professional-service-best-practices/landingzone_ipsec
14
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
landingzone_ipsec/README.md
Michael Sodan 745e157eda inital setup
2025-08-20 14:57:16 +00:00

111 lines
2.9 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# 🌐 Infrastructure Deployment: Landing Zone, Core, Backup and SKE
This repository contains Terraform code to deploy the following infrastructure projects:
---
## 📦 Projects Overview
### 1. **Landing Zone**
- Deploys a single **pfSense VM** as the central firewall/router.
- Acts as the entry point for the environment.
- Configures **WAN and multiple LAN networks**:
- `wan_network`: `10.220.0.0/24`
- `lan_network1`: `10.220.1.0/24`
- `lan_network2`: `10.220.2.0/24`
- `lan_network3`: `10.220.3.0/24` (non-routed)
- Interfaces:
- WAN interface with static IP `10.220.0.254`
- LAN13 interfaces, each connected to corresponding networks
### 2. **Core**
- Deploys a single **Virtual Machine** (VM) for core services or testing purposes.
- Network setup includes:
- `p2_lan_network`: `10.220.5.0/24` (routed)
- `p2_wan_network`: `10.220.6.0/24` (routed)
- Interfaces:
- LAN interface with attached security group
- WAN interface without additional security
### 3. **Backup**
- Used for backup and disaster recovery scenarios.
- Creates an **Object Storage Bucket**.
- Relevant **access credentials** are provisioned for use with other services.
### 4. **SKE**
- Deploys a managed **SKE (STACKIT Kubernetes Engine)** cluster.
- `ske_network`: `10.220.10.0/24`
---
## 🚀 Getting Started
### Prerequisites
- Terraform ≥ 1.3
- Valid STACKIT credentials
- Access to STACKIT APIs (IaaS, Kubernetes, Object Storage)
### Deployment Steps
1. Clone this repository:
```bash
git clone https://professional-service.git.onstackit.cloud/professional-service-best-practices/landingzone.git
cd <repo-name>
```
2. Initialize Terraform:
```bash
terraform init
```
3. Review and adjust variables if needed:
```bash
99-variables.tf
set organization id (also in project module)
touch pfsense.qcow2
```
4. Plan and apply the configuration:
```bash
terraform apply
```
---
## 🔐 Output
The deployment will output:
- VM IP addresses
- Kubernetes cluster information (kubeconfig)
- Object Storage credentials (access/secret key)
> 🔒 Make sure to store credentials securely and **never commit them** to version control.
---
## 📝 Notes
- This setup is optimized for a **test or POC environment**.
- pfSense must be manually configured after deployment. (User: admin, Passwort: STACKIT123!)
- Kubernetes workloads are not included in this deployment but can be added later.
- LVM striping (RAID0) can be used for temporary IOPS/performance improvement — but **requires attention to backups**.
---
## ⚠️ Limitations
- The infrastructure is not auto-scaled or HA-enabled by default.
- No automated DNS or certificate management is configured.
- `lan_network3` is non-routed and might require manual routing adjustments if used.
---
## 📬 Support
For issues, please create a Ticket or contact professional-service@stackit.cloud
---
**Author**: Michael Sodan
**License**: MIT
Reference in a new issue View git blame Copy permalink