oci_open_lz_hub_a_iam.auto.tfvars.json,https://raw.githubusercontent.com/oci-landing-zones/oci-landing-zone-operating-entities/master/addons/oci-hub-models/hub_a/oci_open_lz_hub_a_network_light.auto.tfvars.json"})  </br></br> And follow these steps:</br> **a**. Accept terms,  wait for the configuration to load. </br> **b**. Set the working directory to “rms-facade”. </br> **c**. Set the stack name you prefer.</br> **d**. Set the terraform version to 1.2.x. Click Next. </br> **e**. Accept the default files. Click Next. Optionally, replace with your json/yaml config files. </br> **f**. Un-check run apply. Click Create. </br> </br> | </br>[<img src="/commons/images/DeployToOCI.svg"  height="25" align="center">](https://cloud.oracle.com/resourcemanager/stacks/create?zipUrl=https://github.com/oci-landing-zones/terraform-oci-modules-orchestrator/archive/refs/tags/v2.0.3.zip&zipUrlVariables={"input_config_files_urls":"https://raw.githubusercontent.com/oci-landing-zones/oci-landing-zone-operating-entities/master/addons/oci-hub-models/hub_a/oci_open_lz_hub_a_iam.auto.tfvars.json,https://raw.githubusercontent.com/oci-landing-zones/oci-landing-zone-operating-entities/master/addons/oci-hub-models/hub_a/oci_open_lz_hub_a_network.auto.tfvars.json"})  </br></br> And follow these steps:</br> **a**. Accept terms,  wait for the configuration to load. </br> **b**. Set the working directory to “rms-facade”. </br> **c**. Set the stack name you prefer.</br> **d**. Set the terraform version to 1.2.x. Click Next. </br> **e**. Accept the default files. Click Next. Optionally, replace with your json/yaml config files. </br> **f**. Un-check run apply. Click Create. </br> </br> |
+| **POST DEPLOYMENT** </br>*- STEP #2* </br></br><img src="../../../commons/images/icon_orm.jpg" width="40">| </br> Optionally, you can **deploy a "dummy VM" as a firewall** and complete the **routing** with the following steps:</br></br> **a**. Deploy a dummy FW VM for the DMZ and Internal FWs following these steps [How to create a dummy FW VM](../../../commons/content/howto_create_dummy_fw_vm.md). <br> **b**. Identify the Private IP OCID of your firewalls following these steps [How to identify the Private IP OCID of a VM VNIC](../../../commons/content/howto_identify_private_ip_ocid_vm_vnic.md). </br> **c**. Update the POST network JSON configuration [oci_open_lz_hub_a_network_light_post.auto.tfvars.json](oci_open_lz_hub_a_network_light_post.auto.tfvars.json) and replace the *"DMZ FW PRIVATE IP OCID"* with the OCID of the Public DMZ Firewall Private IP OCID identified in the previous steps. You can use the find & replace of the IDE of your choice. </br> **d**. Update the network JSON configuration and replace the *"INT FW PRIVATE IP OCID"* with the OCID of the Private Internal Firewall Private IP OCID identified in the previous steps. </br> **e**. Edit the ORM stack and replace the original Network JSON configuration file with the new one [oci_open_lz_hub_a_network_light_post.auto.tfvars.json](oci_open_lz_hub_a_network_light_post.auto.tfvars.json). </br> **f**. Run Plan & Apply. </br> </br> ***NOTE**: To upgrade your light version to the complete one, remove the dummy FW VMs, deploy the firewalls by using the [Network Configuration](oci_open_lz_hub_a_network.auto.tfvars.json) of the complete version, and update the routing as described in step 2.*</br> | </br>This step focuses on **updating the routing** after the DMZ and Internal Firewalls have been provisioned:<br><br> **a**. Identify the Private IP OCID of your firewalls following these steps [How to identify the Private IP OCID of a OCI Network Firewall](../../../commons/content/howto_identify_private_ip_ocid_network_firewall.md). </br> **b**. Update the POST network JSON configuration [oci_open_lz_hub_a_network_post.auto.tfvars.json](oci_open_lz_hub_a_network_post.auto.tfvars.json) and replace the *"DMZ FW PRIVATE IP OCID"* with the OCID of the Public DMZ Firewall Private IP OCID identified in the previous steps. You can use the find & replace of the IDE of your choice. </br> **c**. Update the network JSON configuration and replace the *"INT FW PRIVATE IP OCID"* with the OCID of the Private Internal Firewall Private IP OCID identified in the previous steps. </br> **d**. Edit the ORM stack and replace the original Network JSON configuration file with the new one [oci_open_lz_hub_a_network_post.auto.tfvars.json](oci_open_lz_hub_a_network_post.auto.tfvars.json). </br> **e**. Run Plan & Apply. </br> </br> |