terraform-ibm-modules · aatreyee257 · Aug 4, 2025 · Aug 5, 2025 · Aug 5, 2025 · Aug 5, 2025
@@ -21,19 +21,19 @@
         "solution",
         "registry"
       ],
-      "short_description": "Creates or uses an existing IBM Container Registry namespace, configures pull traffic and storage quotas, and supports upgrading the registry plan to Standard.",
-      "long_description": "This architecture creates or utilizes an existing IBM Container Registry namespace, provides the ability to configure pull traffic limits and storage quotas in megabytes, and allows for upgrading the registry plan to Standard. It ensures efficient management of container image access by regulating data pull volume from the registry and setting storage capacity limits for container images within each registry.",
+      "short_description": "Creates or uses an existing IBM Container Registry namespace, configures pull traffic and storage quotas, and supports upgrading the registry plan to Standard",
+      "long_description": "[IBM Cloud Container Registry](https://cloud.ibm.com/docs/Registry?topic=Registry-getting-started) creates or utilizes an existing IBM Container Registry namespace, provides the ability to configure pull traffic limits and storage quotas in megabytes, and allows for upgrading the registry plan to Standard. It ensures efficient management of container image access by regulating data pull volume from the registry and setting storage capacity limits for container images within each registry.<br/><br/>ℹ️ This Terraform-based automation is part of a broader suite of IBM-maintained Infrastructure as Code (IaC) assets, each following the naming pattern \"Cloud automation for *servicename*\" and focusing on single IBM Cloud service. These single-service deployable architectures can be used on their own to streamline and automate service deployments through an [IaC approach](https://cloud.ibm.com/docs/secure-enterprise?topic=secure-enterprise-understanding-projects), or assembled together into a broader [automated IaC stack](https://cloud.ibm.com/docs/secure-enterprise?topic=secure-enterprise-config-stack) to automate the deployment of an end-to-end solution architecture.",
       "offering_docs_url": "https://github.com/terraform-ibm-modules/terraform-ibm-container-registry/main/README.md",
       "offering_icon_url": "https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-container-registry/main/images/icr_icon.svg",
       "provider_name": "IBM",
-      "support_details": "This product is in the community registry, as such support is handled through the originated repo. If you experience issues please open an issue in the repository [https://github.com/terraform-ibm-modules/terraform-ibm-container-registry/issues](https://github.com/terraform-ibm-modules/terraform-ibm-container-registry/issues). Please note this product is not supported via the IBM Cloud Support Center.",
+      "support_details": "This product is in the community registry, as such support is handled through the [original repo](https://github.com/terraform-ibm-modules/terraform-ibm-container-registry). If you experience issues kindly open an issue in the repository [here](https://github.com/terraform-ibm-modules/terraform-ibm-container-registry/issues). Please note that this product is not currently supported through the IBM Cloud Support Center.",
       "features": [
         {
-          "title": "Creates or Uses Existing IBM Container Registry Namespace",
+          "title": "IBM Container Registry Namespace",
           "description": "Enables the creation of a new IBM Container Registry namespace or the use of an existing one, allowing users to define isolated environments for managing container images, with the ability to set a retention policy."
         },
         {
-          "title": "Configures Pull Traffic Limits",
+          "title": "Pull Traffic Limit Controls",
           "description": "Allows fine-grained configuration of pull traffic limits in megabytes, controlling the amount of data that can be pulled from the registry."
         },
         {
@@ -50,6 +50,7 @@
           "label": "Fully configurable",
           "name": "fully-configurable",
           "install_type": "fullstack",
+          "index": 1,
           "working_directory": "solutions/fully-configurable",
           "compliance": {
             "authority": "scc-v3",
@@ -65,21 +66,30 @@
               "role_crns": [
                 "crn:v1:bluemix:public:iam::::role:Administrator"
               ],
-              "service_name": "all-account-management-services"
+              "service_name": "All Account Management services",
+              "notes": "[Optional] Required to deploy Cloud automation for account configuration, which creates foundational IBM Cloud account resources, like IAM settings, trusted profiles, access groups, and resource groups."
             },
             {
               "role_crns": [
-                "crn:v1:bluemix:public:iam::::serviceRole:Manager",
                 "crn:v1:bluemix:public:iam::::role:Administrator"
               ],
-              "service_name": "container-registry"
+              "service_name": "All Identity and Access enabled services",
+              "notes": "[Optional] Required to deploy Cloud automation for account configuration, which creates foundational IBM Cloud account resources, like IAM settings, trusted profiles, access groups, and resource group with account settings."
+            },
+            {
+              "role_crns": [
+                "crn:v1:bluemix:public:iam::::serviceRole:Manager",
+                "crn:v1:bluemix:public:iam::::serviceRole:Writer"
+              ],
+              "service_name": "container-registry",
+              "notes": "Manager or Writer access is required to manage namespaces, repositories, and access policies in Container Registry."
             }
           ],
           "architecture": {
             "features": [
               {
-                "title": "Creates or uses an existing IBM Container Registry namespace, configures pull traffic and storage quotas, and supports upgrading the registry plan to Standard.",
-                "description": "This architecture creates or utilizes an existing IBM Container Registry namespace, provides the ability to configure pull traffic limits and storage quotas in megabytes, and allows for upgrading the registry plan to Standard. It ensures efficient management of container image access by regulating data pull volume from the registry and setting storage capacity limits for container images within each registry."
+                "title": " ",
+                "description": "Configured to use IBM secure by default standards, but can be edited to fit your use case."
               }
             ],
             "diagrams": [
@@ -152,15 +162,15 @@
               "hidden": "true",
               "options": [
                 {
-                  "displayname": "private",
+                  "displayname": "Private",
                   "value": "private"
                 },
                 {
-                  "displayname": "public",
+                  "displayname": "Public",
                   "value": "public"
                 },
                 {
-                  "displayname": "public-and-private",
+                  "displayname": "Public-and-Private",
                   "value": "public-and-private"
                 }
               ]

@@ -2,7 +2,7 @@
 
 You can use this submodule to upgrade the IBM [Container Registry](https://cloud.ibm.com/docs/Registry?topic=Registry-registry_overview#registry_plans) plan.
 
-The submodule can used without the root module upgrade the plan without creating any additional namespaces or retention polcies.
+The submodule can used without the root module upgrade the plan without creating any additional namespaces or retention policies.
 
 ### Usage
 ```

@@ -23,5 +23,5 @@ variable "container_registry_endpoint" {
 # us-south	us.icr.io private.us.icr.io
 # global	icr.io	private.icr.io
 
-# pattern match (possilby "private.") (possibly two letters, a number 2 and a period) "icr.io" with no prefix or suffix
+# pattern match (possibly "private.") (possibly two letters, a number 2 and a period) "icr.io" with no prefix or suffix
 # This avoids very specific checks and allows for new regions to be added without updating the module.
@@ -1,12 +1,3 @@
-# IBM Cloud Container Registry
-
-This architecture creates or utilizes an existing IBM Container Registry namespace, provides the ability to configure pull traffic limits and storage quotas in megabytes, and allows for upgrading the registry plan to Standard. It ensures efficient management of container image access by regulating data pull volume from the registry and setting storage capacity limits for container images within each registry.
-
-- A resource group, if existing is not passed in.
-- A Container Registry namespace.
-- Option to upgrade to `Standard` plan.
-- Option to set pull traffic and storage quotas.
-
-![IBM Container Registry](../../reference-architecture/deployable-architecture-icr.svg)
+# Cloud automation for Container Registry (Fully configurable)
 
 :exclamation: **Important:** This solution is not intended to be called by other modules because it contains a provider configuration and is not compatible with the `for_each`, `count`, and `depends_on` arguments. For more information, see [Providers Within Modules](https://developer.hashicorp.com/terraform/language/modules/develop/providers).
@@ -16,8 +16,7 @@ variable "existing_resource_group_name" {
 
 variable "prefix" {
   type        = string
-  nullable    = true
-  description = "The prefix to be added to all resources created by this solution. To skip using a prefix, set this value to null or an empty string. The prefix must begin with a lowercase letter and may contain only lowercase letters, digits, and hyphens '-'. It should not exceed 16 characters, must not end with a hyphen('-'), and can not contain consecutive hyphens ('--'). Example: prod-0205-cos. [Learn more](https://terraform-ibm-modules.github.io/documentation/#/prefix.md)."
+  description = "The prefix to be added to all resources created by this solution. To skip using a prefix, set this value to null or an empty string. The prefix must begin with a lowercase letter and may contain only lowercase letters, digits, and hyphens '-'. It should not exceed 16 characters, must not end with a hyphen('-'), and can not contain consecutive hyphens ('--'). Example: prod-0205-icr. [Learn more](https://terraform-ibm-modules.github.io/documentation/#/prefix.md)."
 
   validation {
     # - null and empty string is allowed
@@ -33,14 +32,14 @@ variable "prefix" {
     )
     error_message = "Prefix must begin with a lowercase letter and may contain only lowercase letters, digits, and hyphens '-'. It must not end with a hyphen('-'), and cannot contain consecutive hyphens ('--')."
   }
-
   validation {
     # must not exceed 16 characters in length
     condition     = var.prefix == null || var.prefix == "" ? true : length(var.prefix) <= 16
     error_message = "Prefix must not exceed 16 characters."
   }
 }
 
+
 variable "provider_visibility" {
   type        = string
   description = "Set the visibility value for the IBM terraform provider. Supported values are `public`, `private`, `public-and-private`. [Learn more](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/guides/custom-service-endpoints)"

@@ -3,7 +3,7 @@ variable "existing_namespace_name" {
   description = "The name of an existing namespace. Required if 'namespace_name' is not provided."
   default     = null
 
-  # exisiting_namespace_name can be NULL. If not NULL then atleast one namespace should match in existing_cr_namespaces list that matches existing_namespace_name
+  # existing_namespace_name can be NULL. If not NULL then at least one namespace should match in existing_cr_namespaces list that matches existing_namespace_name
   validation {
     condition     = var.existing_namespace_name == null || length([for namespace in data.ibm_cr_namespaces.existing_cr_namespaces.namespaces : namespace if namespace.name == var.existing_namespace_name]) > 0
     error_message = "Existing namespace not found in the region"