professional-service-best-practices/landingzone
14
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
landingzone/README.md

108 lines
No EOL
2.9 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# 🌐 Infrastructure Deployment: Landing Zone, Core, and Commvault
This repository contains Terraform code to deploy the following infrastructure projects:
---
## 📦 Projects Overview
### 1. **Landing Zone**
- Deploys a single **pfSense VM** as the central firewall/router.
- Acts as the entry point for the environment.
- Configures **WAN and multiple LAN networks**:
- `wan_network`: `10.220.0.0/24`
- `lan_network1`: `10.220.1.0/24`
- `lan_network2`: `10.220.2.0/24`
- `lan_network3`: `10.220.3.0/24` (non-routed)
- Interfaces:
- WAN interface with static IP `10.220.0.254`
- LAN13 interfaces, each connected to corresponding networks
### 2. **Core**
- Deploys a single **Virtual Machine** (VM) for core services or testing purposes.
- Network setup includes:
- `p2_lan_network`: `10.220.5.0/24` (routed)
- `p2_wan_network`: `10.220.6.0/24` (routed)
- Interfaces:
- LAN interface with attached security group
- WAN interface without additional security
### 3. **Commvault**
- Deploys a managed **SKE (STACKIT Kubernetes Engine)** cluster.
- Used for backup and disaster recovery scenarios via Commvault.
### 4. **Object Store**
- Creates an **Object Storage Bucket**.
- Relevant **access credentials** are provisioned for use with Commvault or other services.
---
## 🚀 Getting Started
### Prerequisites
- Terraform ≥ 1.3
- Valid STACKIT credentials
- Access to STACKIT APIs (IaaS, Kubernetes, Object Storage)
### Deployment Steps
1. Clone this repository:
```bash
git clone https://professional-service.git.onstackit.cloud/professional-service-best-practices/landingzone.git
cd <repo-name>
```
2. Initialize Terraform:
```bash
terraform init
```
3. Review and adjust variables if needed:
```bash
terraform.tfvars
```
4. Plan and apply the configuration:
```bash
terraform apply
```
---
## 🔐 Output
The deployment will output:
- VM IP addresses
- Kubernetes cluster information (kubeconfig)
- Object Storage credentials (access/secret key)
> 🔒 Make sure to store credentials securely and **never commit them** to version control.
---
## 📝 Notes
- This setup is optimized for a **test or POC environment**.
- pfSense must be manually configured after deployment.
- Kubernetes workloads (e.g. Commvault agents) are not included in this deployment but can be added later.
- LVM striping (RAID0) can be used for temporary IOPS/performance improvement — but **requires attention to backups**.
---
## ⚠️ Limitations
- The infrastructure is not auto-scaled or HA-enabled by default.
- Commvault is assumed to be managed **externally** or installed manually.
- No automated DNS or certificate management is configured.
- `lan_network3` is non-routed and might require manual routing adjustments if used.
---
## 📬 Support
For issues, please create a Ticket or contact professional-service@stackit.cloud
---
**Author**: Michael Sodan
**License**: MIT
Reference in a new issue View git blame Copy permalink