# 🌐 Infrastructure Deployment: Landing Zone, Core, Backup and SKE This repository contains Terraform code to deploy the following infrastructure projects: --- ## 📦 Projects Overview ### 1. **Landing Zone** - Deploys a single **pfSense VM** as the central firewall/router. - Acts as the entry point for the environment. - Configures **WAN and multiple LAN networks**: - `wan_network`: `10.220.0.0/24` - `lan_network1`: `10.220.1.0/24` - `lan_network2`: `10.220.2.0/24` - `lan_network3`: `10.220.3.0/24` (non-routed) - Interfaces: - WAN interface with static IP `10.220.0.254` - LAN1–3 interfaces, each connected to corresponding networks ### 2. **Core** - Deploys a single **Virtual Machine** (VM) for core services or testing purposes. - Network setup includes: - `p2_lan_network`: `10.220.5.0/24` (routed) - `p2_wan_network`: `10.220.6.0/24` (routed) - Interfaces: - LAN interface with attached security group - WAN interface without additional security ### 3. **Backup** - Used for backup and disaster recovery scenarios. - Creates an **Object Storage Bucket**. - Relevant **access credentials** are provisioned for use with other services. ### 4. **SKE** - Deploys a managed **SKE (STACKIT Kubernetes Engine)** cluster. - `ske_network`: `10.220.10.0/24` --- ## 🚀 Getting Started ### Prerequisites - Terraform ≥ 1.3 - Valid STACKIT credentials - Access to STACKIT APIs (IaaS, Kubernetes, Object Storage) ### Deployment Steps 1. Clone this repository: ```bash git clone https://professional-service.git.onstackit.cloud/professional-service-best-practices/landingzone.git cd ``` 2. Initialize Terraform: ```bash terraform init ``` 3. Review and adjust variables if needed: ```bash 99-variables.tf set organization id (also in project module) touch pfsense.qcow2 ``` 4. Plan and apply the configuration: ```bash terraform apply ``` --- ## 🔐 Output The deployment will output: - VM IP addresses - Kubernetes cluster information (kubeconfig) - Object Storage credentials (access/secret key) > 🔒 Make sure to store credentials securely and **never commit them** to version control. --- ## 📝 Notes - This setup is optimized for a **test or POC environment**. - pfSense must be manually configured after deployment. (User: admin, Passwort: STACKIT123!) - Kubernetes workloads are not included in this deployment but can be added later. - LVM striping (RAID0) can be used for temporary IOPS/performance improvement — but **requires attention to backups**. --- ## ⚠️ Limitations - The infrastructure is not auto-scaled or HA-enabled by default. - No automated DNS or certificate management is configured. - `lan_network3` is non-routed and might require manual routing adjustments if used. --- ## 📬 Support For issues, please create a Ticket or contact professional-service@stackit.cloud --- **Author**: Michael Sodan **License**: MIT