professional-service-best-practices/landingzone
14
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
this deploys a new project in an Org with one pfsense as VPN Gateway.
9 commits 1 branch 0 tags 90 KiB
HCL 100%
Find a file
Michael Sodan cb463fe4e1 add ske project4
2025-05-27 17:28:35 +02:00
project add ske project4 2025-05-27 17:28:35 +02:00
.gitignore initial setup -- needs to be changed 2025-05-26 16:32:15 +02:00
00-provider.tf initial setup -- needs to be changed 2025-05-26 16:28:32 +02:00
01-network.tf change network routing and add s3 2025-05-27 16:12:25 +02:00
02-pfSense-image.tf initial setup -- needs to be changed 2025-05-26 16:28:32 +02:00
03-pfSense-appliance.tf change network routing and add s3 2025-05-27 16:12:25 +02:00
04-attachment.tf change network routing and add s3 2025-05-27 16:12:25 +02:00
05-server.tf change network routing and add s3 2025-05-27 16:12:25 +02:00
06-security-group.tf change network routing and add s3 2025-05-27 16:12:25 +02:00
07-object-storage.tf add object storage and change README 2025-05-27 16:21:02 +02:00
80-keypair.tf change network routing and add s3 2025-05-27 16:12:25 +02:00
99-variables.tf change network routing and add s3 2025-05-27 16:12:25 +02:00
README.md add object storage and change README 2025-05-27 16:21:02 +02:00

README.md

🌐 Infrastructure Deployment: Landing Zone, Core, and Commvault

This repository contains Terraform code to deploy the following infrastructure projects:

📦 Projects Overview

1. Landing Zone

  • Deploys a single pfSense VM as the central firewall/router.
  • Acts as the entry point for the environment.
  • Configures WAN and multiple LAN networks:
    • wan_network: 10.220.0.0/24
    • lan_network1: 10.220.1.0/24
    • lan_network2: 10.220.2.0/24
    • lan_network3: 10.220.3.0/24 (non-routed)
  • Interfaces:
    • WAN interface with static IP 10.220.0.254
    • LAN13 interfaces, each connected to corresponding networks

2. Core

  • Deploys a single Virtual Machine (VM) for core services or testing purposes.
  • Network setup includes:
    • p2_lan_network: 10.220.5.0/24 (routed)
    • p2_wan_network: 10.220.6.0/24 (routed)
  • Interfaces:
    • LAN interface with attached security group
    • WAN interface without additional security

3. Commvault

  • Deploys a managed SKE (STACKIT Kubernetes Engine) cluster.
  • Used for backup and disaster recovery scenarios via Commvault.

4. Object Store

  • Creates an Object Storage Bucket.
  • Relevant access credentials are provisioned for use with Commvault or other services.

🚀 Getting Started

Prerequisites

  • Terraform ≥ 1.3
  • Valid STACKIT credentials
  • Access to STACKIT APIs (IaaS, Kubernetes, Object Storage)

Deployment Steps

  1. Clone this repository:

    git clone https://professional-service.git.onstackit.cloud/professional-service-best-practices/landingzone.git
cd <repo-name>

  2. Initialize Terraform:

    terraform init

  3. Review and adjust variables if needed:

    terraform.tfvars

  4. Plan and apply the configuration:

    terraform apply

🔐 Output

The deployment will output:

  • VM IP addresses
  • Kubernetes cluster information (kubeconfig)
  • Object Storage credentials (access/secret key)

🔒 Make sure to store credentials securely and never commit them to version control.

📝 Notes

  • This setup is optimized for a test or POC environment.
  • pfSense must be manually configured after deployment.
  • Kubernetes workloads (e.g. Commvault agents) are not included in this deployment but can be added later.
  • LVM striping (RAID0) can be used for temporary IOPS/performance improvement — but requires attention to backups.

⚠️ Limitations

  • The infrastructure is not auto-scaled or HA-enabled by default.
  • Commvault is assumed to be managed externally or installed manually.
  • No automated DNS or certificate management is configured.
  • lan_network3 is non-routed and might require manual routing adjustments if used.

📬 Support

For issues, please create a Ticket or contact professional-service@stackit.cloud

Author: Michael Sodan
License: MIT