professional-service-best-practices/landingzone
14
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
landingzone/README.md

2.8 KiB
Raw Blame History

🌐 Infrastructure Deployment: Landing Zone, Core, Backup and SKE

This repository contains Terraform code to deploy the following infrastructure projects:

📦 Projects Overview

1. Landing Zone

  • Deploys a single pfSense VM as the central firewall/router.
  • Acts as the entry point for the environment.
  • Configures WAN and multiple LAN networks:
    • wan_network: 10.220.0.0/24
    • lan_network1: 10.220.1.0/24
    • lan_network2: 10.220.2.0/24
    • lan_network3: 10.220.3.0/24 (non-routed)
  • Interfaces:
    • WAN interface with static IP 10.220.0.254
    • LAN13 interfaces, each connected to corresponding networks

2. Core

  • Deploys a single Virtual Machine (VM) for core services or testing purposes.
  • Network setup includes:
    • p2_lan_network: 10.220.5.0/24 (routed)
    • p2_wan_network: 10.220.6.0/24 (routed)
  • Interfaces:
    • LAN interface with attached security group
    • WAN interface without additional security

3. Backup

  • Used for backup and disaster recovery scenarios.
  • Creates an Object Storage Bucket.
  • Relevant access credentials are provisioned for use with other services.

4. SKE

  • Deploys a managed SKE (STACKIT Kubernetes Engine) cluster.

🚀 Getting Started

Prerequisites

  • Terraform ≥ 1.3
  • Valid STACKIT credentials
  • Access to STACKIT APIs (IaaS, Kubernetes, Object Storage)

Deployment Steps

  1. Clone this repository:

    git clone https://professional-service.git.onstackit.cloud/professional-service-best-practices/landingzone.git
cd <repo-name>

  2. Initialize Terraform:

    terraform init

  3. Review and adjust variables if needed:

    99-variables.tf
set organization id (also in project module)
touch pfsense.qcow2

  4. Plan and apply the configuration:

    terraform apply

🔐 Output

The deployment will output:

  • VM IP addresses
  • Kubernetes cluster information (kubeconfig)
  • Object Storage credentials (access/secret key)

🔒 Make sure to store credentials securely and never commit them to version control.

📝 Notes

  • This setup is optimized for a test or POC environment.
  • pfSense must be manually configured after deployment.
  • Kubernetes workloads are not included in this deployment but can be added later.
  • LVM striping (RAID0) can be used for temporary IOPS/performance improvement — but requires attention to backups.

⚠️ Limitations

  • The infrastructure is not auto-scaled or HA-enabled by default.
  • No automated DNS or certificate management is configured.
  • lan_network3 is non-routed and might require manual routing adjustments if used.

📬 Support

For issues, please create a Ticket or contact professional-service@stackit.cloud

Author: Michael Sodan
License: MIT