add object storage and change README

2025-05-27 16:21:02 +02:00 · 2025-05-27 16:21:02 +02:00 · 6a745086bd
commit 6a745086bd
parent a96de3678b
2 changed files with 133 additions and 0 deletions
--- a/07-object-storage.tf
+++ b/07-object-storage.tf
@ -0,0 +1,25 @@
+resource "stackit_objectstorage_bucket" "example" {
+  project_id = module.project.project_info["project2"].project_id
+  name       = "project-core-testbucket"
+}
+
+resource "stackit_objectstorage_credentials_group" "example" {
+  project_id = module.project.project_info["project2"].project_id
+  name       = "example-credentials-group"
+}
+
+resource "stackit_objectstorage_credential" "example" {
+  project_id           = module.project.project_info["project2"].project_id
+  credentials_group_id = stackit_objectstorage_credentials_group.example.credentials_group_id
+  expiration_timestamp = "2027-01-02T03:04:05Z"
+}
+
+// Output the credentials for the object storage
+output "credentials" {
+  value = {
+    "access_key"   = stackit_objectstorage_credential.example.access_key
+    "credential_id" = stackit_objectstorage_credential.example.credential_id
+    "secret_access_key" = stackit_objectstorage_credential.example.secret_access_key
+  }
+  sensitive = true
+}
--- a/README.md
+++ b/README.md
@ -0,0 +1,108 @@
+# 🌐 Infrastructure Deployment: Landing Zone, Core, and Commvault
+
+This repository contains Terraform code to deploy the following infrastructure projects:
+
+---
+
+## 📦 Projects Overview
+
+### 1. **Landing Zone**
+- Deploys a single **pfSense VM** as the central firewall/router.
+- Acts as the entry point for the environment.
+- Configures **WAN and multiple LAN networks**:
+  - `wan_network`: `10.220.0.0/24`
+  - `lan_network1`: `10.220.1.0/24`
+  - `lan_network2`: `10.220.2.0/24`
+  - `lan_network3`: `10.220.3.0/24` (non-routed)
+- Interfaces:
+  - WAN interface with static IP `10.220.0.254`
+  - LAN1–3 interfaces, each connected to corresponding networks
+
+### 2. **Core**
+- Deploys a single **Virtual Machine** (VM) for core services or testing purposes.
+- Network setup includes:
+  - `p2_lan_network`: `10.220.5.0/24` (routed)
+  - `p2_wan_network`: `10.220.6.0/24` (routed)
+- Interfaces:
+  - LAN interface with attached security group
+  - WAN interface without additional security
+
+### 3. **Commvault**
+- Deploys a managed **SKE (STACKIT Kubernetes Engine)** cluster.
+- Used for backup and disaster recovery scenarios via Commvault.
+
+### 4. **Object Store**
+- Creates an **Object Storage Bucket**.
+- Relevant **access credentials** are provisioned for use with Commvault or other services.
+
+---
+
+## 🚀 Getting Started
+
+### Prerequisites
+- Terraform ≥ 1.3
+- Valid STACKIT credentials
+- Access to STACKIT APIs (IaaS, Kubernetes, Object Storage)
+
+### Deployment Steps
+
+1. Clone this repository:
+   ```bash
+   git clone https://professional-service.git.onstackit.cloud/professional-service-best-practices/landingzone.git
+   cd <repo-name>
+   ```
+
+2. Initialize Terraform:
+   ```bash
+   terraform init
+   ```
+
+3. Review and adjust variables if needed:
+   ```bash
+   terraform.tfvars
+   ```
+
+4. Plan and apply the configuration:
+   ```bash
+   terraform apply
+   ```
+
+---
+
+## 🔐 Output
+
+The deployment will output:
+- VM IP addresses
+- Kubernetes cluster information (kubeconfig)
+- Object Storage credentials (access/secret key)
+
+> 🔒 Make sure to store credentials securely and **never commit them** to version control.
+
+---
+
+## 📝 Notes
+
+- This setup is optimized for a **test or POC environment**.
+- pfSense must be manually configured after deployment.
+- Kubernetes workloads (e.g. Commvault agents) are not included in this deployment but can be added later.
+- LVM striping (RAID0) can be used for temporary IOPS/performance improvement — but **requires attention to backups**.
+
+---
+
+## ⚠️ Limitations
+
+- The infrastructure is not auto-scaled or HA-enabled by default.
+- Commvault is assumed to be managed **externally** or installed manually.
+- No automated DNS or certificate management is configured.
+- `lan_network3` is non-routed and might require manual routing adjustments if used.
+
+---
+
+## 📬 Support
+
+For issues, please create a Ticket or contact professional-service@stackit.cloud
+
+---
+
+**Author**: Michael Sodan  
+**License**: MIT