this deploys a new project in an Org with one pfsense as VPN Gateway.
Find a file
2025-06-02 12:45:56 +00:00
project change path for pubkey 2025-06-02 12:45:56 +00:00
.gitignore initial setup -- needs to be changed 2025-05-26 16:32:15 +02:00
00-provider.tf initial setup -- needs to be changed 2025-05-26 16:28:32 +02:00
01-network.tf add commvault - change network layout 2025-06-02 14:42:10 +02:00
02-pfSense-image.tf add commvault - change network layout 2025-06-02 14:42:10 +02:00
03-pfSense-appliance.tf change network routing and add s3 2025-05-27 16:12:25 +02:00
04-attachment.tf change network routing and add s3 2025-05-27 16:12:25 +02:00
05-server.tf add commvault - change network layout 2025-06-02 14:42:10 +02:00
06-security-group.tf change network routing and add s3 2025-05-27 16:12:25 +02:00
07-object-storage.tf add depends on 2025-06-02 12:45:56 +00:00
08-ske.tf Update 08-ske.tf 2025-06-02 13:17:48 +02:00
80-keypair.tf change path for pubkey 2025-06-02 12:45:56 +00:00
99-variables.tf change path for pubkey 2025-06-02 12:45:56 +00:00
README.md change README 2025-05-27 17:30:23 +02:00

🌐 Infrastructure Deployment: Landing Zone, Core, Commvault and SKE

This repository contains Terraform code to deploy the following infrastructure projects:


📦 Projects Overview

1. Landing Zone

  • Deploys a single pfSense VM as the central firewall/router.
  • Acts as the entry point for the environment.
  • Configures WAN and multiple LAN networks:
    • wan_network: 10.220.0.0/24
    • lan_network1: 10.220.1.0/24
    • lan_network2: 10.220.2.0/24
    • lan_network3: 10.220.3.0/24 (non-routed)
  • Interfaces:
    • WAN interface with static IP 10.220.0.254
    • LAN13 interfaces, each connected to corresponding networks

2. Core

  • Deploys a single Virtual Machine (VM) for core services or testing purposes.
  • Network setup includes:
    • p2_lan_network: 10.220.5.0/24 (routed)
    • p2_wan_network: 10.220.6.0/24 (routed)
  • Interfaces:
    • LAN interface with attached security group
    • WAN interface without additional security

3. Commvault

  • Used for backup and disaster recovery scenarios via Commvault.
  • Creates an Object Storage Bucket.
  • Relevant access credentials are provisioned for use with Commvault or other services.

4. SKE

  • Deploys a managed SKE (STACKIT Kubernetes Engine) cluster.

🚀 Getting Started

Prerequisites

  • Terraform ≥ 1.3
  • Valid STACKIT credentials
  • Access to STACKIT APIs (IaaS, Kubernetes, Object Storage)

Deployment Steps

  1. Clone this repository:

    git clone https://professional-service.git.onstackit.cloud/professional-service-best-practices/landingzone.git
    cd <repo-name>
    
  2. Initialize Terraform:

    terraform init
    
  3. Review and adjust variables if needed:

    terraform.tfvars
    
  4. Plan and apply the configuration:

    terraform apply
    

🔐 Output

The deployment will output:

  • VM IP addresses
  • Kubernetes cluster information (kubeconfig)
  • Object Storage credentials (access/secret key)

🔒 Make sure to store credentials securely and never commit them to version control.


📝 Notes

  • This setup is optimized for a test or POC environment.
  • pfSense must be manually configured after deployment.
  • Kubernetes workloads (e.g. Commvault agents) are not included in this deployment but can be added later.
  • LVM striping (RAID0) can be used for temporary IOPS/performance improvement — but requires attention to backups.

⚠️ Limitations

  • The infrastructure is not auto-scaled or HA-enabled by default.
  • Commvault is assumed to be managed externally or installed manually.
  • No automated DNS or certificate management is configured.
  • lan_network3 is non-routed and might require manual routing adjustments if used.

📬 Support

For issues, please create a Ticket or contact professional-service@stackit.cloud


Author: Michael Sodan
License: MIT