From 6a745086bdac18f3eed28eddd29a288a1933c9d2 Mon Sep 17 00:00:00 2001 From: Michael Sodan Date: Tue, 27 May 2025 16:21:02 +0200 Subject: [PATCH] add object storage and change README --- 07-object-storage.tf | 25 ++++++++++ README.md | 108 +++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 133 insertions(+) create mode 100644 07-object-storage.tf diff --git a/07-object-storage.tf b/07-object-storage.tf new file mode 100644 index 0000000..0b0c1ff --- /dev/null +++ b/07-object-storage.tf @@ -0,0 +1,25 @@ +resource "stackit_objectstorage_bucket" "example" { + project_id = module.project.project_info["project2"].project_id + name = "project-core-testbucket" +} + +resource "stackit_objectstorage_credentials_group" "example" { + project_id = module.project.project_info["project2"].project_id + name = "example-credentials-group" +} + +resource "stackit_objectstorage_credential" "example" { + project_id = module.project.project_info["project2"].project_id + credentials_group_id = stackit_objectstorage_credentials_group.example.credentials_group_id + expiration_timestamp = "2027-01-02T03:04:05Z" +} + +// Output the credentials for the object storage +output "credentials" { + value = { + "access_key" = stackit_objectstorage_credential.example.access_key + "credential_id" = stackit_objectstorage_credential.example.credential_id + "secret_access_key" = stackit_objectstorage_credential.example.secret_access_key + } + sensitive = true +} diff --git a/README.md b/README.md index e69de29..a8608b1 100644 --- a/README.md +++ b/README.md @@ -0,0 +1,108 @@ +# 🌐 Infrastructure Deployment: Landing Zone, Core, and Commvault + +This repository contains Terraform code to deploy the following infrastructure projects: + +--- + +## 📦 Projects Overview + +### 1. **Landing Zone** +- Deploys a single **pfSense VM** as the central firewall/router. +- Acts as the entry point for the environment. +- Configures **WAN and multiple LAN networks**: + - `wan_network`: `10.220.0.0/24` + - `lan_network1`: `10.220.1.0/24` + - `lan_network2`: `10.220.2.0/24` + - `lan_network3`: `10.220.3.0/24` (non-routed) +- Interfaces: + - WAN interface with static IP `10.220.0.254` + - LAN1–3 interfaces, each connected to corresponding networks + +### 2. **Core** +- Deploys a single **Virtual Machine** (VM) for core services or testing purposes. +- Network setup includes: + - `p2_lan_network`: `10.220.5.0/24` (routed) + - `p2_wan_network`: `10.220.6.0/24` (routed) +- Interfaces: + - LAN interface with attached security group + - WAN interface without additional security + +### 3. **Commvault** +- Deploys a managed **SKE (STACKIT Kubernetes Engine)** cluster. +- Used for backup and disaster recovery scenarios via Commvault. + +### 4. **Object Store** +- Creates an **Object Storage Bucket**. +- Relevant **access credentials** are provisioned for use with Commvault or other services. + +--- + +## 🚀 Getting Started + +### Prerequisites +- Terraform ≥ 1.3 +- Valid STACKIT credentials +- Access to STACKIT APIs (IaaS, Kubernetes, Object Storage) + +### Deployment Steps + +1. Clone this repository: + ```bash + git clone https://professional-service.git.onstackit.cloud/professional-service-best-practices/landingzone.git + cd + ``` + +2. Initialize Terraform: + ```bash + terraform init + ``` + +3. Review and adjust variables if needed: + ```bash + terraform.tfvars + ``` + +4. Plan and apply the configuration: + ```bash + terraform apply + ``` + +--- + +## 🔐 Output + +The deployment will output: +- VM IP addresses +- Kubernetes cluster information (kubeconfig) +- Object Storage credentials (access/secret key) + +> 🔒 Make sure to store credentials securely and **never commit them** to version control. + +--- + +## 📝 Notes + +- This setup is optimized for a **test or POC environment**. +- pfSense must be manually configured after deployment. +- Kubernetes workloads (e.g. Commvault agents) are not included in this deployment but can be added later. +- LVM striping (RAID0) can be used for temporary IOPS/performance improvement — but **requires attention to backups**. + +--- + +## ⚠️ Limitations + +- The infrastructure is not auto-scaled or HA-enabled by default. +- Commvault is assumed to be managed **externally** or installed manually. +- No automated DNS or certificate management is configured. +- `lan_network3` is non-routed and might require manual routing adjustments if used. + +--- + +## 📬 Support + +For issues, please create a Ticket or contact professional-service@stackit.cloud + +--- + +**Author**: Michael Sodan +**License**: MIT \ No newline at end of file