feat: added fix to logic that determines the "endpoint"<br>- updated chart and image versions to 7.2.16<br>- updated the default namespace to "ibm-brs-data-source-connector" (NOTE: If you are upgrading from a previous release, this will be a disruptive change. to prevent disruption, explicitly set the dsc_namespace input back to "data-source-connector") (#7)

Author: NItishSh

README.md

@@ -154,15 +154,15 @@ You need the following permissions to run this module:
 | <a name="input_connection_id"></a> [connection\_id](#input\_connection\_id) | Connection ID for the backup service | `string` | n/a | yes |
 | <a name="input_dsc_chart"></a> [dsc\_chart](#input\_dsc\_chart) | Name of the Data Source connector Helm chart. | `string` | `"cohesity-dsc-chart"` | no |
 | <a name="input_dsc_chart_location"></a> [dsc\_chart\_location](#input\_dsc\_chart\_location) | OCI registry location of the Data Source Connector Helm chart. | `string` | `"oci://icr.io/ext/brs"` | no |
-| <a name="input_dsc_chart_version"></a> [dsc\_chart\_version](#input\_dsc\_chart\_version) | Version of the Data Source Connector Helm chart to deploy. | `string` | `"7.2.15-release-20250721-6aa24701"` | no |
-| <a name="input_dsc_image_version"></a> [dsc\_image\_version](#input\_dsc\_image\_version) | Container image for the Data Source Connector. | `string` | `"icr.io/ext/brs/cohesity-data-source-connector_7.2.15-release-20250721:6aa24701@sha256:e23ce2167e62395f2b01d77cf63fee497c5fe786f03c06a62b00313e465ef837"` | no |
+| <a name="input_dsc_chart_version"></a> [dsc\_chart\_version](#input\_dsc\_chart\_version) | Version of the Data Source Connector Helm chart to deploy. | `string` | `"7.2.16-release-20251014-fbc7ff85"` | no |
+| <a name="input_dsc_image_version"></a> [dsc\_image\_version](#input\_dsc\_image\_version) | Container image for the Data Source Connector. | `string` | `"icr.io/ext/brs/cohesity-data-source-connector:7.2.16@sha256:2674c764ca46310aef3adb733d950f7786d9bf560bf72c22cff52370e77e29b5"` | no |
 | <a name="input_dsc_name"></a> [dsc\_name](#input\_dsc\_name) | Release name for the Data Source Connector Helm deployment. | `string` | `"dsc"` | no |
-| <a name="input_dsc_namespace"></a> [dsc\_namespace](#input\_dsc\_namespace) | The cluster namespace where the Data Source Connector will be installed. Will be created if it does not exist. | `string` | `"data-source-connector"` | no |
+| <a name="input_dsc_namespace"></a> [dsc\_namespace](#input\_dsc\_namespace) | The cluster namespace where the Data Source Connector will be installed. Will be created if it does not exist. | `string` | `"ibm-brs-data-source-connector"` | no |
 | <a name="input_dsc_registration_token"></a> [dsc\_registration\_token](#input\_dsc\_registration\_token) | Registration token generated in the Backup & Recovery Service UI when adding a cluster data source. | `string` | n/a | yes |
 | <a name="input_dsc_replicas"></a> [dsc\_replicas](#input\_dsc\_replicas) | Number of Data Source Connector podsto run.<br/>Recommended values:<br/>  • 3 – for high availability across multiple nodes/zones (strongly recommended in production)<br/>  • 1 – only for dev/test or single-node clusters | `number` | `1` | no |
 | <a name="input_kube_type"></a> [kube\_type](#input\_kube\_type) | Specify the type of target cluster for the backup and recovery. Accepted values are `openshift` or `kubernetes`. | `string` | `"openshift"` | no |
 | <a name="input_policy"></a> [policy](#input\_policy) | The backup schedule and retentions of a Protection Policy. | <pre>object({<br/>    name = string<br/>    schedule = object({<br/>      unit      = string # Minutes, Hours, Days, Weeks, Months, Years, Runs<br/>      frequency = number # required when unit is Minutes/Hours/Days<br/><br/>      # Optional extra layers (allowed even when unit = Minutes)<br/>      minute_schedule = optional(object({ frequency = number }))<br/>      hour_schedule   = optional(object({ frequency = number }))<br/>      day_schedule    = optional(object({ frequency = number }))<br/>      week_schedule   = optional(object({ day_of_week = list(string) }))<br/>      month_schedule = optional(object({<br/>        day_of_week   = optional(list(string))<br/>        week_of_month = optional(string) # First, Second, Third, Fourth, Last<br/>        day_of_month  = optional(number)<br/>      }))<br/>      year_schedule = optional(object({ day_of_year = string })) # First, Last<br/>    })<br/><br/>    retention = object({<br/>      duration = number<br/>      unit     = string # Days, Weeks, Months, Years<br/><br/>      data_lock_config = optional(object({<br/>        mode                           = string # Compliance, Administrative<br/>        unit                           = string # Days, Weeks, Months, Years<br/>        duration                       = number<br/>        enable_worm_on_external_target = optional(bool, false)<br/>      }))<br/>    })<br/><br/>    use_default_backup_target = optional(bool, true)<br/>  })</pre> | <pre>{<br/>  "name": "default-policy",<br/>  "retention": {<br/>    "duration": 4,<br/>    "unit": "Weeks"<br/>  },<br/>  "schedule": {<br/>    "frequency": 6,<br/>    "unit": "Hours"<br/>  },<br/>  "use_default_backup_target": true<br/>}</pre> | no |
-| <a name="input_registration_images"></a> [registration\_images](#input\_registration\_images) | The images required for backup and recovery registration. | <pre>object({<br/>    data_mover              = string<br/>    velero                  = string<br/>    velero_aws_plugin       = string<br/>    velero_openshift_plugin = string<br/>    init_container          = optional(string, null)<br/>  })</pre> | <pre>{<br/>  "data_mover": "icr.io/ext/brs/cohesity-datamover:7.2.15-p2@sha256:6d1c55ec9d3f4a08cab7595b3d70d489e53c8f5ca310c141da5068755a46a282",<br/>  "velero": "icr.io/ext/brs/velero:7.2.15-p2@sha256:1a5ee2393f0b1063ef095246d304c1ec4648c3af6a47261325ef039256a4a041",<br/>  "velero_aws_plugin": "icr.io/ext/brs/velero-plugin-for-aws:7.2.15-p2@sha256:dbcd35bcbf0d4c7deeae67b7dfd55c4fa51880b61307d71eeea3e9e84a370e13",<br/>  "velero_openshift_plugin": "icr.io/ext/brs/velero-plugin-for-openshift:7.2.15-p2@sha256:6b643edcb920ad379c9ef1e2cca112a2ad0a1d55987f9c27af4022f7e3b19552"<br/>}</pre> | no |
+| <a name="input_registration_images"></a> [registration\_images](#input\_registration\_images) | The images required for backup and recovery registration. | <pre>object({<br/>    data_mover              = string<br/>    velero                  = string<br/>    velero_aws_plugin       = string<br/>    velero_openshift_plugin = string<br/>    init_container          = optional(string, null)<br/>  })</pre> | <pre>{<br/>  "data_mover": "icr.io/ext/brs/cohesity-datamover:7.2.16@sha256:f7fa1cfbb74e469117d553c02deedf6f4a35b3a61647028a9424be346fc3eb09",<br/>  "velero": "icr.io/ext/brs/velero:7.2.16@sha256:1a5ee2393f0b1063ef095246d304c1ec4648c3af6a47261325ef039256a4a041",<br/>  "velero_aws_plugin": "icr.io/ext/brs/velero-plugin-for-aws:7.2.16@sha256:dbcd35bcbf0d4c7deeae67b7dfd55c4fa51880b61307d71eeea3e9e84a370e13",<br/>  "velero_openshift_plugin": "icr.io/ext/brs/velero-plugin-for-openshift:7.2.16@sha256:6b643edcb920ad379c9ef1e2cca112a2ad0a1d55987f9c27af4022f7e3b19552"<br/>}</pre> | no |
 | <a name="input_registration_name"></a> [registration\_name](#input\_registration\_name) | Name of the registration. | `string` | n/a | yes |
 | <a name="input_wait_till"></a> [wait\_till](#input\_wait\_till) | To avoid long wait times when you run your Terraform code, you can specify the stage when you want Terraform to mark the cluster resource creation as completed. Depending on what stage you choose, the cluster creation might not be fully completed and continues to run in the background. However, your Terraform code can continue to run without waiting for the cluster to be fully created. Supported args are `MasterNodeReady`, `OneWorkerNodeReady`, `IngressReady` and `Normal` | `string` | `"Normal"` | no |
 | <a name="input_wait_till_timeout"></a> [wait\_till\_timeout](#input\_wait\_till\_timeout) | Timeout for wait\_till in minutes. | `number` | `90` | no |

examples/kubernetes/main.tf

@@ -18,40 +18,44 @@ module "resource_group" {
 ########################################################################################################################
 
 resource "ibm_is_vpc" "vpc" {
+  count                     = var.cluster_name_id == null ? 1 : 0
   name                      = "${var.prefix}-vpc"
   resource_group            = module.resource_group.resource_group_id
   address_prefix_management = "auto"
   tags                      = var.resource_tags
 }
 
 resource "ibm_is_public_gateway" "gateway" {
+  count          = var.cluster_name_id == null ? 1 : 0
   name           = "${var.prefix}-gateway-1"
-  vpc            = ibm_is_vpc.vpc.id
+  vpc            = ibm_is_vpc.vpc[0].id
   resource_group = module.resource_group.resource_group_id
   zone           = "${var.region}-1"
 }
 
 resource "ibm_is_subnet" "subnet_zone_1" {
+  count                    = var.cluster_name_id == null ? 1 : 0
   name                     = "${var.prefix}-subnet-1"
-  vpc                      = ibm_is_vpc.vpc.id
+  vpc                      = ibm_is_vpc.vpc[0].id
   resource_group           = module.resource_group.resource_group_id
   zone                     = "${var.region}-1"
   total_ipv4_address_count = 256
-  public_gateway           = ibm_is_public_gateway.gateway.id
+  public_gateway           = ibm_is_public_gateway.gateway[0].id
 }
 
 ##############################################################################
 # Create a Kubernetes cluster with 3 worker nodes
 ##############################################################################
 
 resource "ibm_container_vpc_cluster" "cluster" {
+  count             = var.cluster_name_id == null ? 1 : 0
   name              = "${var.prefix}-cluster"
-  vpc_id            = ibm_is_vpc.vpc.id
+  vpc_id            = ibm_is_vpc.vpc[0].id
   flavor            = "bx2.4x16"
   resource_group_id = module.resource_group.resource_group_id
   worker_count      = 2
   zones {
-    subnet_id = ibm_is_subnet.subnet_zone_1.id
+    subnet_id = ibm_is_subnet.subnet_zone_1[0].id
     name      = "${var.region}-1"
   }
   wait_till = "IngressReady"
@@ -60,8 +64,13 @@ resource "ibm_container_vpc_cluster" "cluster" {
   disable_outbound_traffic_protection = true
 }
 
+data "ibm_container_vpc_cluster" "cluster" {
+  name              = var.cluster_name_id != null ? var.cluster_name_id : ibm_container_vpc_cluster.cluster[0].name
+  resource_group_id = module.resource_group.resource_group_id
+}
+
 data "ibm_container_cluster_config" "cluster_config" {
-  cluster_name_id   = ibm_container_vpc_cluster.cluster.id
+  cluster_name_id   = data.ibm_container_vpc_cluster.cluster.id
   resource_group_id = module.resource_group.resource_group_id
   admin             = true
 }
@@ -96,18 +105,20 @@ module "backup_recovery_instance" {
 
 
 module "backup_recover_protect_ocp" {
-  source                    = "../.."
-  cluster_id                = ibm_container_vpc_cluster.cluster.id
-  cluster_resource_group_id = module.resource_group.resource_group_id
-  dsc_registration_token    = module.backup_recovery_instance.registration_token
-  kube_type                 = "kubernetes"
-  connection_id             = module.backup_recovery_instance.connection_id
+  source                       = "../.."
+  cluster_id                   = data.ibm_container_vpc_cluster.cluster.id
+  cluster_resource_group_id    = module.resource_group.resource_group_id
+  cluster_config_endpoint_type = "private"
+  add_dsc_rules_to_cluster_sg  = false
+  dsc_registration_token       = module.backup_recovery_instance.registration_token
+  kube_type                    = "kubernetes"
+  connection_id                = module.backup_recovery_instance.connection_id
   # --- B&R Instance ---
   brs_instance_guid   = module.backup_recovery_instance.brs_instance_guid
   brs_instance_region = var.region
   brs_endpoint_type   = "public"
   brs_tenant_id       = module.backup_recovery_instance.tenant_id
-  registration_name   = ibm_container_vpc_cluster.cluster.name
+  registration_name   = data.ibm_container_vpc_cluster.cluster.name
   # --- Backup Policy ---
   policy = {
     name = "${var.prefix}-retention"

examples/kubernetes/variables.tf

@@ -33,3 +33,14 @@ variable "region" {
   description = "Region where resources are created."
   default     = "us-east"
 }
+
+variable "cluster_name_id" {
+  type        = string
+  description = <<EOT
+Name or ID of the existing Kubernetes cluster to protect.
+If left empty (null, which is the default), this example will automatically create a new VPC
+and provision a Kubernetes cluster for you.
+If you provide a value, the module will use that existing cluster instead of creating a new one.
+EOT
+  default     = null
+}

examples/openshift/main.tf

@@ -18,26 +18,29 @@ module "resource_group" {
 ########################################################################################################################
 
 resource "ibm_is_vpc" "vpc" {
+  count                     = var.cluster_name_id == null ? 1 : 0
   name                      = "${var.prefix}-vpc"
   resource_group            = module.resource_group.resource_group_id
   address_prefix_management = "auto"
   tags                      = var.resource_tags
 }
 
 resource "ibm_is_public_gateway" "gateway" {
+  count          = var.cluster_name_id == null ? 1 : 0
   name           = "${var.prefix}-gateway-1"
-  vpc            = ibm_is_vpc.vpc.id
+  vpc            = ibm_is_vpc.vpc[0].id
   resource_group = module.resource_group.resource_group_id
   zone           = "${var.region}-1"
 }
 
 resource "ibm_is_subnet" "subnet_zone_1" {
+  count                    = var.cluster_name_id == null ? 1 : 0
   name                     = "${var.prefix}-subnet-1"
-  vpc                      = ibm_is_vpc.vpc.id
+  vpc                      = ibm_is_vpc.vpc[0].id
   resource_group           = module.resource_group.resource_group_id
   zone                     = "${var.region}-1"
   total_ipv4_address_count = 256
-  public_gateway           = ibm_is_public_gateway.gateway.id
+  public_gateway           = ibm_is_public_gateway.gateway[0].id
 }
 
 ########################################################################################################################
@@ -48,9 +51,9 @@ locals {
   cluster_vpc_subnets = {
     default = [
       {
-        id         = ibm_is_subnet.subnet_zone_1.id
-        cidr_block = ibm_is_subnet.subnet_zone_1.ipv4_cidr_block
-        zone       = ibm_is_subnet.subnet_zone_1.zone
+        id         = ibm_is_subnet.subnet_zone_1[0].id
+        cidr_block = ibm_is_subnet.subnet_zone_1[0].ipv4_cidr_block
+        zone       = ibm_is_subnet.subnet_zone_1[0].zone
       }
     ]
   }
@@ -67,23 +70,30 @@ locals {
 }
 
 module "ocp_base" {
+  count                = var.cluster_name_id == null ? 1 : 0
   source               = "terraform-ibm-modules/base-ocp-vpc/ibm"
   version              = "3.71.3"
   resource_group_id    = module.resource_group.resource_group_id
   region               = var.region
   tags                 = var.resource_tags
   cluster_name         = "${var.prefix}-cluster"
   force_delete_storage = true
-  vpc_id               = ibm_is_vpc.vpc.id
+  vpc_id               = ibm_is_vpc.vpc[0].id
   vpc_subnets          = local.cluster_vpc_subnets
   ocp_version          = var.ocp_version
   worker_pools         = local.worker_pools
   access_tags          = var.access_tags
   ocp_entitlement      = var.ocp_entitlement
 }
 
+data "ibm_container_vpc_cluster" "cluster" {
+  count             = var.cluster_name_id == null ? 0 : 1
+  name              = var.cluster_name_id != null ? var.cluster_name_id : module.ocp_base[0].cluster_name
+  resource_group_id = module.resource_group.resource_group_id
+}
+
 data "ibm_container_cluster_config" "cluster_config" {
-  cluster_name_id   = module.ocp_base.cluster_id
+  cluster_name_id   = var.cluster_name_id == null ? module.ocp_base[0].cluster_id : data.ibm_container_vpc_cluster.cluster[0].name
   resource_group_id = module.resource_group.resource_group_id
   admin             = true
 }
@@ -118,18 +128,20 @@ module "backup_recovery_instance" {
 
 
 module "backup_recover_protect_ocp" {
-  source                    = "../.."
-  cluster_id                = module.ocp_base.cluster_id
-  cluster_resource_group_id = module.resource_group.resource_group_id
-  dsc_registration_token    = module.backup_recovery_instance.registration_token
-  kube_type                 = "openshift"
-  connection_id             = module.backup_recovery_instance.connection_id
+  source                       = "../.."
+  cluster_id                   = var.cluster_name_id == null ? module.ocp_base[0].cluster_id : data.ibm_container_vpc_cluster.cluster[0].id
+  cluster_resource_group_id    = module.resource_group.resource_group_id
+  cluster_config_endpoint_type = "private"
+  add_dsc_rules_to_cluster_sg  = false
+  dsc_registration_token       = module.backup_recovery_instance.registration_token
+  kube_type                    = "openshift"
+  connection_id                = module.backup_recovery_instance.connection_id
   # --- B&R Instance ---
   brs_instance_guid   = module.backup_recovery_instance.brs_instance_guid
   brs_instance_region = var.region
   brs_endpoint_type   = "public"
   brs_tenant_id       = module.backup_recovery_instance.tenant_id
-  registration_name   = module.ocp_base.cluster_name
+  registration_name   = var.cluster_name_id == null ? module.ocp_base[0].cluster_name : data.ibm_container_vpc_cluster.cluster[0].name
   # --- Backup Policy ---
   policy = {
     name = "${var.prefix}-retention"

examples/openshift/variables.tf

@@ -51,3 +51,14 @@ variable "ocp_entitlement" {
   description = "Value that is applied to the entitlements for OCP cluster provisioning"
   default     = null
 }
+
+variable "cluster_name_id" {
+  type        = string
+  description = <<EOT
+Name or ID of the existing OpenShift cluster to protect.
+If left empty (null, which is the default), this example will automatically create a new VPC
+and provision a OpenShift cluster for you.
+If you provide a value, the module will use that existing cluster instead of creating a new one.
+EOT
+  default     = null
+}

main.tf

@@ -128,7 +128,7 @@ resource "ibm_backup_recovery_source_registration" "source_registration" {
   connection_id   = var.connection_id
   name            = var.registration_name
   kubernetes_params {
-    endpoint                               = var.cluster_config_endpoint_type == "private" || data.ibm_container_vpc_cluster.cluster.private_service_endpoint ? data.ibm_container_vpc_cluster.cluster.private_service_endpoint_url : data.ibm_container_vpc_cluster.cluster.public_service_endpoint_url
+    endpoint                               = var.cluster_config_endpoint_type == "private" && data.ibm_container_vpc_cluster.cluster.private_service_endpoint ? data.ibm_container_vpc_cluster.cluster.private_service_endpoint_url : data.ibm_container_vpc_cluster.cluster.public_service_endpoint_url
     kubernetes_distribution                = var.kube_type == "openshift" ? "kROKS" : "kIKS"
     data_mover_image_location              = var.registration_images.data_mover
     velero_image_location                  = var.registration_images.velero