professional-service-best-practices/landingzone_ipsec
14
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: professional-service-best-practices:minor-improvements
Branches Tags
professional-service-best-practices:main
professional-service-best-practices:minor-improvements
..
compare: professional-service-best-practices:main
Branches Tags
professional-service-best-practices:minor-improvements
professional-service-best-practices:main

No commits in common. "minor-improvements" and "main" have entirely different histories.
minor-impr ... main

18 changed files with 195 additions and 200 deletions
Show stats Expand all files Collapse all files

2
.gitignore vendored
View file

@ -1,5 +1,3 @@
.terraform* .terraform*
terraform* terraform*
*.qcow2 *.qcow2
*.tfvars
.idea

4
00-provider.tf
View file

@ -17,3 +17,7 @@ provider "stackit" {
service_account_key_path = var.service_account_key_path service_account_key_path = var.service_account_key_path
enable_beta_resources = true enable_beta_resources = true
} }
module "project" {
source = "./project"
}

141
01-network.tf
View file

@ -1,162 +1,163 @@
/* ------- project 1 - landingzone ------------ */ /* ------- project 1 - landingzone ------------ */
resource "stackit_network" "landingzone_wan" { resource "stackit_network" "wan_network" {
project_id = module.project.project_info["landingzone"].project_id project_id = module.project.project_info["project1"].project_id
name = "landingzone_wan" name = "wan_network"
ipv4_nameservers = ["1.1.1.1", "8.8.8.8"] ipv4_nameservers = ["1.1.1.1", "8.8.8.8"]
ipv4_prefix = "10.220.0.0/24" ipv4_prefix = "10.220.0.0/24"
routed = true routed = true
} }
resource "stackit_network" "landingzone_lan" { resource "stackit_network" "lan_network1" {
project_id = module.project.project_info["landingzone"].project_id project_id = module.project.project_info["project1"].project_id
name = "landingzone_lan" name = "lan_network1"
ipv4_prefix = "10.220.1.0/24" ipv4_prefix = "10.220.1.0/24"
routed = true routed = true
} }
resource "stackit_network_interface" "landingzone_wan" { resource "stackit_network_interface" "wan" {
project_id = module.project.project_info["landingzone"].project_id project_id = module.project.project_info["project1"].project_id
network_id = stackit_network.landingzone_wan.network_id network_id = stackit_network.wan_network.network_id
security = false security = false
name = "MGMT" name = "MGMT"
ipv4 = "10.220.0.254" ipv4 = "10.220.0.254"
} }
resource "stackit_network_interface" "landingzone_lan" { resource "stackit_network_interface" "lan1" {
project_id = module.project.project_info["landingzone"].project_id project_id = module.project.project_info["project1"].project_id
network_id = stackit_network.landingzone_lan.network_id network_id = stackit_network.lan_network1.network_id
security = false security = false
name = "LAN1" name = "LAN1"
} }
/* ---------- project 2 core ------------------ */ /* ---------- project 2 core ------------------ */
resource "stackit_network" "core_lan" { resource "stackit_network" "p2_lan_network1" {
project_id = module.project.project_info["core"].project_id project_id = module.project.project_info["project2"].project_id
name = "core_lan" name = "p2_lan_network"
ipv4_prefix = "10.220.5.0/24" ipv4_prefix = "10.220.5.0/24"
routed = true routed = true
} }
resource "stackit_network_interface" "core_lan" { resource "stackit_network_interface" "p2_lan1" {
project_id = module.project.project_info["core"].project_id project_id = module.project.project_info["project2"].project_id
network_id = stackit_network.core_lan.network_id network_id = stackit_network.p2_lan_network1.network_id
security = false security = false
name = "CORELAN" name = "P2LAN1"
//security_group_ids = [ stackit_security_group.example.security_group_id ] //security_group_ids = [ stackit_security_group.example.security_group_id ]
} }
/* this is for adding a second network interface to the core project (for WAN access).*/ /* this is for adding a second network interface to the core project (for WAN access).
resource "stackit_network" "core_wan" { resource "stackit_network" "p2_wan_network1" {
project_id = module.project.project_info["core"].project_id project_id = module.project.project_info["project2"].project_id
name = "core_wan" name = "wan"
ipv4_prefix = "10.220.50.0/24" ipv4_prefix = "10.220.50.0/24"
routed = true routed = true
} }
resource "stackit_network_interface" "core_wan" { resource "stackit_network_interface" "p2_wan_interface1" {
project_id = module.project.project_info["core"].project_id project_id = module.project.project_info["project2"].project_id
network_id = stackit_network.core_wan.network_id network_id = stackit_network.p2_wan_network1.network_id
security = false security = false
name = "core_wan_if" name = "wan_if"
} }
/**/ */
/* ---------- project 3 backup ------------------ */ /* ---------- project 3 backup ------------------ */
resource "stackit_network" "backup_lan" { resource "stackit_network" "p3_lan_network1" {
project_id = module.project.project_info["backup"].project_id project_id = module.project.project_info["project3"].project_id
name = "backup_lan" name = "p3_lan_network"
ipv4_prefix = "10.220.6.0/24" ipv4_prefix = "10.220.6.0/24"
routed = true routed = true
} }
resource "stackit_network_interface" "backup_lan" { resource "stackit_network_interface" "p3_lan1" {
project_id = module.project.project_info["backup"].project_id project_id = module.project.project_info["project3"].project_id
network_id = stackit_network.backup_lan.network_id network_id = stackit_network.p3_lan_network1.network_id
security = false security = false
name = "BACKUPLAN" name = "P3LAN1"
//security_group_ids = [ stackit_security_group.example.security_group_id ] //security_group_ids = [ stackit_security_group.example.security_group_id ]
} }
/* project 4 for SKE, so no configuration necessary here */ /* project 4 for SKE, so no configuration necessary here */
/* ------- project 5 - vpn ------------ */ /* ------- project 5 - vpn ------------ */
resource "stackit_network" "vpn_wan" { resource "stackit_network" "wan_network_beta" {
project_id = module.project.project_info["vpn"].project_id project_id = module.project.project_info["project5"].project_id
name = "vpn_wan" name = "wan_network_beta"
ipv4_nameservers = ["1.1.1.1", "8.8.8.8"] ipv4_nameservers = ["1.1.1.1", "8.8.8.8"]
ipv4_prefix = "10.230.0.0/24" ipv4_prefix = "10.230.0.0/24"
routed = true routed = true
} }
resource "stackit_network" "vpn_lan" { resource "stackit_network" "lan_network_beta" {
project_id = module.project.project_info["vpn"].project_id project_id = module.project.project_info["project5"].project_id
name = "vpn_lan" name = "lan_network_beta"
ipv4_prefix = "10.230.1.0/24" ipv4_prefix = "10.230.1.0/24"
routed = true routed = true
} }
resource "stackit_network_interface" "vpn_wan" { resource "stackit_network_interface" "wan_beta" {
project_id = module.project.project_info["vpn"].project_id project_id = module.project.project_info["project5"].project_id
network_id = stackit_network.vpn_wan.network_id network_id = stackit_network.wan_network_beta.network_id
security = false security = false
name = "MGMT" name = "MGMT"
ipv4 = "10.230.0.254" ipv4 = "10.230.0.254"
} }
resource "stackit_network_interface" "vpn_lan" { resource "stackit_network_interface" "lan_beta" {
project_id = module.project.project_info["vpn"].project_id project_id = module.project.project_info["project5"].project_id
network_id = stackit_network.vpn_lan.network_id network_id = stackit_network.lan_network_beta.network_id
security = false security = false
name = "VPNLAN" name = "LAN1"
} }
/* ---------- project 6 infra ------------------ */ /* ---------- project 6 infra ------------------ */
resource "stackit_network" "infra_lan" { resource "stackit_network" "p6_lan_network1" {
project_id = module.project.project_info["infra"].project_id project_id = module.project.project_info["project6"].project_id
name = "infra_lan" name = "p6_lan_network"
ipv4_prefix = "10.230.5.0/24" ipv4_prefix = "10.230.5.0/24"
routed = true routed = true
} }
resource "stackit_network_interface" "infra_lan" { resource "stackit_network_interface" "p6_lan1" {
project_id = module.project.project_info["infra"].project_id project_id = module.project.project_info["project6"].project_id
network_id = stackit_network.infra_lan.network_id network_id = stackit_network.p6_lan_network1.network_id
security = false security = false
name = "INFRALAN" name = "P6LAN1"
//security_group_ids = [ stackit_security_group.example_beta.security_group_id ] //security_group_ids = [ stackit_security_group.example_beta.security_group_id ]
} }
/* ---------- public IP configuration------------- */ /* ---------- public IP configuration------------- */
resource "stackit_public_ip" "landingzone_wan" { resource "stackit_public_ip" "wan_ip" {
project_id = module.project.project_info["landingzone"].project_id project_id = module.project.project_info["project1"].project_id
network_interface_id = stackit_network_interface.landingzone_wan.network_interface_id network_interface_id = stackit_network_interface.wan.network_interface_id
} }
resource "stackit_public_ip" "vpn_wan" { resource "stackit_public_ip" "wan_ip_beta" {
project_id = module.project.project_info["vpn"].project_id project_id = module.project.project_info["project5"].project_id
network_interface_id = stackit_network_interface.vpn_wan.network_interface_id network_interface_id = stackit_network_interface.wan_beta.network_interface_id
} }
/* this is for adding a public IP to the second project (core) for WAN access. */ */ this is for adding a public IP to the second project (core) for WAN access.
resource "stackit_public_ip" "core_wan" { resource "stackit_public_ip" "wan_server" {
project_id = module.project.project_info["core"].project_id project_id = module.project.project_info["project2"].project_id
network_interface_id = stackit_network_interface.core_wan.network_interface_id network_interface_id = stackit_network_interface.p2_wan_interface1.network_interface_id
} }
*/
/* Output the public IPs for both projects */ /* Output the public IPs for both projects */
output "public_ips" { output "public_ips" {
value = { value = {
"pfsense-alpha" = stackit_public_ip.landingzone_wan.ip "pfsense-alpha" = stackit_public_ip.wan_ip.ip
"pfsense-beta" = stackit_public_ip.vpn_wan.ip "pfsense-beta" = stackit_public_ip.wan_ip_beta.ip
"wan_server" = stackit_public_ip.core_wan.ip //"wan_server" = stackit_public_ip.wan_server.ip
} }
} }
output "private_ips" { output "private_ips" {
value = { value = {
"linux-alpha" = stackit_network_interface.core_lan.ipv4 "linux-alpha" = stackit_network_interface.p2_lan1.ipv4
"linux-beta" = stackit_network_interface.infra_lan.ipv4 "linux-beta" = stackit_network_interface.p6_lan1.ipv4
} }
} }

4
02-pfSense-image.tf
View file

@ -13,7 +13,7 @@ resource "null_resource" "pfsense_image_file" {
// Upload VPN Appliance Image to STACKIT // Upload VPN Appliance Image to STACKIT
resource "stackit_image" "pfsense_image" { resource "stackit_image" "pfsense_image" {
project_id = module.project.project_info["landingzone"].project_id project_id = module.project.project_info["project1"].project_id
name = "pfsense-2.7.2-amd64-image" name = "pfsense-2.7.2-amd64-image"
local_file_path = "./pfsense.qcow2" local_file_path = "./pfsense.qcow2"
disk_format = "qcow2" disk_format = "qcow2"
@ -34,7 +34,7 @@ resource "stackit_image" "pfsense_image" {
// Upload VPN Appliance Image to STACKIT // Upload VPN Appliance Image to STACKIT
resource "stackit_image" "pfsense_image_beta" { resource "stackit_image" "pfsense_image_beta" {
project_id = module.project.project_info["vpn"].project_id project_id = module.project.project_info["project5"].project_id
name = "pfsense-2.7.2-amd64-image" name = "pfsense-2.7.2-amd64-image"
local_file_path = "./pfsense.qcow2" local_file_path = "./pfsense.qcow2"
disk_format = "qcow2" disk_format = "qcow2"

16
03-pfSense-appliance.tf
View file

@ -1,6 +1,6 @@
// This file is part of the STACKIT Terraform module for deploying a pfSense appliance. // This file is part of the STACKIT Terraform module for deploying a pfSense appliance.
resource "stackit_volume" "pfsense_vol" { resource "stackit_volume" "pfsense_vol" {
project_id = module.project.project_info["landingzone"].project_id project_id = module.project.project_info["project1"].project_id
name = "pfsense-2.7.2-root" name = "pfsense-2.7.2-root"
availability_zone = var.region_az1 availability_zone = var.region_az1
size = 50 size = 50
@ -12,7 +12,7 @@ resource "stackit_volume" "pfsense_vol" {
} }
resource "stackit_server" "pfsense_appliance" { resource "stackit_server" "pfsense_appliance" {
project_id = module.project.project_info["landingzone"].project_id project_id = module.project.project_info["project1"].project_id
name = "pfSense-alpha" name = "pfSense-alpha"
boot_volume = { boot_volume = {
source_type = "volume" source_type = "volume"
@ -20,13 +20,13 @@ resource "stackit_server" "pfsense_appliance" {
} }
availability_zone = var.region_az1 availability_zone = var.region_az1
machine_type = var.flavor machine_type = var.flavor
network_interfaces = [stackit_network_interface.landingzone_wan.network_interface_id] network_interfaces = [stackit_network_interface.wan.network_interface_id]
depends_on = [ stackit_network.landingzone_wan ] depends_on = [ stackit_network.wan_network ]
} }
// This file is part of the STACKIT Terraform module for deploying a pfSense appliance. // This file is part of the STACKIT Terraform module for deploying a pfSense appliance.
resource "stackit_volume" "pfsense_vol_beta" { resource "stackit_volume" "pfsense_vol_beta" {
project_id = module.project.project_info["vpn"].project_id project_id = module.project.project_info["project5"].project_id
name = "pfsense-2.7.2-root" name = "pfsense-2.7.2-root"
availability_zone = var.region_az1 availability_zone = var.region_az1
size = 50 size = 50
@ -38,7 +38,7 @@ resource "stackit_volume" "pfsense_vol_beta" {
} }
resource "stackit_server" "pfsense_appliance_beta" { resource "stackit_server" "pfsense_appliance_beta" {
project_id = module.project.project_info["vpn"].project_id project_id = module.project.project_info["project5"].project_id
name = "pfSense-beta" name = "pfSense-beta"
boot_volume = { boot_volume = {
source_type = "volume" source_type = "volume"
@ -46,7 +46,7 @@ resource "stackit_server" "pfsense_appliance_beta" {
} }
availability_zone = var.region_az1 availability_zone = var.region_az1
machine_type = var.flavor machine_type = var.flavor
network_interfaces = [stackit_network_interface.vpn_wan.network_interface_id, stackit_network_interface.vpn_lan.network_interface_id ] network_interfaces = [stackit_network_interface.wan_beta.network_interface_id, stackit_network_interface.lan_beta.network_interface_id ]
depends_on = [ stackit_network.vpn_wan ] depends_on = [ stackit_network.wan_network_beta ]
} }

4
04-attachment.tf
View file

@ -1,9 +1,9 @@
// Attach network interfaces to the pfSense server without recreating the server // Attach network interfaces to the pfSense server without recreating the server
resource "stackit_server_network_interface_attach" "nic-attachment-lan1" { resource "stackit_server_network_interface_attach" "nic-attachment-lan1" {
project_id = module.project.project_info["landingzone"].project_id project_id = module.project.project_info["project1"].project_id
server_id = stackit_server.pfsense_appliance.server_id server_id = stackit_server.pfsense_appliance.server_id
network_interface_id = stackit_network_interface.landingzone_lan.network_interface_id network_interface_id = stackit_network_interface.lan1.network_interface_id
depends_on = [ stackit_server.pfsense_appliance ] depends_on = [ stackit_server.pfsense_appliance ]
} }

26
05-server.tf
View file

@ -1,6 +1,6 @@
// create the server in the second project (core) // create the server in the second project (core)
resource "stackit_volume" "example_vol" { resource "stackit_volume" "example_vol" {
project_id = module.project.project_info["core"].project_id project_id = module.project.project_info["project2"].project_id
name = "example_root" name = "example_root"
availability_zone = var.region_az1 availability_zone = var.region_az1
size = 200 size = 200
@ -12,7 +12,7 @@ resource "stackit_volume" "example_vol" {
} }
resource "stackit_server" "dev_server" { resource "stackit_server" "dev_server" {
project_id = module.project.project_info["core"].project_id project_id = module.project.project_info["project2"].project_id
name = "linux-alpha" name = "linux-alpha"
boot_volume = { boot_volume = {
source_type = "volume" source_type = "volume"
@ -20,19 +20,19 @@ resource "stackit_server" "dev_server" {
} }
availability_zone = var.region_az1 availability_zone = var.region_az1
machine_type = var.flavor machine_type = var.flavor
network_interfaces = [stackit_network_interface.core_lan.network_interface_id ] network_interfaces = [stackit_network_interface.p2_lan1.network_interface_id ]
keypair_name = stackit_key_pair.keypair.name keypair_name = stackit_key_pair.keypair.name
depends_on = [ stackit_network_interface.core_lan ] depends_on = [ stackit_network_interface.p2_lan1 ]
} }
data "stackit_image" "debian" { data "stackit_image" "debian" {
project_id = module.project.project_info["core"].project_id project_id = module.project.project_info["project2"].project_id
image_id = "d1151962-f2cd-45e6-9c67-185c5055c7e0" // Debian 12 (Bookworm) x86_64 image_id = "d1151962-f2cd-45e6-9c67-185c5055c7e0" // Debian 12 (Bookworm) x86_64
} }
// create the server in the third project (backup) // create the server in the third project (backup)
resource "stackit_volume" "example_vol_p3" { resource "stackit_volume" "example_vol_p3" {
project_id = module.project.project_info["backup"].project_id project_id = module.project.project_info["project3"].project_id
name = "root_volume" name = "root_volume"
availability_zone = var.region_az1 availability_zone = var.region_az1
size = 200 size = 200
@ -44,7 +44,7 @@ resource "stackit_volume" "example_vol_p3" {
} }
resource "stackit_server" "dev_server_p3" { resource "stackit_server" "dev_server_p3" {
project_id = module.project.project_info["backup"].project_id project_id = module.project.project_info["project3"].project_id
name = "server2" name = "server2"
boot_volume = { boot_volume = {
source_type = "volume" source_type = "volume"
@ -52,15 +52,15 @@ resource "stackit_server" "dev_server_p3" {
} }
availability_zone = var.region_az1 availability_zone = var.region_az1
machine_type = var.flavor machine_type = var.flavor
network_interfaces = [stackit_network_interface.backup_lan.network_interface_id ] network_interfaces = [stackit_network_interface.p3_lan1.network_interface_id ]
keypair_name = stackit_key_pair.keypair.name keypair_name = stackit_key_pair.keypair.name
depends_on = [ stackit_network_interface.backup_lan ] depends_on = [ stackit_network_interface.p3_lan1 ]
} }
// create the server in the sixth project (infra) // create the server in the sixth project (infra)
resource "stackit_volume" "example_vol_p6" { resource "stackit_volume" "example_vol_p6" {
project_id = module.project.project_info["infra"].project_id project_id = module.project.project_info["project6"].project_id
name = "root_volume" name = "root_volume"
availability_zone = var.region_az1 availability_zone = var.region_az1
size = 200 size = 200
@ -72,7 +72,7 @@ resource "stackit_volume" "example_vol_p6" {
} }
resource "stackit_server" "dev_server_p6" { resource "stackit_server" "dev_server_p6" {
project_id = module.project.project_info["infra"].project_id project_id = module.project.project_info["project6"].project_id
name = "linux-beta" name = "linux-beta"
boot_volume = { boot_volume = {
source_type = "volume" source_type = "volume"
@ -80,9 +80,9 @@ resource "stackit_server" "dev_server_p6" {
} }
availability_zone = var.region_az1 availability_zone = var.region_az1
machine_type = var.flavor machine_type = var.flavor
network_interfaces = [stackit_network_interface.infra_lan.network_interface_id ] network_interfaces = [stackit_network_interface.p6_lan1.network_interface_id ]
keypair_name = stackit_key_pair.keypair.name keypair_name = stackit_key_pair.keypair.name
depends_on = [ stackit_network_interface.infra_lan ] depends_on = [ stackit_network_interface.p6_lan1 ]
} }

16
06-security-group.tf
View file

@ -1,7 +1,7 @@
// Security Group and Security Group Rules // Security Group and Security Group Rules
resource "stackit_security_group" "example" { resource "stackit_security_group" "example" {
project_id = module.project.project_info["core"].project_id project_id = module.project.project_info["project2"].project_id
name = "test" name = "test"
labels = { labels = {
"key" = "example" "key" = "example"
@ -10,7 +10,7 @@ resource "stackit_security_group" "example" {
resource "stackit_security_group_rule" "icmp_ingress" { resource "stackit_security_group_rule" "icmp_ingress" {
security_group_id = stackit_security_group.example.security_group_id security_group_id = stackit_security_group.example.security_group_id
project_id = module.project.project_info["core"].project_id project_id = module.project.project_info["project2"].project_id
direction = "ingress" direction = "ingress"
icmp_parameters = { icmp_parameters = {
code = 0 code = 0
@ -21,7 +21,7 @@ resource "stackit_security_group_rule" "icmp_ingress" {
} }
} }
resource "stackit_security_group_rule" "icmp_egress" { resource "stackit_security_group_rule" "icmp_egress" {
project_id = module.project.project_info["core"].project_id project_id = module.project.project_info["project2"].project_id
security_group_id = stackit_security_group.example.security_group_id security_group_id = stackit_security_group.example.security_group_id
direction = "egress" direction = "egress"
icmp_parameters = { icmp_parameters = {
@ -35,7 +35,7 @@ resource "stackit_security_group_rule" "icmp_egress" {
resource "stackit_security_group_rule" "ssh_ingress" { resource "stackit_security_group_rule" "ssh_ingress" {
security_group_id = stackit_security_group.example.security_group_id security_group_id = stackit_security_group.example.security_group_id
project_id = module.project.project_info["core"].project_id project_id = module.project.project_info["project2"].project_id
direction = "ingress" direction = "ingress"
protocol = { protocol = {
@ -51,7 +51,7 @@ resource "stackit_security_group_rule" "ssh_ingress" {
// Security Group and Security Group Rules // Security Group and Security Group Rules
resource "stackit_security_group" "example_beta" { resource "stackit_security_group" "example_beta" {
project_id = module.project.project_info["infra"].project_id project_id = module.project.project_info["project6"].project_id
name = "test" name = "test"
labels = { labels = {
"key" = "example" "key" = "example"
@ -60,7 +60,7 @@ resource "stackit_security_group" "example_beta" {
resource "stackit_security_group_rule" "icmp_ingress_beta" { resource "stackit_security_group_rule" "icmp_ingress_beta" {
security_group_id = stackit_security_group.example_beta.security_group_id security_group_id = stackit_security_group.example_beta.security_group_id
project_id = module.project.project_info["infra"].project_id project_id = module.project.project_info["project6"].project_id
direction = "ingress" direction = "ingress"
icmp_parameters = { icmp_parameters = {
code = 0 code = 0
@ -71,7 +71,7 @@ resource "stackit_security_group_rule" "icmp_ingress_beta" {
} }
} }
resource "stackit_security_group_rule" "icmp_egress_beta" { resource "stackit_security_group_rule" "icmp_egress_beta" {
project_id = module.project.project_info["infra"].project_id project_id = module.project.project_info["project6"].project_id
security_group_id = stackit_security_group.example_beta.security_group_id security_group_id = stackit_security_group.example_beta.security_group_id
direction = "egress" direction = "egress"
icmp_parameters = { icmp_parameters = {
@ -85,7 +85,7 @@ resource "stackit_security_group_rule" "icmp_egress_beta" {
resource "stackit_security_group_rule" "ssh_ingress_beta" { resource "stackit_security_group_rule" "ssh_ingress_beta" {
security_group_id = stackit_security_group.example_beta.security_group_id security_group_id = stackit_security_group.example_beta.security_group_id
project_id = module.project.project_info["infra"].project_id project_id = module.project.project_info["project6"].project_id
direction = "ingress" direction = "ingress"
protocol = { protocol = {

6
07-object-storage.tf
View file

@ -1,16 +1,16 @@
resource "stackit_objectstorage_bucket" "example" { resource "stackit_objectstorage_bucket" "example" {
project_id = module.project.project_info["backup"].project_id project_id = module.project.project_info["project3"].project_id
name = "073a0ea0-9282-4ed6-8990-d5c4bff7cc3f" name = "073a0ea0-9282-4ed6-8990-d5c4bff7cc3f"
} }
resource "stackit_objectstorage_credentials_group" "example" { resource "stackit_objectstorage_credentials_group" "example" {
project_id = module.project.project_info["backup"].project_id project_id = module.project.project_info["project3"].project_id
name = "example-credentials-group" name = "example-credentials-group"
depends_on = [ stackit_objectstorage_bucket.example ] depends_on = [ stackit_objectstorage_bucket.example ]
} }
resource "stackit_objectstorage_credential" "example" { resource "stackit_objectstorage_credential" "example" {
project_id = module.project.project_info["backup"].project_id project_id = module.project.project_info["project3"].project_id
credentials_group_id = stackit_objectstorage_credentials_group.example.credentials_group_id credentials_group_id = stackit_objectstorage_credentials_group.example.credentials_group_id
expiration_timestamp = "2028-01-02T03:04:05Z" expiration_timestamp = "2028-01-02T03:04:05Z"
depends_on = [ stackit_objectstorage_credentials_group.example ] depends_on = [ stackit_objectstorage_credentials_group.example ]

4
08-ske.tf
View file

@ -1,5 +1,5 @@
resource "stackit_ske_cluster" "demo-cluster" { resource "stackit_ske_cluster" "demo-cluster" {
project_id = module.project.project_info["ske"].project_id project_id = module.project.project_info["project4"].project_id
name = "demo-clustr" name = "demo-clustr"
node_pools = [ node_pools = [
{ {
@ -34,7 +34,7 @@ output "ske-egress-ip" {
} }
resource "stackit_network" "ske_network" { resource "stackit_network" "ske_network" {
project_id = module.project.project_info["ske"].project_id project_id = module.project.project_info["project4"].project_id
name = "ske_network" name = "ske_network"
ipv4_nameservers = ["1.1.1.1", "9.9.9.9"] ipv4_nameservers = ["1.1.1.1", "9.9.9.9"]
ipv4_prefix = "10.220.10.0/24" ipv4_prefix = "10.220.10.0/24"

2
80-keypair.tf
View file

@ -1,6 +1,6 @@
// keypair adding to the server // keypair adding to the server
resource "stackit_key_pair" "keypair" { resource "stackit_key_pair" "keypair" {
name = "073a0ea0-9282-4ed6-8990-d5c4bff7cc3f" name = "073a0ea0-9282-4ed6-8990-d5c4bff7cc3f"
public_key = chomp(file(var.public_key_file)) public_key = chomp(file("/root/.ssh/id_ed25519.pub"))
} }

5
99-variables.tf
View file

@ -33,8 +33,3 @@ variable "flavor" {
default = "m1.2" default = "m1.2"
} }
variable "public_key_file" {
type = string
default = "/root/.ssh/id_ed25519.pub"
}

5
modules.tf
View file

@ -1,5 +0,0 @@
module "project" {
source = "./modules/project"
organization_id = var.organization_id
service_account_key_path = var.service_account_key_path
}

77
modules/project/99-variables.tf
View file

@ -1,77 +0,0 @@
# -- variables
variable "organization_id" {
default = "03a34540-3c1a-4794-b2c6-7111ecf824ef"
}
variable "service_account_key_path" {
default = "/root/.stackit/credentials.json"
}
variable "default_region" {
default ="eu01"
}
variable "region_az1" {
default = "eu01-1"
}
variable "region_az2" {
default = "eu01-2"
}
variable "region_az3" {
default = "eu01-3"
}
variable "region_metro" {
default = "eu01-m"
}
variable "flavor" {
type = string
description = ""
default = "c1.2"
}
variable "projects_alpha" {
type = map(object({
name = string
owner_email = string
}))
default = {
landingzone = {
name = "landingzone"
owner_email = "michael.sodan@stackit.cloud"
}
core = {
name = "core"
owner_email = "michael.sodan@stackit.cloud"
}
backup = {
name = "backup"
owner_email = "michael.sodan@stackit.cloud"
}
ske = {
name = "ske"
owner_email = "markus.brunsch@stackit.cloud"
}
}
}
variable "projects_beta" {
type = map(object({
name = string
owner_email = string
}))
default = {
vpn = {
name = "vpn"
owner_email = "michael.sodan@stackit.cloud"
}
infra = {
name = "infra"
owner_email = "michael.sodan@stackit.cloud"
}
}
}

0
modules/project/00-provider.tf → project/00-provider.tf
View file

0
modules/project/01-sna.tf → project/01-sna.tf
View file

44
modules/project/02-project.tf → project/02-project.tf
View file

@ -1,3 +1,47 @@
variable "projects_alpha" {
type = map(object({
name = string
owner_email = string
}))
default = {
project1 = {
name = "landingzone"
owner_email = "michael.sodan@stackit.cloud"
}
project2 = {
name = "core"
owner_email = "michael.sodan@stackit.cloud"
}
project3 = {
name = "backup"
owner_email = "michael.sodan@stackit.cloud"
}
project4 = {
name = "ske"
owner_email = "markus.brunsch@stackit.cloud"
}
}
}
variable "projects_beta" {
type = map(object({
name = string
owner_email = string
}))
default = {
project5 = {
name = "vpn"
owner_email = "michael.sodan@stackit.cloud"
}
project6 = {
name = "infra"
owner_email = "michael.sodan@stackit.cloud"
}
}
}
resource "stackit_resourcemanager_project" "projects_alpha" { resource "stackit_resourcemanager_project" "projects_alpha" {
for_each = var.projects_alpha for_each = var.projects_alpha
parent_container_id = var.organization_id parent_container_id = var.organization_id

35
project/99-variables.tf Normal file
View file

@ -0,0 +1,35 @@
# -- variables
variable "organization_id" {
default = "03a34540-3c1a-4794-b2c6-7111ecf824ef"
}
variable "service_account_key_path" {
default = "/root/.stackit/credentials.json"
}
variable "default_region" {
default ="eu01"
}
variable "region_az1" {
default = "eu01-1"
}
variable "region_az2" {
default = "eu01-2"
}
variable "region_az3" {
default = "eu01-3"
}
variable "region_metro" {
default = "eu01-m"
}
variable "flavor" {
type = string
description = ""
default = "c1.2"
}