Release notes for the landing zone deployable architecture
Use these release notes to learn about the latest updates to the landing zone deployable architectures: VPC landing zone, VSI on VPC landing zone, and Red Hat OpenShift Container Platform on VPC landing zone. The entries are grouped by date.
January 2025
31 January 2025
- Version 6.8.1 of the landing zone deployable architectures is available
-
All landing zone deployable architectures are released at version 6.8.1 in the IBM Cloud catalog.
- This version is specifically designed for consumers who are still running on a 5.x.x version of the VSI on VPC landing zone or Red Hat OpenShift Container Platform on VPC landing zone deployable architectures and wish to upgrade to v6.x.x. When upgrading to 6.8.1, migration automation will be run automatically in IBM Cloud® projects that will prevent resources from being re-created. See Troubleshooting issues when upgrading to version 6.8.1 for further information.
The VSI on VPC landing zone deployable architecture will now provision instances with the next gen virtual network interface capabilities. There is no supported upgrade path to migrate existing virtual server instances on the legacy instance network interface to the new next gen virtual network interface, meaning if you are updating from a version 5.x.x version of the deployable architecture, you will see several resources identified for a destroy and re-create. If you want to remain on the legacy instance network interface, you can set the
use_legacy_network_interface
input to true before upgrading, and there should be no disruption to any of the resources you may already have deployed.- Support for Red Hat OpenShift version 4.17 has been added. Support for 4.12 and 4.13 have been removed. Versions 4.14, 4.15 and 4.16 are also supported. Version 4.16 is still the default.
16 January 2025
- Version 6.7.0 of the landing zone deployable architectures is available
-
All landing zone deployable architectures are released at version 6.7.0 in the IBM Cloud catalog.
- VSI on VPC landing zone:
- The default virtual server image is updated to
ibm-ubuntu-24-04-6-minimal-amd64-2
. To avoid downtime and losing data, the image is not changed when you update to version 6.7.0. Update the image outside of the Terraform code. - Support added for specifing optional user data that automatically performs common configuration tasks or runs scripts on the provisioned VSIs. For more information about how to use this feature, see Adding user data to your VSI on VPC landing zone deployable architecture.
- The default virtual server image is updated to
- Fixed a bug that was introduced in version 6.6.0 where an Invalid index error was thrown for advanced users who have set
override = true
or passing a value foroverride_json_string
. - The IBM terraform provider has been updated to version 1.74.0.
- VSI on VPC landing zone:
December 2024
12 December 2024
- Version 6.6.0 of the landing zone deployable architectures is available
-
All landing zone deployable architectures are released at version 6.6.0 in the IBM Cloud catalog.
-
The VSI on VPC landing zone deployable architecture will now provision instances with the next gen virtual network interface capabilities.
There is no supported upgrade path to migrate existing virtual server instances on the legacy instance network interface to the new next gen virtual network interface, meaning if you are updating from a previous version of the deployable architecture, you will see several resources identified for a destroy and re-create. If you want to remain on the legacy instance network interface, you can set the
use_legacy_network_interface
input to true before upgrading, and there should be no disruption to any of the resources you may already have deployed. -
A fix was added to the "Existing VPC" variation of the VSI on VPC landing zone deployable architecture that ensures virtual server instances are only deployed in the correct subnets. Previously instances were created in every subnet, including ones that were not designed for virtual server instances. If upgrading from a previous version, the plan will identify for those virtual server instances to be destroyed.
-
The initial version of Red Hat OpenShift is now set to 4.16. Versions 4.12, 4.13, and 4.14 are also supported. To avoid downtime and losing data, the cluster version is not changed when you update your deployable architecture. Update the cluster outside of the Terraform code.
-
The IBM terraform provider has been updated to version 1.71.3.
-
October 2024
24 October 2024
- Version 6.2.1 of the landing zone deployable architectures is available
-
All landing zone deployable architectures are released at version 6.2.1 in the IBM Cloud catalog.
- Controls in the IBM Cloud Security and Compliance Center Framework for Financial Services profile version 1.7.0 that pass validation are now displayed.
- The IBM Terraform provider version is now locked to 1.70.1.
- VSI on VPC landing zone:
- The default virtual server image is updated to
ibm-ubuntu-24-04-6-minimal-amd64-1
. To avoid downtime and losing data, the image is not changed when you update to version 6.2.1. Update the image outside of the Terraform code.
- The default virtual server image is updated to
- Red Hat OpenShift Container Platform on VPC landing zone:
- Support for Red Hat OpenShift version 4.16 has been added. Versions 4.12, 4.13, 4.14 and 4.15 are also supported. Version 4.15 is still the default.
- The
operating_system
input is now a required input. Valid values areREDHAT_8_64
orRHCOS
. By default, the input is set toREDHAT_8_64
. If you are using theoverride_json_string
input, this will need to be updated to include a value foroperating_system
if there is not currently one set. Ensure to also include it for any worker pools being added too. For example:
"clusters": [ { "cos_name": "cos", "entitlement": "cloud_pak", "kube_type": "openshift", "kube_version": "default", "machine_type": "bx2.16x64", "name": "management-cluster", "resource_group": "slz-management-rg", "disable_outbound_traffic_protection": false, "cluster_force_delete_storage": false, "operating_system": "REDHAT_8_64", "kms_wait_for_apply": true, "kms_config": { "crk_name": "slz-roks-key", "private_endpoint": true }, "subnet_names": [ "vsi-zone-1", "vsi-zone-2", "vsi-zone-3" ], "vpc_name": "management", "worker_pools": [ { "entitlement": "cloud_pak", "flavor": "bx2.16x64", "name": "logging-worker-pool", "subnet_names": [ "vsi-zone-1", "vsi-zone-2", "vsi-zone-3" ], "vpc_name": "management", "operating_system": "REDHAT_8_64", "workers_per_subnet": 2 } ], "workers_per_subnet": 2 } ]
September 2024
26 September 2024
- Version 6.0.1 of the landing zone deployable architectures is available
-
All landing zone deployable architectures are released at version 6.0.1 in the IBM Cloud catalog.
- Red Hat OpenShift Container Platform on VPC landing zone:
- A fix was added to address an issue where secondary storage was not being provisioned.
- A fix was added to address and issue where the
workload_cluster_name
andmanagement_cluster_name
outputs were missing.
- Red Hat OpenShift Container Platform on VPC landing zone:
20 September 2024
- Version 6.0.0 of the landing zone deployable architectures is available
-
All landing zone deployable architectures are released at version 6.0.0 in the IBM Cloud catalog.
-
BREAKING CHANGE: VSI on VPC landing zone and Red Hat OpenShift Container Platform on VPC landing zone:
- When you upgrade to version 6.0.0, you might see some of your infrastructure marked for deletion and re-creation. To prevent this from occurring, you should upgrade to version 6.8.0 directly before upgrading to any later version as this version has some migration logic in them that will prevent the re-creation of resources.
- VPC landing zone deployable architecture is not affected.
-
Support added to pass an existing Context-based restriction (CBR) zone ID to allow all Virtual Private Clouds created to be added to the zone.
-
The IBM Terraform provider version is now locked to 1.69.2.
-
The Hashicorp external Terraform provider version is now locked to 2.3.4.
-
The VSI on VPC landing zone:
- The
landing-zone-vsi
submodule is updated from 3.3.0 to 4.2.0. In this version, the naming convention for Virtual Server Instances has changed to beprefix- + the last 4 digits of the subnet ID + a sequential number for each subnet
. For example,prefix-3ad7-001
.
- The
-
Red Hat OpenShift Container Platform on VPC landing zone:
- Refactored the logic to use the base-ocp-vpc module to create Red Hat OpenShift Container Platform clusters.
- This module has some extra functionality which requires the runtime to have access to IBM Cloud private endpoints.
- Support added to allow you to specify a Virtual Private Cloud (VPC) that you do not wish to create a cluster in. By default a cluster will be created in all of the VPCs specified in the
vpcs
input. Use new inputignore_vpcs_for_cluster_deployment
to pass a list of VPCs to ignore.
-
10 September 2024
- Version 5.31.2 of the landing zone deployable architectures is available
-
All landing zone deployable architectures are released at version 5.31.2 in the IBM Cloud catalog.
- The default virtual server image is updated to
ibm-ubuntu-24-04-minimal-amd64-4
. To avoid downtime and losing data, the image is not changed when you update to version 5.31.2. Update the image outside of the Terraform code. - The IBM Terraform provider version is now locked to 1.69.0.
- Red Hat OpenShift Container Platform on VPC landing zone:
- The following output variables are now included for both the standard and QuickStart variations:
workload_cluster_ingress_hostname
management_cluster_ingress_hostname
workload_cluster_private_service_endpoint_url
management_cluster_private_service_endpoint_url
workload_cluster_public_service_endpoint_url
management_cluster_public_service_endpoint_url
workload_cluster_console_url
management_cluster_console_url
- The following output variables are now included with the standard variation:
workload_cluster_name
andmanagement_cluster_name
.
- The following output variables are now included for both the standard and QuickStart variations:
- The default virtual server image is updated to
August 2024
15 August 2024
- Version 5.29.0 of the landing zone deployable architectures is available
-
All landing zone deployable architectures are released at version 5.29.0 in the IBM Cloud catalog.
- The
landing-zone-vpc
submodule is updated from 7.18.3 to 7.19.0. - A fix is included to make sure that
resource_group_names
andresource_group_data
outputs include the value of theprefix
input variable. - Red Hat OpenShift Container Platform on VPC landing zone:
- A new
operating_system
input variable is added to specify the Red Hat OpenShift version of the cluster workers. The current version is the default. For more information, see Available Red Hat OpenShift versions. - The following optional input variables are now available to use existing resources for IBM Cloud Object Storage and IBM Key Protect or Hyper Protect Crypto Services:
existing_kms_instance_name
existing_kms_resource_group
existing_kms_endpoint_type
existing_cos_instance_name
existing_cos_resource_group
existing_cos_endpoint_type
use_existing_cos_for_vpc_flowlogs
use_existing_cos_for_atracker
- A new
- The
July 2024
15 July 2024
- Version 5.25.1 of the landing zone deployable architectures is available
-
All landing zone deployable architectures are released at version 5.25.1 in the IBM Cloud catalog.
- The
landing-zone-vpc
submodule is updated from 7.18.2 to 7.18.3. - The default virtual server image is updated to
ibm-ubuntu-24-04-minimal-amd64-2
. To avoid downtime and losing data, the image is not changed when you update to version 5.24.5. Update the image outside of the Terraform code. - Red Hat OpenShift Container Platform on VPC landing zone:
- A new
kms_wait_for_apply
input variable is added. The variable forces the code to wait until the key management service is applied to the cluster master, is ready, and deployed. The default value istrue
. - Added a fix to prevent an error with the new
ibm-storage-operator
add-on, which is installed by default on Red Hat OpenShift version 4.15.
- A new
- The
June 2024
12 June 2024
- Version 5.24.5 of the landing zone deployable architectures is available
-
All landing zone deployable architectures are released at version 5.24.5 in the IBM Cloud catalog.
- A graphical tool now exists to help you create the
override_json_string
optional input variable and customize your deployable architectures. Use the landing zone configuration tool to customize aspects of your landing zone deployable architecture, including resource groups, Object Storage, key management, networking, private endpoints, and VPN gateways. - The default virtual server image is updated to
ibm-ubuntu-24-04-minimal-amd64-1
. To avoid downtime and losing data, the image is not changed when you update to version 5.24.5. Update the image outside of the Terraform code. - The IBM Terraform provider version is now locked to 1.66.0.
- The
landing-zone-vpc
submodule is updated from 7.18.0 to 7.18.2. For more information about changes in the submodule, see VSI on VPC release v7.18.2 in GitHub. - The VSI on VPC landing zone:
- The
landing-zone-vsi
submodule is updated from 3.2.4 to 3.3.0. For more information about changes in the submodule, see VSI on VPC release v3.3.0 in GitHub.
- The
- The Red Hat OpenShift Container Platform on VPC landing zone:
- The initial version of Red Hat OpenShift is now set to 4.15. Versions 4.12, 4.13, and 4.14 are also supported. To avoid downtime and losing data, the cluster version is not changed when you update your deployable architecture. Update the cluster outside of the Terraform code.
- A new
cluster_force_delete_storage
input variable is added. The variable specifies whether to force the deletion of persistent storage when the associated VPC cluster is deleted so that the cluster can't be recovered. The default value isfalse
in the Standard variation andtrue
in the QuickStart variation.
- A graphical tool now exists to help you create the
May 2024
1 May 2024
- Version 5.21.0 of the landing zone deployable architectures is available
-
All landing zone deployable architectures are released at version 5.21.0 in the IBM Cloud catalog.
- Controls in the IBM Cloud Security and Compliance Center Framework for Financial Services profile version 1.6.0 that pass validation are now displayed.
- The
landing-zone-vsi
submodule is updated from 3.2.3 to 3.2.4. For more information about changes in the submodule, see VSI on VPC release v3.2.4 in GitHub. - The default virtual server image is updated to
ibm-ubuntu-22-04-4-minimal-amd64-1
. To avoid downtime and losing data, the image is not changed when you update to version 5.21.0. Update the image outside of the Terraform code. - The QuickStart variation of the Red Hat OpenShift Container Platform on VPC landing zone:
- A new
entitlement
input variable is added. The variable defaults to no entitlement and is applied only when the cluster is created. - The variation now includes more outputs. For more information, see the landing zone release v5.21.0 in GitHub.
- A new
March 2024
22 March 2024
- Version 5.20.0 of the landing zone deployable architectures is available
-
Version 5.20.0 of the landing zone deployable architecture is available in the IBM Cloud catalog.
- The IBM Terraform provider version is now locked to 1.63.0.
- The external provider version is now set to 2.3.3.
- The Red Hat OpenShift Container Platform on VPC landing zone:
- This version includes a new QuickStart variation. For more information, see the reference architecture.
- New variables
cluster_addons
andmanage_all_cluster_addons
are added to support the configuration of cluster add-ons.
1 March 2024
- Version 5.17.2 of the landing zone deployable architectures is available
-
Version 5.17.2 of the landing zone deployable architecture is available in the IBM Cloud catalog.
- The deployable architecture is updated to allow all versions of Terraform 1.6. Versions 1.3.0 - 1.6.x are allowed. The
landing-zone-vpc
andlanding-zone-vsi
submodules are also updated to support these versions. - The IBM Terraform provider version is now locked to 1.62.0.
- The deployable architecture is updated to allow all versions of Terraform 1.6. Versions 1.3.0 - 1.6.x are allowed. The
February 2024
6 February 2024
- Version 5.14.0 of the landing zone deployable architectures is available
-
Version 5.14.0 of the landing zone deployable architecture is available in the IBM Cloud catalog.
-
The
time_sleep.wait_for_authorization_policy
resource is destroyed when you upgrade to this version. This behavior is expected and does not affect your provisioned infrastructure. -
The initial version of Red Hat OpenShift is now set to 4.14. Versions 4.12 and 4.13 are also supported. To avoid downtime and losing data, the cluster version is not changed when you update your deployable architecture. Update the cluster outside of the Terraform code.
-
A new
skip_all_s2s_auth_policies
variable is available to manage authorization policies outside of your deployable architecture. To keep names consistent, theadd_kms_block_storage_s2s
variable is renamed toskip_kms_block_storage_s2s_auth_policy
. -
The version now exposes the
secondary_storage
variable for the Kubernetes service from the IBM Terraform Provider. Use the variable to provision a secondary disk to your worker nodes. -
A service-to-service authorization policy between Kubernetes and your KMS is now created when you provision a cluster. This change fixes an issue that the policy was not created by default.
-
A
service_endpoint
input variable supports whether access to Key Protect is through a public or private-only endpoint. The default value ispublic-and-private.
-
Removed in this version:
- Version 4.11 of Red Hat OpenShift is no longer supported.
- The
update_all_workers
input variable is removed. The variable was meant to update the Kubernetes version of all workers, but the deployable architecture ignores the version.
-
You can now set an expiration rule for IBM Cloud Object Storage buckets in an override. If you deploy with projects or IBM Cloud Schematics, edit the
override_json_string
optional variable. For example, the following example adds a 30-day expiration in theexpire_rule
property:"cos": [ { "buckets": [ { "endpoint_type": "public", "force_delete": true, "kms_key": "slz-atracker-key", "name": "atracker-bucket", "storage_class": "standard", "region_location": "us-south", "hard_quota": 0, "expire_rule": { "rule_id": "a-bucket-expire-rule", "enable": true, "days": 30, "prefix": "logs/" } } ] } ]
-
December 2023
15 December 2023
- Version 5.3.1 of the landing zone deployable architectures available
-
Version 5.3.1 of the landing zone deployable architectures is available in the IBM Cloud catalog.
-
The version includes a new extension variation that is called VSI on existing VPC landing zone. It adds a VSI in an existing VPC.
With this variation, you extend either the VPC landing zone or the Red Hat OpenShift Container Platform on VPC landing zone. For more information, see Adding a VSI to your VPC landing zone deployable architecture.
-
The IBM Terraform provider version is now locked to 1.60.0. This provider version fixes the known issue that the provider plug-in did not respond. For more information, see issue 4898.
-
The default virtual server image is updated to
ibm-ubuntu-22-04-3-minimal-amd64-2
. To avoid downtime and losing data, the image is not changed when you update to version 5.3.1. Update the image outside of the Terraform code. -
This version of the Red Hat OpenShift Container Platform on VPC landing zone fixes the issue where the value of the
wait_till
input variable is not used.
-
04 December 2023
- Version 5.1.0 of the landing zone deployable architectures available
-
Version 5.1.0 of the landing zone deployable architectures is available in the IBM Cloud catalog.
-
Backward-incompatible change for VSIs with floating IPs.
- If your landing zone deployable architecture provisions a VSI, and you enabled a floating IP address for it, the IP addresses are deleted and re-created when you apply the changes in this version.
- If you deployed with the default settings, only the QuickStart variation of the VSI on VPC landing zone deployable architecture is affected because it provisions a floating IP address for use as a jump box. However, any deployable architecture in which you provisioned floating IP addresses are affected.
- The removal happens because the IP addresses were created in the wrong resource group (the default group). The IP addresses are re-created in the same resource group as the VSI.
Plan for the change to make sure that anything using the IP addresses is not disrupted.
-
Other changes
- Added support for for Madrid (
eu-es
) region. - Added support for configuring the idle connection timeout value for any VSI load balancers that are provisioned.
- Removed support for VPN gateway connections. Current connections, if manually made, are not removed when you update to this version. However, if the connections were created in an override, they will be removed when you update to this version.
- Added support for for Madrid (
-
November 2023
02 November 2023
- Version 4.13.3 of the landing zone deployable architectures available
-
Version 4.13.3 of the landing zone deployable architectures is available in the IBM Cloud catalog.
-
The IBM Terraform provider version is now locked to 1.59.0.
-
The
landing-zone-vsi
submodule is updated from 2.6.0 to 2.12.1. For more information about changes in the submodule, see issue 577 in GitHub. -
The VSI on VPC landing zone and the Red Hat OpenShift Container Platform on VPC landing zone deployable architectures now include a
vpc_resource_list
output. -
The Red Hat OpenShift Container Platform on VPC landing zone deployable architecture now includes a
cluster_data
output with information about the created clusters, including IDs and names of the clusters. -
The initial version of the OpenShift cluster is now set to 4.13 by default. Versions 4.11 and 4.12 are also supported. To avoid downtime and losing data, the cluster version is not changed when you update your deployable architecture. Update the cluster outside of the Terraform code.
Version 4.10 of Red Hat OpenShift is no longer supported.
-
October 2023
03 October 2023
- Version 4.12.3 of the landing zone deployable architectures available
-
Version 4.12.3 of the landing zone deployable architectures is available in the IBM Cloud catalog.
-
For the
existing_ssh_key_name
variable, you can now select from a list of all keys in the account when you deploy with projects or IBM Cloud Schematics. -
Deployable architectures now use the IBM Cloud Terraform provider resource
clean_default_sg_acl
to clean the default ACL and security group rules. The new resource replaces thenull_resource.clean_default_security_group[0]
andnull_resource.clean_default_acl[0]
resources. When you upgrade from v4.4.7, the null resources are destroyed. This behavior is expected and does not affect your provisioned infrastructure. -
You can now attach existing access tags to resources that are provisioned by the deployable architecture in an override. If you deploy with projects or IBM Cloud Schematics, edit the
override_json_string
optional variable as in the following example that adds a tag to the key management resources:{ "key_management": { "access_tags": ["tag-group:tag-name"] } }
-
For deployable architectures with a transit gateway enabled, a new
transit_gateway_global
variable supports connecting to networks outside the associated region. -
Key management changes:
- You can now use key management keys that you create outside the deployable architecture or from different accounts by specifying the key CRN in the
existing_key_crn
field in an override. If you deploy with projects, edit theoverride_json_string
optional variable. For more information, see https://github.com/terraform-ibm-modules/terraform-ibm-landing-zone/releases/tag/v4.9.0. - The following outputs are now included with key management resources:
key_management_name
,key_management_crn
,key_management_guid
,key_rings
, andkey_map
.
- You can now use key management keys that you create outside the deployable architecture or from different accounts by specifying the key CRN in the
-
Added placement group details to the outputs. A placement group provides flexibility with performance and high availability for HPC Cluster solutions.
-
Changes related to VSI on VPC landing zone:
- The default virtual server image is updated to
ibm-ubuntu-22-04-3-minimal-amd64-1
. To avoid downtime and losing data, the image is not changed when you update to version 4.12.3. Update the image outside of the Terraform code. - You can't upgrade the QuickStart variation from v4.4.7 because of an issue with the provider configuration. Create another instance of the VSI on VPC landing zone QuickStart variation.
- The default virtual server image is updated to
-
Changes related to Red Hat OpenShift Container Platform on VPC landing zone:
- Added OpenShift Container Platform boot volume KMS encryption support. The boot volume is enabled for new clusters, but is not enabled when you upgrade because encryption can happen only during the initial provisioning.
-
July 2023
31 July 2023
- Version 4.4.7 of the landing zone deployable architectures available
-
Version 4.4.7 of the landing zone deployable architecture is available in the IBM Cloud catalog.
- For Red Hat OpenShift Container Platform on VPC landing zone:
- Changes to the version of the OpenShift cluster are now ignored. Make sure that you update your cluster version outside of the Terraform in the deployable architecture to prevent destructive changes to your infrastructure.
- The initial version of the OpenShift cluster is now set to version 4.12 by default. Versions 4.11 and 4.10 are also supported.
- For Red Hat OpenShift Container Platform on VPC landing zone:
06 July 2023
- Version 4.4.1 of the landing zone deployable architectures available
-
Version 4.4.1 of the landing zone deployable architectures is available in the IBM Cloud catalog.
- IBM Cloud Hyper Protect Crypto Services is now supported by the deployable architectures. Hyper Protect Crypto Services supports keep your own key (KYOK) features. The default encryption remains Key Protect. For more information, see the planning information.
- The IBM provider version is updated to 1.54.0, which fixes a known issue with failures when creating an authorization policy.
- For the VSI on VPC landing zone, the default virtual server image is updated to
ibm-ubuntu-22-04-2-minimal-amd64-1
fromibm-ubuntu-22-04-1-minimal-amd64-4
, which is deprecated. To avoid downtime and losing data, the image is not changed when you update to version 4.4.1.
A known issue exists with validation when you deploy by using projects.
June 2023
01 June 2023
- Version 4.0.0 of the landing zone deployable architectures available
-
Version 4.0.0 of the landing zone deployable architectures is available in the IBM Cloud catalog.
By default, the default VPC security group and ACLs are removed. Because the landing zone deployable architectures create security groups, the VPC defaults are not needed and might be more permissive than required.
To prevent the default group and rules from being removed, specify your VPC configuration by using an override block. Add the
clean_default_security_group
andclean_default_acl
properties set tofalse
to the block. For example, if you deploy with projects, edit theoverride_json_string
optional variable as in the following example:"vpcs": [ { "prefix": "management", "clean_default_security_group": false, "clean_default_acl": false, . . . # the rest of your VPC configuration }]
For more information about implementing the Terraform logic, see the release notes on GitHub.
May 2023
18 May 2023
- Version 3.8.3 of the landing zone deployable architectures available
- Version 3.8.3 of the landing zone deployable architectures is available in the IBM Cloud catalog. This version fixes the issue that prevented deletion of the SSH key in the VSI on VPC landing zone. For other changes in the release, see the release notes on GitHub.
04 May 2023
- Version 3.6.4 of the landing zone deployable architectures available
- Version 3.6.4 of the landing zone deployable architectures is available in the IBM Cloud catalog. This version includes updates to several variable descriptions and support for IBM Cloud Security and Compliance Center v2 rules.
17 April 2023
- Introducing the landing zone deployable architectures
- Three VPC landing zone deployable architectures are released: VPC landing zone, VSI on VPC landing zone, and Red Hat OpenShift Container Platform on VPC landing zone. You can use the deployable architectures to create a secure and customizable Virtual Private Cloud (VPC) environment. These deployable architecturesCloud automation for deploying a common architectural pattern that combines one or more cloud resources that is designed for easy deployment, scalability, and modularity. are based on the IBM Cloud for Financial Services reference architecture. For more information about using deployable architectures with projects, see the blog posts Projects and Cost Estimation: How IBM Cloud is Revolutionizing Complex Workloads for Enterprises and Turn Your Terraform Templates into Deployable Architectures.