Same as the landinzone project with the difference that we create another SNA with a project and a pfsense for simulation a VPN IPSEC Connection.
				
			
			
		| project | ||
| .gitignore | ||
| 00-provider.tf | ||
| 01-network.tf | ||
| 02-pfSense-image.tf | ||
| 03-pfSense-appliance.tf | ||
| 04-attachment.tf | ||
| 05-server.tf | ||
| 06-security-group.tf | ||
| 07-object-storage.tf | ||
| 08-ske.tf | ||
| 80-keypair.tf | ||
| 99-variables.tf | ||
| pfsense.qcow2 | ||
| README.md | ||
🌐 Infrastructure Deployment: Landing Zone, Core, Backup and SKE
This repository contains Terraform code to deploy the following infrastructure projects:
📦 Projects Overview
1. Landing Zone
- Deploys a single pfSense VM as the central firewall/router.
- Acts as the entry point for the environment.
- Configures WAN and multiple LAN networks:
- wan_network:- 10.220.0.0/24
- lan_network1:- 10.220.1.0/24
- lan_network2:- 10.220.2.0/24
- lan_network3:- 10.220.3.0/24(non-routed)
 
- Interfaces:
- WAN interface with static IP 10.220.0.254
- LAN1–3 interfaces, each connected to corresponding networks
 
- WAN interface with static IP 
2. Core
- Deploys a single Virtual Machine (VM) for core services or testing purposes.
- Network setup includes:
- p2_lan_network:- 10.220.5.0/24(routed)
- p2_wan_network:- 10.220.6.0/24(routed)
 
- Interfaces:
- LAN interface with attached security group
- WAN interface without additional security
 
3. Backup
- Used for backup and disaster recovery scenarios.
- Creates an Object Storage Bucket.
- Relevant access credentials are provisioned for use with other services.
4. SKE
- Deploys a managed SKE (STACKIT Kubernetes Engine) cluster.
- ske_network:- 10.220.10.0/24
 
🚀 Getting Started
Prerequisites
- Terraform ≥ 1.3
- Valid STACKIT credentials
- Access to STACKIT APIs (IaaS, Kubernetes, Object Storage)
Deployment Steps
- 
Clone this repository: git clone https://professional-service.git.onstackit.cloud/professional-service-best-practices/landingzone.git cd <repo-name>
- 
Initialize Terraform: terraform init
- 
Review and adjust variables if needed: 99-variables.tf set organization id (also in project module) touch pfsense.qcow2
- 
Plan and apply the configuration: terraform apply
🔐 Output
The deployment will output:
- VM IP addresses
- Kubernetes cluster information (kubeconfig)
- Object Storage credentials (access/secret key)
🔒 Make sure to store credentials securely and never commit them to version control.
📝 Notes
- This setup is optimized for a test or POC environment.
- pfSense must be manually configured after deployment. (User: admin, Passwort: STACKIT123!)
- Kubernetes workloads are not included in this deployment but can be added later.
- LVM striping (RAID0) can be used for temporary IOPS/performance improvement — but requires attention to backups.
⚠️ Limitations
- The infrastructure is not auto-scaled or HA-enabled by default.
- No automated DNS or certificate management is configured.
- lan_network3is non-routed and might require manual routing adjustments if used.
📬 Support
For issues, please create a Ticket or contact professional-service@stackit.cloud
Author: Michael Sodan
License: MIT