commit 745e157eda33522ddf40c8792ba16c39a631b465 Author: Michael Sodan Date: Wed Aug 20 14:57:16 2025 +0000 inital setup diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..246c5ee --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +.terraform* +terraform* diff --git a/00-provider.tf b/00-provider.tf new file mode 100644 index 0000000..20c31ea --- /dev/null +++ b/00-provider.tf @@ -0,0 +1,23 @@ + +terraform { + required_providers { + stackit = { + source = "stackitcloud/stackit" + version = ">=0.50.0" + } + } +} + +# Authentication +# Key flow (using path) + + +provider "stackit" { + default_region = var.default_region + service_account_key_path = var.service_account_key_path + enable_beta_resources = true +} + +module "project" { + source = "./project" +} diff --git a/01-network.tf b/01-network.tf new file mode 100644 index 0000000..f3dc996 --- /dev/null +++ b/01-network.tf @@ -0,0 +1,190 @@ +// ------- project 1 - landingzone ------------ +// This file defines the network setup for the first project landingzone. +resource "stackit_network" "wan_network" { + project_id = module.project.project_info["project1"].project_id + name = "wan_network" + ipv4_nameservers = ["1.1.1.1", "8.8.8.8"] + ipv4_prefix = "10.220.0.0/24" + routed = true +} + +resource "stackit_network" "lan_network1" { + project_id = module.project.project_info["project1"].project_id + name = "lan_network1" + ipv4_prefix = "10.220.1.0/24" + routed = true +} + +resource "stackit_network" "lan_network2" { + project_id = module.project.project_info["project1"].project_id + name = "lan_network2" + ipv4_prefix = "10.220.2.0/24" + routed = true +} + +resource "stackit_network" "lan_network3" { + project_id = module.project.project_info["project1"].project_id + name = "lan_network3" + ipv4_prefix = "10.220.3.0/24" + routed = false +} + +resource "stackit_network_interface" "wan" { + project_id = module.project.project_info["project1"].project_id + network_id = stackit_network.wan_network.network_id + security = false + name = "MGMT" + ipv4 = "10.220.0.254" + +} + +resource "stackit_network_interface" "lan1" { + project_id = module.project.project_info["project1"].project_id + network_id = stackit_network.lan_network1.network_id + security = false + name = "LAN1" +} + +resource "stackit_network_interface" "lan2" { + project_id = module.project.project_info["project1"].project_id + network_id = stackit_network.lan_network2.network_id + security = false + name = "LAN2" +} + +resource "stackit_network_interface" "lan3" { + project_id = module.project.project_info["project1"].project_id + network_id = stackit_network.lan_network3.network_id + security = false + name = "LAN3" +} + +# ---------- project 2 core ------------------ +// This file defines the network setup for the second project (core). + +resource "stackit_network" "p2_lan_network1" { + project_id = module.project.project_info["project2"].project_id + name = "p2_lan_network" + ipv4_prefix = "10.220.5.0/24" + routed = true +} + +resource "stackit_network_interface" "p2_lan1" { + project_id = module.project.project_info["project2"].project_id + network_id = stackit_network.p2_lan_network1.network_id + security = true + name = "P2LAN1" + security_group_ids = [ stackit_security_group.example.security_group_id ] +} +// this is for adding a second network interface to the core project (for WAN access). +/* resource "stackit_network" "p2_wan_network1" { + project_id = module.project.project_info["project2"].project_id + name = "wan" + ipv4_prefix = "10.220.6.0/24" + routed = true +} + +resource "stackit_network_interface" "p2_wan_interface1" { + project_id = module.project.project_info["project2"].project_id + network_id = stackit_network.p2_wan_network1.network_id + security = false + name = "wan_if" +} +*/ + +# ---------- project 3 backup ------------------ +// This file defines the network setup for the third project (backup). + +resource "stackit_network" "p3_lan_network1" { + project_id = module.project.project_info["project3"].project_id + name = "p3_lan_network" + ipv4_prefix = "10.220.6.0/24" + routed = true +} + +resource "stackit_network_interface" "p3_lan1" { + project_id = module.project.project_info["project3"].project_id + network_id = stackit_network.p3_lan_network1.network_id + security = false + name = "P3LAN1" + //security_group_ids = [ stackit_security_group.example.security_group_id ] +} + +// ------- project 5 - vpn ------------ +// This file defines the network setup for the fifth project (vpn). +resource "stackit_network" "wan_network_beta" { + project_id = module.project.project_info["project5"].project_id + name = "wan_network_beta" + ipv4_nameservers = ["1.1.1.1", "8.8.8.8"] + ipv4_prefix = "10.230.0.0/24" + routed = true +} + +resource "stackit_network" "lan_network_beta" { + project_id = module.project.project_info["project5"].project_id + name = "lan_network_beta" + ipv4_prefix = "10.230.1.0/24" + routed = true +} + +resource "stackit_network_interface" "wan_beta" { + project_id = module.project.project_info["project5"].project_id + network_id = stackit_network.wan_network_beta.network_id + security = false + name = "MGMT" + ipv4 = "10.230.0.254" + +} + +resource "stackit_network_interface" "lan_beta" { + project_id = module.project.project_info["project5"].project_id + network_id = stackit_network.lan_network_beta.network_id + security = false + name = "LAN1" +} + +# ---------- project 6 infra ------------------ +// This file defines the network setup for the sixth project (infra). + +resource "stackit_network" "p6_lan_network1" { + project_id = module.project.project_info["project6"].project_id + name = "p6_lan_network" + ipv4_prefix = "10.230.5.0/24" + routed = true +} + +resource "stackit_network_interface" "p6_lan1" { + project_id = module.project.project_info["project6"].project_id + network_id = stackit_network.p6_lan_network1.network_id + security = true + name = "P6LAN1" + security_group_ids = [ stackit_security_group.example_beta.security_group_id ] +} + +// ---------- public IPs ------------------ +// This file defines the public IPs for the projects. +resource "stackit_public_ip" "wan_ip" { + project_id = module.project.project_info["project1"].project_id + network_interface_id = stackit_network_interface.wan.network_interface_id +} +resource "stackit_public_ip" "wan_ip_alpha" { + project_id = module.project.project_info["project5"].project_id + network_interface_id = stackit_network_interface.wan_beta.network_interface_id +} + +// this is for adding a public IP to the second project (core) for WAN access. +/*resource "stackit_public_ip" "wan_server" { + project_id = module.project.project_info["project2"].project_id + network_interface_id = stackit_network_interface.p2_wan_interface1.network_interface_id +} +*/ + +// Output the public IPs for both projects +output "public_ips" { + value = { + "wan_ip" = stackit_public_ip.wan_ip.ip + "wan_ip_alpha" = stackit_public_ip.wan_ip_alpha.ip + //"wan_server" = stackit_public_ip.wan_server.ip + } +} + diff --git a/02-pfSense-image.tf b/02-pfSense-image.tf new file mode 100644 index 0000000..b220b54 --- /dev/null +++ b/02-pfSense-image.tf @@ -0,0 +1,47 @@ +// Local copy of the Image +resource "null_resource" "pfsense_image_file" { + triggers = { + always_run = timestamp() + + } + + provisioner "local-exec" { + command = "curl -o pfsense.qcow2 https://pfsense.object.storage.eu01.onstackit.cloud/pfsense-ce-2.7.2-amd64-10-12-2024.qcow2" + + } +} + +// Upload VPN Appliance Image to STACKIT +resource "stackit_image" "pfsense_image" { + project_id = module.project.project_info["project1"].project_id + name = "pfsense-2.7.2-amd64-image" + local_file_path = "./pfsense.qcow2" + disk_format = "qcow2" + depends_on = [null_resource.pfsense_image_file] + min_disk_size = 50 + min_ram = 4 + config = { + uefi = false + cdrom_bus = "scsi" + disk_bus = "scsi" + secure_boot = false + } +} + +// Upload VPN Appliance Image to STACKIT +resource "stackit_image" "pfsense_image_beta" { + project_id = module.project.project_info["project5"].project_id + name = "pfsense-2.7.2-amd64-image" + local_file_path = "./pfsense.qcow2" + disk_format = "qcow2" + depends_on = [null_resource.pfsense_image_file] + min_disk_size = 50 + min_ram = 4 + config = { + uefi = false + cdrom_bus = "scsi" + disk_bus = "scsi" + secure_boot = false + } +} + diff --git a/03-pfSense-appliance.tf b/03-pfSense-appliance.tf new file mode 100644 index 0000000..8117929 --- /dev/null +++ b/03-pfSense-appliance.tf @@ -0,0 +1,52 @@ +// This file is part of the STACKIT Terraform module for deploying a pfSense appliance. +resource "stackit_volume" "pfsense_vol" { + project_id = module.project.project_info["project1"].project_id + name = "pfsense-2.7.2-root" + availability_zone = var.region_az1 + size = 50 + performance_class = "storage_premium_perf4" + source = { + id = stackit_image.pfsense_image.image_id + type = "image" + } +} + +resource "stackit_server" "pfsense_appliance" { + project_id = module.project.project_info["project1"].project_id + name = "pfSense-alpha" + boot_volume = { + source_type = "volume" + source_id = stackit_volume.pfsense_vol.volume_id + } + availability_zone = var.region_az1 + machine_type = var.flavor + network_interfaces = [stackit_network_interface.wan.network_interface_id] + depends_on = [ stackit_network.wan_network ] +} + +// This file is part of the STACKIT Terraform module for deploying a pfSense appliance. +resource "stackit_volume" "pfsense_vol_beta" { + project_id = module.project.project_info["project5"].project_id + name = "pfsense-2.7.2-root" + availability_zone = var.region_az1 + size = 50 + performance_class = "storage_premium_perf4" + source = { + id = stackit_image.pfsense_image_beta.image_id + type = "image" + } +} + +resource "stackit_server" "pfsense_appliance_beta" { + project_id = module.project.project_info["project5"].project_id + name = "pfSense" + boot_volume = { + source_type = "volume" + source_id = stackit_volume.pfsense_vol_beta.volume_id + } + availability_zone = var.region_az1 + machine_type = var.flavor + network_interfaces = [stackit_network_interface.wan_beta.network_interface_id, stackit_network_interface.lan_beta.network_interface_id ] + depends_on = [ stackit_network.wan_network_beta ] +} + diff --git a/04-attachment.tf b/04-attachment.tf new file mode 100644 index 0000000..9ab4c3b --- /dev/null +++ b/04-attachment.tf @@ -0,0 +1,22 @@ + +// Attach network interfaces to the pfSense server without recreating the server +resource "stackit_server_network_interface_attach" "nic-attachment-lan1" { + project_id = module.project.project_info["project1"].project_id + server_id = stackit_server.pfsense_appliance.server_id + network_interface_id = stackit_network_interface.lan1.network_interface_id + depends_on = [ stackit_server.pfsense_appliance ] +} + +resource "stackit_server_network_interface_attach" "nic-attachment-lan2" { + project_id = module.project.project_info["project1"].project_id + server_id = stackit_server.pfsense_appliance.server_id + network_interface_id = stackit_network_interface.lan2.network_interface_id + depends_on = [ stackit_server_network_interface_attach.nic-attachment-lan1] +} + +resource "stackit_server_network_interface_attach" "nic-attachment-lan3" { + project_id = module.project.project_info["project1"].project_id + server_id = stackit_server.pfsense_appliance.server_id + network_interface_id = stackit_network_interface.lan3.network_interface_id + depends_on = [ stackit_server_network_interface_attach.nic-attachment-lan2] +} diff --git a/05-server.tf b/05-server.tf new file mode 100644 index 0000000..610a5cc --- /dev/null +++ b/05-server.tf @@ -0,0 +1,88 @@ +// create the server in the second project (core) +resource "stackit_volume" "example_vol" { + project_id = module.project.project_info["project2"].project_id + name = "example_root" + availability_zone = var.region_az1 + size = 200 + performance_class = "storage_premium_perf4" + source = { + id = data.stackit_image.debian.image_id + type = "image" + } +} + +resource "stackit_server" "dev_server" { + project_id = module.project.project_info["project2"].project_id + name = "server1" + boot_volume = { + source_type = "volume" + source_id = stackit_volume.example_vol.volume_id + } + availability_zone = var.region_az1 + machine_type = var.flavor + network_interfaces = [stackit_network_interface.p2_lan1.network_interface_id ] + keypair_name = stackit_key_pair.keypair.name + depends_on = [ stackit_network_interface.p2_lan1 ] +} + +data "stackit_image" "debian" { + project_id = module.project.project_info["project2"].project_id + image_id = "d1151962-f2cd-45e6-9c67-185c5055c7e0" // Debian 12 (Bookworm) x86_64 +} + +// create the server in the third project (backup) +resource "stackit_volume" "example_vol_p3" { + project_id = module.project.project_info["project3"].project_id + name = "root_volume" + availability_zone = var.region_az1 + size = 200 + performance_class = "storage_premium_perf4" + source = { + id = data.stackit_image.debian.image_id + type = "image" + } +} + +resource "stackit_server" "dev_server_p3" { + project_id = module.project.project_info["project3"].project_id + name = "server2" + boot_volume = { + source_type = "volume" + source_id = stackit_volume.example_vol_p3.volume_id + } + availability_zone = var.region_az1 + machine_type = var.flavor + network_interfaces = [stackit_network_interface.p3_lan1.network_interface_id ] + keypair_name = stackit_key_pair.keypair.name + depends_on = [ stackit_network_interface.p3_lan1 ] +} + + +// create the server in the sixth project (infra) +resource "stackit_volume" "example_vol_p6" { + project_id = module.project.project_info["project6"].project_id + name = "root_volume" + availability_zone = var.region_az1 + size = 200 + performance_class = "storage_premium_perf4" + source = { + id = data.stackit_image.debian.image_id + type = "image" + } +} + +resource "stackit_server" "dev_server_p6" { + project_id = module.project.project_info["project6"].project_id + name = "debian" + boot_volume = { + source_type = "volume" + source_id = stackit_volume.example_vol_p6.volume_id + } + availability_zone = var.region_az1 + machine_type = var.flavor + network_interfaces = [stackit_network_interface.p6_lan1.network_interface_id ] + keypair_name = stackit_key_pair.keypair.name + depends_on = [ stackit_network_interface.p6_lan1 ] +} + + diff --git a/06-security-group.tf b/06-security-group.tf new file mode 100644 index 0000000..1fead53 --- /dev/null +++ b/06-security-group.tf @@ -0,0 +1,101 @@ + +// Security Group and Security Group Rules +resource "stackit_security_group" "example" { + project_id = module.project.project_info["project2"].project_id + name = "test" + labels = { + "key" = "example" + } +} + +resource "stackit_security_group_rule" "icmp_ingress" { + security_group_id = stackit_security_group.example.security_group_id + project_id = module.project.project_info["project2"].project_id + direction = "ingress" + icmp_parameters = { + code = 0 + type = 8 + } + protocol = { + name = "icmp" + } +} +resource "stackit_security_group_rule" "icmp_egress" { + project_id = module.project.project_info["project2"].project_id + security_group_id = stackit_security_group.example.security_group_id + direction = "egress" + icmp_parameters = { + code = 0 + type = 8 + } + protocol = { + name = "icmp" + } +} + +resource "stackit_security_group_rule" "ssh_ingress" { + security_group_id = stackit_security_group.example.security_group_id + project_id = module.project.project_info["project2"].project_id + direction = "ingress" + + protocol = { + name = "tcp" + } + port_range = { + max = 22 + min = 22 + } +} + + + +// Security Group and Security Group Rules +resource "stackit_security_group" "example_beta" { + project_id = module.project.project_info["project6"].project_id + name = "test" + labels = { + "key" = "example" + } +} + +resource "stackit_security_group_rule" "icmp_ingress_beta" { + security_group_id = stackit_security_group.example_beta.security_group_id + project_id = module.project.project_info["project6"].project_id + direction = "ingress" + icmp_parameters = { + code = 0 + type = 8 + } + protocol = { + name = "icmp" + } +} +resource "stackit_security_group_rule" "icmp_egress_beta" { + project_id = module.project.project_info["project6"].project_id + security_group_id = stackit_security_group.example_beta.security_group_id + direction = "egress" + icmp_parameters = { + code = 0 + type = 8 + } + protocol = { + name = "icmp" + } +} + +resource "stackit_security_group_rule" "ssh_ingress_beta" { + security_group_id = stackit_security_group.example_beta.security_group_id + project_id = module.project.project_info["project6"].project_id + direction = "ingress" + + protocol = { + name = "tcp" + } + port_range = { + max = 22 + min = 22 + } +} + + + diff --git a/07-object-storage.tf b/07-object-storage.tf new file mode 100644 index 0000000..ba43883 --- /dev/null +++ b/07-object-storage.tf @@ -0,0 +1,27 @@ +resource "stackit_objectstorage_bucket" "example" { + project_id = module.project.project_info["project3"].project_id + name = "073a0ea0-9282-4ed6-8990-d5c4bff7cc3f" +} + +resource "stackit_objectstorage_credentials_group" "example" { + project_id = module.project.project_info["project3"].project_id + name = "example-credentials-group" + depends_on = [ stackit_objectstorage_bucket.example ] +} + +resource "stackit_objectstorage_credential" "example" { + project_id = module.project.project_info["project3"].project_id + credentials_group_id = stackit_objectstorage_credentials_group.example.credentials_group_id + expiration_timestamp = "2028-01-02T03:04:05Z" + depends_on = [ stackit_objectstorage_credentials_group.example ] +} + +// Output the credentials for the object storage +output "credentials" { + value = { + "access_key" = stackit_objectstorage_credential.example.access_key + "credential_id" = stackit_objectstorage_credential.example.credential_id + "secret_access_key" = stackit_objectstorage_credential.example.secret_access_key + } + sensitive = true +} diff --git a/08-ske.tf b/08-ske.tf new file mode 100644 index 0000000..df82afc --- /dev/null +++ b/08-ske.tf @@ -0,0 +1,42 @@ +resource "stackit_ske_cluster" "demo-cluster" { + project_id = module.project.project_info["project4"].project_id + name = "demo-clustr" + node_pools = [ + { + name = "np" + machine_type = "g1.4" + minimum = "2" + maximum = "3" + volume_size = "64" + volume_type = "storage_premium_perf4" + availability_zones = ["eu01-3", "eu01-1"] + } + ] + maintenance = { + enable_kubernetes_version_updates = true + enable_machine_image_version_updates = true + start = "01:00:00Z" + end = "02:00:00Z" + } + network = { + id = stackit_network.ske_network.network_id + } + extensions = { + acl = { + enabled = true + allowed_cidrs = ["0.0.0.0/0"] + } + } +} + +output "ske-egress-ip" { + value = stackit_ske_cluster.demo-cluster.egress_address_ranges +} + +resource "stackit_network" "ske_network" { + project_id = module.project.project_info["project4"].project_id + name = "ske_network" + ipv4_nameservers = ["1.1.1.1", "9.9.9.9"] + ipv4_prefix = "10.220.10.0/24" +} + diff --git a/80-keypair.tf b/80-keypair.tf new file mode 100644 index 0000000..947a3fb --- /dev/null +++ b/80-keypair.tf @@ -0,0 +1,6 @@ +// keypair adding to the server +resource "stackit_key_pair" "keypair" { + name = "073a0ea0-9282-4ed6-8990-d5c4bff7cc3f" + public_key = chomp(file("/root/.ssh/id_ed25519.pub")) +} + diff --git a/99-variables.tf b/99-variables.tf new file mode 100644 index 0000000..c2cb911 --- /dev/null +++ b/99-variables.tf @@ -0,0 +1,35 @@ +# -- variables +variable "organization_id" { + default = "03a34540-3c1a-4794-b2c6-7111ecf824ef" +} + +variable "service_account_key_path" { + default = "/root/.stackit/credentials.json" +} + +variable "default_region" { + default ="eu01" +} + +variable "region_az1" { + default = "eu01-1" +} + +variable "region_az2" { + default = "eu01-2" +} + +variable "region_az3" { + default = "eu01-3" +} + +variable "region_metro" { + default = "eu01-m" +} + +variable "flavor" { + type = string + description = "" + default = "m1.2" +} + diff --git a/README.md b/README.md new file mode 100644 index 0000000..2992813 --- /dev/null +++ b/README.md @@ -0,0 +1,111 @@ +# 🌐 Infrastructure Deployment: Landing Zone, Core, Backup and SKE + +This repository contains Terraform code to deploy the following infrastructure projects: + +--- + +## 📦 Projects Overview + +### 1. **Landing Zone** +- Deploys a single **pfSense VM** as the central firewall/router. +- Acts as the entry point for the environment. +- Configures **WAN and multiple LAN networks**: + - `wan_network`: `10.220.0.0/24` + - `lan_network1`: `10.220.1.0/24` + - `lan_network2`: `10.220.2.0/24` + - `lan_network3`: `10.220.3.0/24` (non-routed) +- Interfaces: + - WAN interface with static IP `10.220.0.254` + - LAN1–3 interfaces, each connected to corresponding networks + +### 2. **Core** +- Deploys a single **Virtual Machine** (VM) for core services or testing purposes. +- Network setup includes: + - `p2_lan_network`: `10.220.5.0/24` (routed) + - `p2_wan_network`: `10.220.6.0/24` (routed) +- Interfaces: + - LAN interface with attached security group + - WAN interface without additional security + +### 3. **Backup** +- Used for backup and disaster recovery scenarios. +- Creates an **Object Storage Bucket**. +- Relevant **access credentials** are provisioned for use with other services. + +### 4. **SKE** +- Deploys a managed **SKE (STACKIT Kubernetes Engine)** cluster. + - `ske_network`: `10.220.10.0/24` + + +--- + +## 🚀 Getting Started + +### Prerequisites +- Terraform ≥ 1.3 +- Valid STACKIT credentials +- Access to STACKIT APIs (IaaS, Kubernetes, Object Storage) + +### Deployment Steps + +1. Clone this repository: + ```bash + git clone https://professional-service.git.onstackit.cloud/professional-service-best-practices/landingzone.git + cd + ``` + +2. Initialize Terraform: + ```bash + terraform init + ``` + +3. Review and adjust variables if needed: + ```bash + 99-variables.tf + set organization id (also in project module) + touch pfsense.qcow2 + ``` + +4. Plan and apply the configuration: + ```bash + terraform apply + ``` + +--- + +## 🔐 Output + +The deployment will output: +- VM IP addresses +- Kubernetes cluster information (kubeconfig) +- Object Storage credentials (access/secret key) + +> 🔒 Make sure to store credentials securely and **never commit them** to version control. + +--- + +## 📝 Notes + +- This setup is optimized for a **test or POC environment**. +- pfSense must be manually configured after deployment. (User: admin, Passwort: STACKIT123!) +- Kubernetes workloads are not included in this deployment but can be added later. +- LVM striping (RAID0) can be used for temporary IOPS/performance improvement — but **requires attention to backups**. + +--- + +## ⚠️ Limitations + +- The infrastructure is not auto-scaled or HA-enabled by default. +- No automated DNS or certificate management is configured. +- `lan_network3` is non-routed and might require manual routing adjustments if used. + +--- + +## 📬 Support + +For issues, please create a Ticket or contact professional-service@stackit.cloud + +--- + +**Author**: Michael Sodan +**License**: MIT diff --git a/pfsense.qcow2 b/pfsense.qcow2 new file mode 100644 index 0000000..c45ad6e Binary files /dev/null and b/pfsense.qcow2 differ diff --git a/project/00-provider.tf b/project/00-provider.tf new file mode 100644 index 0000000..c4d763b --- /dev/null +++ b/project/00-provider.tf @@ -0,0 +1,18 @@ + +terraform { + required_providers { + stackit = { + source = "stackitcloud/stackit" + version = ">=0.50.0" + } + } +} + +# Authentication +# Key flow (using path) + +provider "stackit" { + default_region = var.default_region + service_account_key_path = var.service_account_key_path + enable_beta_resources = true +} diff --git a/project/01-sna.tf b/project/01-sna.tf new file mode 100644 index 0000000..6ed79ee --- /dev/null +++ b/project/01-sna.tf @@ -0,0 +1,39 @@ +/* resource "time_sleep" "wait_before_destroy" { + destroy_duration = "60s" +} +*/ + +resource "stackit_network_area" "sna_alpha" { + organization_id = var.organization_id + name = "sna_alpha" + network_ranges = [ + { + prefix = "10.220.0.0/16" + } + ] + transfer_network = "172.16.9.0/24" + //depends_on = [time_sleep.wait_before_destroy] +} + +resource "stackit_network_area" "sna_beta" { + organization_id = var.organization_id + name = "sna_beta" + network_ranges = [ + { + prefix = "10.230.0.0/16" + } + ] + transfer_network = "172.16.10.0/24" + //depends_on = [time_sleep.wait_before_destroy] +} + +/* resource "stackit_network_area_route" "sna_route1" { + organization_id = var.organization_id + network_area_id = stackit_network_area.sna_alpha.network_area_id + prefix = "10.220.99.0/24" + next_hop = "10.220.0.0" + labels = { + "key" = "value" + } +} +*/ diff --git a/project/02-project.tf b/project/02-project.tf new file mode 100644 index 0000000..85e7133 --- /dev/null +++ b/project/02-project.tf @@ -0,0 +1,92 @@ + + +variable "projects_alpha" { + type = map(object({ + name = string + owner_email = string + })) + default = { + project1 = { + name = "landingzone" + owner_email = "michael.sodan@stackit.cloud" + } + project2 = { + name = "core" + owner_email = "michael.sodan@stackit.cloud" + } + project3 = { + name = "backup" + owner_email = "michael.sodan@stackit.cloud" + } + project4 = { + name = "ske" + owner_email = "markus.brunsch@stackit.cloud" + } + } +} + +variable "projects_beta" { + type = map(object({ + name = string + owner_email = string + })) + default = { + project5 = { + name = "vpn" + owner_email = "michael.sodan@stackit.cloud" + } + project6 = { + name = "infra" + owner_email = "michael.sodan@stackit.cloud" + } + } +} + +resource "stackit_resourcemanager_project" "projects_alpha" { + for_each = var.projects_alpha + parent_container_id = var.organization_id + name = each.value.name + owner_email = each.value.owner_email + labels = { + "networkArea" = stackit_network_area.sna_alpha.network_area_id + } +} + +resource "stackit_resourcemanager_project" "projects_beta" { + for_each = var.projects_beta + parent_container_id = var.organization_id + name = each.value.name + owner_email = each.value.owner_email + labels = { + "networkArea" = stackit_network_area.sna_beta.network_area_id + } +} + +/* +output "project_info" { + value = { + for k, project in stackit_resourcemanager_project.projects_alpha : k => { + project_id = project.project_id + container_id = project.container_id + } + } +} +*/ + +output "project_info" { + description = "Combined information for all alpha and beta projects." + value = merge( + { + for k, project in stackit_resourcemanager_project.projects_alpha : k => { + project_id = project.project_id + container_id = project.container_id + } + }, + { + for k, project in stackit_resourcemanager_project.projects_beta : k => { + project_id = project.project_id + container_id = project.container_id + } + } + ) +} diff --git a/project/99-variables.tf b/project/99-variables.tf new file mode 100644 index 0000000..b8acc4f --- /dev/null +++ b/project/99-variables.tf @@ -0,0 +1,35 @@ +# -- variables +variable "organization_id" { + default = "03a34540-3c1a-4794-b2c6-7111ecf824ef" +} + +variable "service_account_key_path" { + default = "/root/.stackit/credentials.json" +} + +variable "default_region" { + default ="eu01" +} + +variable "region_az1" { + default = "eu01-1" +} + +variable "region_az2" { + default = "eu01-2" +} + +variable "region_az3" { + default = "eu01-3" +} + +variable "region_metro" { + default = "eu01-m" +} + +variable "flavor" { + type = string + description = "" + default = "c1.2" +} +