108 lines
		
	
	
	
		
			2.8 KiB
		
	
	
	
		
			Markdown
		
	
	
	
	
	
			
		
		
	
	
			108 lines
		
	
	
	
		
			2.8 KiB
		
	
	
	
		
			Markdown
		
	
	
	
	
	
| # 🌐 Infrastructure Deployment: Landing Zone, Core, Backup and SKE
 | ||
| 
 | ||
| This repository contains Terraform code to deploy the following infrastructure projects:
 | ||
| 
 | ||
| ---
 | ||
| 
 | ||
| ## 📦 Projects Overview
 | ||
| 
 | ||
| ### 1. **Landing Zone**
 | ||
| - Deploys a single **pfSense VM** as the central firewall/router.
 | ||
| - Acts as the entry point for the environment.
 | ||
| - Configures **WAN and multiple LAN networks**:
 | ||
|   - `wan_network`: `10.220.0.0/24`
 | ||
|   - `lan_network1`: `10.220.1.0/24`
 | ||
|   - `lan_network2`: `10.220.2.0/24`
 | ||
|   - `lan_network3`: `10.220.3.0/24` (non-routed)
 | ||
| - Interfaces:
 | ||
|   - WAN interface with static IP `10.220.0.254`
 | ||
|   - LAN1–3 interfaces, each connected to corresponding networks
 | ||
| 
 | ||
| ### 2. **Core**
 | ||
| - Deploys a single **Virtual Machine** (VM) for core services or testing purposes.
 | ||
| - Network setup includes:
 | ||
|   - `p2_lan_network`: `10.220.5.0/24` (routed)
 | ||
|   - `p2_wan_network`: `10.220.6.0/24` (routed)
 | ||
| - Interfaces:
 | ||
|   - LAN interface with attached security group
 | ||
|   - WAN interface without additional security
 | ||
| 
 | ||
| ### 3. **Backup**
 | ||
| - Used for backup and disaster recovery scenarios.
 | ||
| - Creates an **Object Storage Bucket**.
 | ||
| - Relevant **access credentials** are provisioned for use with other services.
 | ||
| 
 | ||
| ### 4. **SKE**
 | ||
| - Deploys a managed **SKE (STACKIT Kubernetes Engine)** cluster.
 | ||
| 
 | ||
| 
 | ||
| ---
 | ||
| 
 | ||
| ## 🚀 Getting Started
 | ||
| 
 | ||
| ### Prerequisites
 | ||
| - Terraform ≥ 1.3
 | ||
| - Valid STACKIT credentials
 | ||
| - Access to STACKIT APIs (IaaS, Kubernetes, Object Storage)
 | ||
| 
 | ||
| ### Deployment Steps
 | ||
| 
 | ||
| 1. Clone this repository:
 | ||
|    ```bash
 | ||
|    git clone https://professional-service.git.onstackit.cloud/professional-service-best-practices/landingzone.git
 | ||
|    cd <repo-name>
 | ||
|    ```
 | ||
| 
 | ||
| 2. Initialize Terraform:
 | ||
|    ```bash
 | ||
|    terraform init
 | ||
|    ```
 | ||
| 
 | ||
| 3. Review and adjust variables if needed:
 | ||
|    ```bash
 | ||
|    terraform.tfvars
 | ||
|    ```
 | ||
| 
 | ||
| 4. Plan and apply the configuration:
 | ||
|    ```bash
 | ||
|    terraform apply
 | ||
|    ```
 | ||
| 
 | ||
| ---
 | ||
| 
 | ||
| ## 🔐 Output
 | ||
| 
 | ||
| The deployment will output:
 | ||
| - VM IP addresses
 | ||
| - Kubernetes cluster information (kubeconfig)
 | ||
| - Object Storage credentials (access/secret key)
 | ||
| 
 | ||
| > 🔒 Make sure to store credentials securely and **never commit them** to version control.
 | ||
| 
 | ||
| ---
 | ||
| 
 | ||
| ## 📝 Notes
 | ||
| 
 | ||
| - This setup is optimized for a **test or POC environment**.
 | ||
| - pfSense must be manually configured after deployment.
 | ||
| - Kubernetes workloads are not included in this deployment but can be added later.
 | ||
| - LVM striping (RAID0) can be used for temporary IOPS/performance improvement — but **requires attention to backups**.
 | ||
| 
 | ||
| ---
 | ||
| 
 | ||
| ## ⚠️ Limitations
 | ||
| 
 | ||
| - The infrastructure is not auto-scaled or HA-enabled by default.
 | ||
| - No automated DNS or certificate management is configured.
 | ||
| - `lan_network3` is non-routed and might require manual routing adjustments if used.
 | ||
| 
 | ||
| ---
 | ||
| 
 | ||
| ## 📬 Support
 | ||
| 
 | ||
| For issues, please create a Ticket or contact professional-service@stackit.cloud
 | ||
| 
 | ||
| ---
 | ||
| 
 | ||
| **Author**: Michael Sodan  
 | ||
| **License**: MIT
 |