professional-service-best-practices/landingzone_ipsec
14
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

inital setup

Browse source
This commit is contained in:
Michael_Sodan 2025-08-20 14:57:16 +00:00
commit 745e157eda
18 changed files with 930 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
.gitignore vendored Normal file
View file

@ -0,0 +1,2 @@
.terraform*
terraform*

23
00-provider.tf Normal file
View file

@ -0,0 +1,23 @@
terraform {
required_providers {
stackit = {
source = "stackitcloud/stackit"
version = ">=0.50.0"
}
}
}
# Authentication
# Key flow (using path)
provider "stackit" {
default_region = var.default_region
service_account_key_path = var.service_account_key_path
enable_beta_resources = true
}
module "project" {
source = "./project"
}

190
01-network.tf Normal file
View file

@ -0,0 +1,190 @@
// ------- project 1 - landingzone ------------
// This file defines the network setup for the first project landingzone.
resource "stackit_network" "wan_network" {
project_id = module.project.project_info["project1"].project_id
name = "wan_network"
ipv4_nameservers = ["1.1.1.1", "8.8.8.8"]
ipv4_prefix = "10.220.0.0/24"
routed = true
}
resource "stackit_network" "lan_network1" {
project_id = module.project.project_info["project1"].project_id
name = "lan_network1"
ipv4_prefix = "10.220.1.0/24"
routed = true
}
resource "stackit_network" "lan_network2" {
project_id = module.project.project_info["project1"].project_id
name = "lan_network2"
ipv4_prefix = "10.220.2.0/24"
routed = true
}
resource "stackit_network" "lan_network3" {
project_id = module.project.project_info["project1"].project_id
name = "lan_network3"
ipv4_prefix = "10.220.3.0/24"
routed = false
}
resource "stackit_network_interface" "wan" {
project_id = module.project.project_info["project1"].project_id
network_id = stackit_network.wan_network.network_id
security = false
name = "MGMT"
ipv4 = "10.220.0.254"
}
resource "stackit_network_interface" "lan1" {
project_id = module.project.project_info["project1"].project_id
network_id = stackit_network.lan_network1.network_id
security = false
name = "LAN1"
}
resource "stackit_network_interface" "lan2" {
project_id = module.project.project_info["project1"].project_id
network_id = stackit_network.lan_network2.network_id
security = false
name = "LAN2"
}
resource "stackit_network_interface" "lan3" {
project_id = module.project.project_info["project1"].project_id
network_id = stackit_network.lan_network3.network_id
security = false
name = "LAN3"
}
# ---------- project 2 core ------------------
// This file defines the network setup for the second project (core).
resource "stackit_network" "p2_lan_network1" {
project_id = module.project.project_info["project2"].project_id
name = "p2_lan_network"
ipv4_prefix = "10.220.5.0/24"
routed = true
}
resource "stackit_network_interface" "p2_lan1" {
project_id = module.project.project_info["project2"].project_id
network_id = stackit_network.p2_lan_network1.network_id
security = true
name = "P2LAN1"
security_group_ids = [ stackit_security_group.example.security_group_id ]
}
// this is for adding a second network interface to the core project (for WAN access).
/* resource "stackit_network" "p2_wan_network1" {
project_id = module.project.project_info["project2"].project_id
name = "wan"
ipv4_prefix = "10.220.6.0/24"
routed = true
}
resource "stackit_network_interface" "p2_wan_interface1" {
project_id = module.project.project_info["project2"].project_id
network_id = stackit_network.p2_wan_network1.network_id
security = false
name = "wan_if"
}
*/
# ---------- project 3 backup ------------------
// This file defines the network setup for the third project (backup).
resource "stackit_network" "p3_lan_network1" {
project_id = module.project.project_info["project3"].project_id
name = "p3_lan_network"
ipv4_prefix = "10.220.6.0/24"
routed = true
}
resource "stackit_network_interface" "p3_lan1" {
project_id = module.project.project_info["project3"].project_id
network_id = stackit_network.p3_lan_network1.network_id
security = false
name = "P3LAN1"
//security_group_ids = [ stackit_security_group.example.security_group_id ]
}
// ------- project 5 - vpn ------------
// This file defines the network setup for the fifth project (vpn).
resource "stackit_network" "wan_network_beta" {
project_id = module.project.project_info["project5"].project_id
name = "wan_network_beta"
ipv4_nameservers = ["1.1.1.1", "8.8.8.8"]
ipv4_prefix = "10.230.0.0/24"
routed = true
}
resource "stackit_network" "lan_network_beta" {
project_id = module.project.project_info["project5"].project_id
name = "lan_network_beta"
ipv4_prefix = "10.230.1.0/24"
routed = true
}
resource "stackit_network_interface" "wan_beta" {
project_id = module.project.project_info["project5"].project_id
network_id = stackit_network.wan_network_beta.network_id
security = false
name = "MGMT"
ipv4 = "10.230.0.254"
}
resource "stackit_network_interface" "lan_beta" {
project_id = module.project.project_info["project5"].project_id
network_id = stackit_network.lan_network_beta.network_id
security = false
name = "LAN1"
}
# ---------- project 6 infra ------------------
// This file defines the network setup for the sixth project (infra).
resource "stackit_network" "p6_lan_network1" {
project_id = module.project.project_info["project6"].project_id
name = "p6_lan_network"
ipv4_prefix = "10.230.5.0/24"
routed = true
}
resource "stackit_network_interface" "p6_lan1" {
project_id = module.project.project_info["project6"].project_id
network_id = stackit_network.p6_lan_network1.network_id
security = true
name = "P6LAN1"
security_group_ids = [ stackit_security_group.example_beta.security_group_id ]
}
// ---------- public IPs ------------------
// This file defines the public IPs for the projects.
resource "stackit_public_ip" "wan_ip" {
project_id = module.project.project_info["project1"].project_id
network_interface_id = stackit_network_interface.wan.network_interface_id
}
resource "stackit_public_ip" "wan_ip_alpha" {
project_id = module.project.project_info["project5"].project_id
network_interface_id = stackit_network_interface.wan_beta.network_interface_id
}
// this is for adding a public IP to the second project (core) for WAN access.
/*resource "stackit_public_ip" "wan_server" {
project_id = module.project.project_info["project2"].project_id
network_interface_id = stackit_network_interface.p2_wan_interface1.network_interface_id
}
*/
// Output the public IPs for both projects
output "public_ips" {
value = {
"wan_ip" = stackit_public_ip.wan_ip.ip
"wan_ip_alpha" = stackit_public_ip.wan_ip_alpha.ip
//"wan_server" = stackit_public_ip.wan_server.ip
}
}

47
02-pfSense-image.tf Normal file
View file

@ -0,0 +1,47 @@
// Local copy of the Image
resource "null_resource" "pfsense_image_file" {
triggers = {
always_run = timestamp()
}
provisioner "local-exec" {
command = "curl -o pfsense.qcow2 https://pfsense.object.storage.eu01.onstackit.cloud/pfsense-ce-2.7.2-amd64-10-12-2024.qcow2"
}
}
// Upload VPN Appliance Image to STACKIT
resource "stackit_image" "pfsense_image" {
project_id = module.project.project_info["project1"].project_id
name = "pfsense-2.7.2-amd64-image"
local_file_path = "./pfsense.qcow2"
disk_format = "qcow2"
depends_on = [null_resource.pfsense_image_file]
min_disk_size = 50
min_ram = 4
config = {
uefi = false
cdrom_bus = "scsi"
disk_bus = "scsi"
secure_boot = false
}
}
// Upload VPN Appliance Image to STACKIT
resource "stackit_image" "pfsense_image_beta" {
project_id = module.project.project_info["project5"].project_id
name = "pfsense-2.7.2-amd64-image"
local_file_path = "./pfsense.qcow2"
disk_format = "qcow2"
depends_on = [null_resource.pfsense_image_file]
min_disk_size = 50
min_ram = 4
config = {
uefi = false
cdrom_bus = "scsi"
disk_bus = "scsi"
secure_boot = false
}
}

52
03-pfSense-appliance.tf Normal file
View file

@ -0,0 +1,52 @@
// This file is part of the STACKIT Terraform module for deploying a pfSense appliance.
resource "stackit_volume" "pfsense_vol" {
project_id = module.project.project_info["project1"].project_id
name = "pfsense-2.7.2-root"
availability_zone = var.region_az1
size = 50
performance_class = "storage_premium_perf4"
source = {
id = stackit_image.pfsense_image.image_id
type = "image"
}
}
resource "stackit_server" "pfsense_appliance" {
project_id = module.project.project_info["project1"].project_id
name = "pfSense-alpha"
boot_volume = {
source_type = "volume"
source_id = stackit_volume.pfsense_vol.volume_id
}
availability_zone = var.region_az1
machine_type = var.flavor
network_interfaces = [stackit_network_interface.wan.network_interface_id]
depends_on = [ stackit_network.wan_network ]
}
// This file is part of the STACKIT Terraform module for deploying a pfSense appliance.
resource "stackit_volume" "pfsense_vol_beta" {
project_id = module.project.project_info["project5"].project_id
name = "pfsense-2.7.2-root"
availability_zone = var.region_az1
size = 50
performance_class = "storage_premium_perf4"
source = {
id = stackit_image.pfsense_image_beta.image_id
type = "image"
}
}
resource "stackit_server" "pfsense_appliance_beta" {
project_id = module.project.project_info["project5"].project_id
name = "pfSense"
boot_volume = {
source_type = "volume"
source_id = stackit_volume.pfsense_vol_beta.volume_id
}
availability_zone = var.region_az1
machine_type = var.flavor
network_interfaces = [stackit_network_interface.wan_beta.network_interface_id, stackit_network_interface.lan_beta.network_interface_id ]
depends_on = [ stackit_network.wan_network_beta ]
}

22
04-attachment.tf Normal file
View file

@ -0,0 +1,22 @@
// Attach network interfaces to the pfSense server without recreating the server
resource "stackit_server_network_interface_attach" "nic-attachment-lan1" {
project_id = module.project.project_info["project1"].project_id
server_id = stackit_server.pfsense_appliance.server_id
network_interface_id = stackit_network_interface.lan1.network_interface_id
depends_on = [ stackit_server.pfsense_appliance ]
}
resource "stackit_server_network_interface_attach" "nic-attachment-lan2" {
project_id = module.project.project_info["project1"].project_id
server_id = stackit_server.pfsense_appliance.server_id
network_interface_id = stackit_network_interface.lan2.network_interface_id
depends_on = [ stackit_server_network_interface_attach.nic-attachment-lan1]
}
resource "stackit_server_network_interface_attach" "nic-attachment-lan3" {
project_id = module.project.project_info["project1"].project_id
server_id = stackit_server.pfsense_appliance.server_id
network_interface_id = stackit_network_interface.lan3.network_interface_id
depends_on = [ stackit_server_network_interface_attach.nic-attachment-lan2]
}

88
05-server.tf Normal file
View file

@ -0,0 +1,88 @@
// create the server in the second project (core)
resource "stackit_volume" "example_vol" {
project_id = module.project.project_info["project2"].project_id
name = "example_root"
availability_zone = var.region_az1
size = 200
performance_class = "storage_premium_perf4"
source = {
id = data.stackit_image.debian.image_id
type = "image"
}
}
resource "stackit_server" "dev_server" {
project_id = module.project.project_info["project2"].project_id
name = "server1"
boot_volume = {
source_type = "volume"
source_id = stackit_volume.example_vol.volume_id
}
availability_zone = var.region_az1
machine_type = var.flavor
network_interfaces = [stackit_network_interface.p2_lan1.network_interface_id ]
keypair_name = stackit_key_pair.keypair.name
depends_on = [ stackit_network_interface.p2_lan1 ]
}
data "stackit_image" "debian" {
project_id = module.project.project_info["project2"].project_id
image_id = "d1151962-f2cd-45e6-9c67-185c5055c7e0" // Debian 12 (Bookworm) x86_64
}
// create the server in the third project (backup)
resource "stackit_volume" "example_vol_p3" {
project_id = module.project.project_info["project3"].project_id
name = "root_volume"
availability_zone = var.region_az1
size = 200
performance_class = "storage_premium_perf4"
source = {
id = data.stackit_image.debian.image_id
type = "image"
}
}
resource "stackit_server" "dev_server_p3" {
project_id = module.project.project_info["project3"].project_id
name = "server2"
boot_volume = {
source_type = "volume"
source_id = stackit_volume.example_vol_p3.volume_id
}
availability_zone = var.region_az1
machine_type = var.flavor
network_interfaces = [stackit_network_interface.p3_lan1.network_interface_id ]
keypair_name = stackit_key_pair.keypair.name
depends_on = [ stackit_network_interface.p3_lan1 ]
}
// create the server in the sixth project (infra)
resource "stackit_volume" "example_vol_p6" {
project_id = module.project.project_info["project6"].project_id
name = "root_volume"
availability_zone = var.region_az1
size = 200
performance_class = "storage_premium_perf4"
source = {
id = data.stackit_image.debian.image_id
type = "image"
}
}
resource "stackit_server" "dev_server_p6" {
project_id = module.project.project_info["project6"].project_id
name = "debian"
boot_volume = {
source_type = "volume"
source_id = stackit_volume.example_vol_p6.volume_id
}
availability_zone = var.region_az1
machine_type = var.flavor
network_interfaces = [stackit_network_interface.p6_lan1.network_interface_id ]
keypair_name = stackit_key_pair.keypair.name
depends_on = [ stackit_network_interface.p6_lan1 ]
}

101
06-security-group.tf Normal file
View file

@ -0,0 +1,101 @@
// Security Group and Security Group Rules
resource "stackit_security_group" "example" {
project_id = module.project.project_info["project2"].project_id
name = "test"
labels = {
"key" = "example"
}
}
resource "stackit_security_group_rule" "icmp_ingress" {
security_group_id = stackit_security_group.example.security_group_id
project_id = module.project.project_info["project2"].project_id
direction = "ingress"
icmp_parameters = {
code = 0
type = 8
}
protocol = {
name = "icmp"
}
}
resource "stackit_security_group_rule" "icmp_egress" {
project_id = module.project.project_info["project2"].project_id
security_group_id = stackit_security_group.example.security_group_id
direction = "egress"
icmp_parameters = {
code = 0
type = 8
}
protocol = {
name = "icmp"
}
}
resource "stackit_security_group_rule" "ssh_ingress" {
security_group_id = stackit_security_group.example.security_group_id
project_id = module.project.project_info["project2"].project_id
direction = "ingress"
protocol = {
name = "tcp"
}
port_range = {
max = 22
min = 22
}
}
// Security Group and Security Group Rules
resource "stackit_security_group" "example_beta" {
project_id = module.project.project_info["project6"].project_id
name = "test"
labels = {
"key" = "example"
}
}
resource "stackit_security_group_rule" "icmp_ingress_beta" {
security_group_id = stackit_security_group.example_beta.security_group_id
project_id = module.project.project_info["project6"].project_id
direction = "ingress"
icmp_parameters = {
code = 0
type = 8
}
protocol = {
name = "icmp"
}
}
resource "stackit_security_group_rule" "icmp_egress_beta" {
project_id = module.project.project_info["project6"].project_id
security_group_id = stackit_security_group.example_beta.security_group_id
direction = "egress"
icmp_parameters = {
code = 0
type = 8
}
protocol = {
name = "icmp"
}
}
resource "stackit_security_group_rule" "ssh_ingress_beta" {
security_group_id = stackit_security_group.example_beta.security_group_id
project_id = module.project.project_info["project6"].project_id
direction = "ingress"
protocol = {
name = "tcp"
}
port_range = {
max = 22
min = 22
}
}

27
07-object-storage.tf Normal file
View file

@ -0,0 +1,27 @@
resource "stackit_objectstorage_bucket" "example" {
project_id = module.project.project_info["project3"].project_id
name = "073a0ea0-9282-4ed6-8990-d5c4bff7cc3f"
}
resource "stackit_objectstorage_credentials_group" "example" {
project_id = module.project.project_info["project3"].project_id
name = "example-credentials-group"
depends_on = [ stackit_objectstorage_bucket.example ]
}
resource "stackit_objectstorage_credential" "example" {
project_id = module.project.project_info["project3"].project_id
credentials_group_id = stackit_objectstorage_credentials_group.example.credentials_group_id
expiration_timestamp = "2028-01-02T03:04:05Z"
depends_on = [ stackit_objectstorage_credentials_group.example ]
}
// Output the credentials for the object storage
output "credentials" {
value = {
"access_key" = stackit_objectstorage_credential.example.access_key
"credential_id" = stackit_objectstorage_credential.example.credential_id
"secret_access_key" = stackit_objectstorage_credential.example.secret_access_key
}
sensitive = true
}

42
08-ske.tf Normal file
View file

@ -0,0 +1,42 @@
resource "stackit_ske_cluster" "demo-cluster" {
project_id = module.project.project_info["project4"].project_id
name = "demo-clustr"
node_pools = [
{
name = "np"
machine_type = "g1.4"
minimum = "2"
maximum = "3"
volume_size = "64"
volume_type = "storage_premium_perf4"
availability_zones = ["eu01-3", "eu01-1"]
}
]
maintenance = {
enable_kubernetes_version_updates = true
enable_machine_image_version_updates = true
start = "01:00:00Z"
end = "02:00:00Z"
}
network = {
id = stackit_network.ske_network.network_id
}
extensions = {
acl = {
enabled = true
allowed_cidrs = ["0.0.0.0/0"]
}
}
}
output "ske-egress-ip" {
value = stackit_ske_cluster.demo-cluster.egress_address_ranges
}
resource "stackit_network" "ske_network" {
project_id = module.project.project_info["project4"].project_id
name = "ske_network"
ipv4_nameservers = ["1.1.1.1", "9.9.9.9"]
ipv4_prefix = "10.220.10.0/24"
}

6
80-keypair.tf Normal file
View file

@ -0,0 +1,6 @@
// keypair adding to the server
resource "stackit_key_pair" "keypair" {
name = "073a0ea0-9282-4ed6-8990-d5c4bff7cc3f"
public_key = chomp(file("/root/.ssh/id_ed25519.pub"))
}

35
99-variables.tf Normal file
View file

@ -0,0 +1,35 @@
# -- variables
variable "organization_id" {
default = "03a34540-3c1a-4794-b2c6-7111ecf824ef"
}
variable "service_account_key_path" {
default = "/root/.stackit/credentials.json"
}
variable "default_region" {
default ="eu01"
}
variable "region_az1" {
default = "eu01-1"
}
variable "region_az2" {
default = "eu01-2"
}
variable "region_az3" {
default = "eu01-3"
}
variable "region_metro" {
default = "eu01-m"
}
variable "flavor" {
type = string
description = ""
default = "m1.2"
}

111
README.md Normal file
View file

@ -0,0 +1,111 @@
# 🌐 Infrastructure Deployment: Landing Zone, Core, Backup and SKE
This repository contains Terraform code to deploy the following infrastructure projects:
---
## 📦 Projects Overview
### 1. **Landing Zone**
- Deploys a single **pfSense VM** as the central firewall/router.
- Acts as the entry point for the environment.
- Configures **WAN and multiple LAN networks**:
- `wan_network`: `10.220.0.0/24`
- `lan_network1`: `10.220.1.0/24`
- `lan_network2`: `10.220.2.0/24`
- `lan_network3`: `10.220.3.0/24` (non-routed)
- Interfaces:
- WAN interface with static IP `10.220.0.254`
- LAN13 interfaces, each connected to corresponding networks
### 2. **Core**
- Deploys a single **Virtual Machine** (VM) for core services or testing purposes.
- Network setup includes:
- `p2_lan_network`: `10.220.5.0/24` (routed)
- `p2_wan_network`: `10.220.6.0/24` (routed)
- Interfaces:
- LAN interface with attached security group
- WAN interface without additional security
### 3. **Backup**
- Used for backup and disaster recovery scenarios.
- Creates an **Object Storage Bucket**.
- Relevant **access credentials** are provisioned for use with other services.
### 4. **SKE**
- Deploys a managed **SKE (STACKIT Kubernetes Engine)** cluster.
- `ske_network`: `10.220.10.0/24`
---
## 🚀 Getting Started
### Prerequisites
- Terraform ≥ 1.3
- Valid STACKIT credentials
- Access to STACKIT APIs (IaaS, Kubernetes, Object Storage)
### Deployment Steps
1. Clone this repository:
```bash
git clone https://professional-service.git.onstackit.cloud/professional-service-best-practices/landingzone.git
cd <repo-name>
```
2. Initialize Terraform:
```bash
terraform init
```
3. Review and adjust variables if needed:
```bash
99-variables.tf
set organization id (also in project module)
touch pfsense.qcow2
```
4. Plan and apply the configuration:
```bash
terraform apply
```
---
## 🔐 Output
The deployment will output:
- VM IP addresses
- Kubernetes cluster information (kubeconfig)
- Object Storage credentials (access/secret key)
> 🔒 Make sure to store credentials securely and **never commit them** to version control.
---
## 📝 Notes
- This setup is optimized for a **test or POC environment**.
- pfSense must be manually configured after deployment. (User: admin, Passwort: STACKIT123!)
- Kubernetes workloads are not included in this deployment but can be added later.
- LVM striping (RAID0) can be used for temporary IOPS/performance improvement — but **requires attention to backups**.
---
## ⚠️ Limitations
- The infrastructure is not auto-scaled or HA-enabled by default.
- No automated DNS or certificate management is configured.
- `lan_network3` is non-routed and might require manual routing adjustments if used.
---
## 📬 Support
For issues, please create a Ticket or contact professional-service@stackit.cloud
---
**Author**: Michael Sodan
**License**: MIT

BIN
pfsense.qcow2 Normal file
View file

Binary file not shown.

18
project/00-provider.tf Normal file
View file

@ -0,0 +1,18 @@
terraform {
required_providers {
stackit = {
source = "stackitcloud/stackit"
version = ">=0.50.0"
}
}
}
# Authentication
# Key flow (using path)
provider "stackit" {
default_region = var.default_region
service_account_key_path = var.service_account_key_path
enable_beta_resources = true
}

39
project/01-sna.tf Normal file
View file

@ -0,0 +1,39 @@
/* resource "time_sleep" "wait_before_destroy" {
destroy_duration = "60s"
}
*/
resource "stackit_network_area" "sna_alpha" {
organization_id = var.organization_id
name = "sna_alpha"
network_ranges = [
{
prefix = "10.220.0.0/16"
}
]
transfer_network = "172.16.9.0/24"
//depends_on = [time_sleep.wait_before_destroy]
}
resource "stackit_network_area" "sna_beta" {
organization_id = var.organization_id
name = "sna_beta"
network_ranges = [
{
prefix = "10.230.0.0/16"
}
]
transfer_network = "172.16.10.0/24"
//depends_on = [time_sleep.wait_before_destroy]
}
/* resource "stackit_network_area_route" "sna_route1" {
organization_id = var.organization_id
network_area_id = stackit_network_area.sna_alpha.network_area_id
prefix = "10.220.99.0/24"
next_hop = "10.220.0.0"
labels = {
"key" = "value"
}
}
*/

92
project/02-project.tf Normal file
View file

@ -0,0 +1,92 @@
variable "projects_alpha" {
type = map(object({
name = string
owner_email = string
}))
default = {
project1 = {
name = "landingzone"
owner_email = "michael.sodan@stackit.cloud"
}
project2 = {
name = "core"
owner_email = "michael.sodan@stackit.cloud"
}
project3 = {
name = "backup"
owner_email = "michael.sodan@stackit.cloud"
}
project4 = {
name = "ske"
owner_email = "markus.brunsch@stackit.cloud"
}
}
}
variable "projects_beta" {
type = map(object({
name = string
owner_email = string
}))
default = {
project5 = {
name = "vpn"
owner_email = "michael.sodan@stackit.cloud"
}
project6 = {
name = "infra"
owner_email = "michael.sodan@stackit.cloud"
}
}
}
resource "stackit_resourcemanager_project" "projects_alpha" {
for_each = var.projects_alpha
parent_container_id = var.organization_id
name = each.value.name
owner_email = each.value.owner_email
labels = {
"networkArea" = stackit_network_area.sna_alpha.network_area_id
}
}
resource "stackit_resourcemanager_project" "projects_beta" {
for_each = var.projects_beta
parent_container_id = var.organization_id
name = each.value.name
owner_email = each.value.owner_email
labels = {
"networkArea" = stackit_network_area.sna_beta.network_area_id
}
}
/*
output "project_info" {
value = {
for k, project in stackit_resourcemanager_project.projects_alpha : k => {
project_id = project.project_id
container_id = project.container_id
}
}
}
*/
output "project_info" {
description = "Combined information for all alpha and beta projects."
value = merge(
{
for k, project in stackit_resourcemanager_project.projects_alpha : k => {
project_id = project.project_id
container_id = project.container_id
}
},
{
for k, project in stackit_resourcemanager_project.projects_beta : k => {
project_id = project.project_id
container_id = project.container_id
}
}
)
}

35
project/99-variables.tf Normal file
View file

@ -0,0 +1,35 @@
# -- variables
variable "organization_id" {
default = "03a34540-3c1a-4794-b2c6-7111ecf824ef"
}
variable "service_account_key_path" {
default = "/root/.stackit/credentials.json"
}
variable "default_region" {
default ="eu01"
}
variable "region_az1" {
default = "eu01-1"
}
variable "region_az2" {
default = "eu01-2"
}
variable "region_az3" {
default = "eu01-3"
}
variable "region_metro" {
default = "eu01-m"
}
variable "flavor" {
type = string
description = ""
default = "c1.2"
}