Hostname $(hostname)
" > /var/www/html/index.html - - chown www-data:www-data /var/www/html/index.html diff --git a/examples/iaas-cross-az-layer7-loadbalancer-waf/.terraform-version b/examples/iaas-cross-az-layer7-loadbalancer-waf/.terraform-version deleted file mode 100644 index 79f9beb..0000000 --- a/examples/iaas-cross-az-layer7-loadbalancer-waf/.terraform-version +++ /dev/null @@ -1 +0,0 @@ -v1.14.0 diff --git a/examples/iaas-cross-az-layer7-loadbalancer-waf/.terraform.lock.hcl b/examples/iaas-cross-az-layer7-loadbalancer-waf/.terraform.lock.hcl deleted file mode 100644 index 25ece83..0000000 --- a/examples/iaas-cross-az-layer7-loadbalancer-waf/.terraform.lock.hcl +++ /dev/null @@ -1,90 +0,0 @@ -# This file is maintained automatically by "terraform init". -# Manual edits may be lost in future updates. - -provider "registry.terraform.io/hashicorp/random" { - version = "3.8.1" - constraints = ">= 3.6.3" - hashes = [ - "h1:Eexl06+6J+s75uD46+WnZtpJZYRVUMB0AiuPBifK6Jc=", - "h1:u8AKlWVDTH5r9YLSeswoVEjiY72Rt4/ch7U+61ZDkiQ=", - "zh:08dd03b918c7b55713026037c5400c48af5b9f468f483463321bd18e17b907b4", - "zh:0eee654a5542dc1d41920bbf2419032d6f0d5625b03bd81339e5b33394a3e0ae", - "zh:229665ddf060aa0ed315597908483eee5b818a17d09b6417a0f52fd9405c4f57", - "zh:2469d2e48f28076254a2a3fc327f184914566d9e40c5780b8d96ebf7205f8bc0", - "zh:37d7eb334d9561f335e748280f5535a384a88675af9a9eac439d4cfd663bcb66", - "zh:741101426a2f2c52dee37122f0f4a2f2d6af6d852cb1db634480a86398fa3511", - "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", - "zh:a902473f08ef8df62cfe6116bd6c157070a93f66622384300de235a533e9d4a9", - "zh:b85c511a23e57a2147355932b3b6dce2a11e856b941165793a0c3d7578d94d05", - "zh:c5172226d18eaac95b1daac80172287b69d4ce32750c82ad77fa0768be4ea4b8", - "zh:dab4434dba34aad569b0bc243c2d3f3ff86dd7740def373f2a49816bd2ff819b", - "zh:f49fd62aa8c5525a5c17abd51e27ca5e213881d58882fd42fec4a545b53c9699", - ] -} - -provider "registry.terraform.io/hashicorp/tls" { - version = "4.2.1" - hashes = [ - "h1:F5d6bQY8UlBo0D71Sv7CsV+3aZOFz0yeNF+vufog7h4=", - "h1:akFNuHwvrtnYMBofieoeXhPJDhYZzJVu/Q/BgZK2fgg=", - "zh:0d1e7d07ac973b97fa228f46596c800de830820506ee145626f079dd6bbf8d8a", - "zh:5c7e3d4348cb4861ab812973ef493814a4b224bdd3e9d534a7c8a7c992382b86", - "zh:7c6d4a86cd7a4e9c1025c6b3a3a6a45dea202af85d870cddbab455fb1bd568ad", - "zh:7d0864755ba093664c4b2c07c045d3f5e3d7c799dda1a3ef33d17ed1ac563191", - "zh:83734f57950ab67c0d6a87babdb3f13c908cbe0a48949333f489698532e1391b", - "zh:951e3c285218ebca0cf20eaa4265020b4ef042fea9c6ade115ad1558cfe459e5", - "zh:b9543955b4297e1d93b85900854891c0e645d936d8285a190030475379c5c635", - "zh:bb1bd9e86c003d08c30c1b00d44118ed5bbbf6b1d2d6f7eaac4fa5c6ebea5933", - "zh:c9477bfe00653629cd77ddac3968475f7ad93ac3ca8bc45b56d1d9efb25e4a6e", - "zh:d4cfda8687f736d0cba664c22ec49dae1188289e214ef57f5afe6a7217854fed", - "zh:dc77ee066cf96532a48f0578c35b1eaf6dc4d8ddd0e3ae8e029a3b10676dd5d3", - "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", - ] -} - -provider "registry.terraform.io/mastercard/restapi" { - version = "3.0.0" - constraints = ">= 3.0.0" - hashes = [ - "h1:Fqxoc6bsydl6iWGx6ZvyqUDdGt7Cb4sW/BSHhBeHGgw=", - "h1:y1I3azDHOqRySTyDHsb3Xh1waP/99KfykZRagbRx1qI=", - "zh:0b63bd3c25a31f090a41933f90b7dd6e984add1c4261d8f5caa73f4d5aa065a4", - "zh:1c3e89cf19118fc07d7b04257251fc9897e722c16e0a0df7b07fcd261f8c12e7", - "zh:2d31f322454d271eb328c2d3b3d41f426df98503982788be347799ddf68bf9bf", - "zh:47dd97e3f43bb89ae4254bba90ffbc6d521338554a1f94961e21214dd801b81b", - "zh:49636b072b9a30d15916468857bce91d39bc87bbba1c99fb3894fafa9409b8b4", - "zh:5566605a8e16478bc66c1fec8dea0890586c084221161dc82b73d162d44c08a7", - "zh:5859e0ad05aa6b3b108f0b718986e237a18d5176efea62d1ac1ef352561b4713", - "zh:76129b89e2b56d8d2af8f6e10cc748bea4ee6ec1105e916f1254cd124f4dcf9c", - "zh:bfc20b5fd03cb3243917e8cf360e5208284e757ab82f83c992da471ef16a0eab", - "zh:d1d2363009253cdfe5795a48b6412bff11104fe6a52fb0a57e5a95fc765a161e", - "zh:d1f0b981089ad709b73c4f989a9cd9118c4e3cb8fc0a2b303aa4d77cc5102a53", - "zh:dbfddb2f407481a4e88fdc17739c805d9d9fff2451efcb9226572d59ed2e9128", - "zh:df04a8c777d05896684171807b27c41befbf5f217f50b0e9b2b27164d4aacca5", - "zh:e68b450c66efe55d1132585477fa71207680806edafb3792ca44d9695d0a1d75", - "zh:f894e7e9913347e25e67d5d3bf91659c06877dd5fa11acf75820fa03fa34b8bd", - ] -} - -provider "registry.terraform.io/stackitcloud/stackit" { - version = "0.91.0" - constraints = ">= 0.87.0" - hashes = [ - "h1:8de9n+Roq6Z2Ltp9poBBBN9a4zSpx73VLpgFS5mTyoI=", - "h1:RStdHSDwbtonYfg7mR5Y92v6fxIVX9FEz0UN+tm9kHI=", - "zh:0dde99e7b343fa01f8eefc378171fb8621bedb20f59157d6cc8e3d46c738105f", - "zh:0ed12db90276ccd2d6f87135b7dd078657823c3ca33121c6a157d0bdf08f801e", - "zh:160b32bcf1d01666784cf8469e10e0a38d4c3d24c80c0c5be470cc63ef27ea62", - "zh:32e1909037235c24138b74131c6fb12ac99003f79750f1768ca5468cc05da6b0", - "zh:4376f1cdafbb35ad5f220e28153741908390b23161d9eae3828f7830039ce8ef", - "zh:458b054781ef6165d9136fc3d667f9bf37319e37d0f19300bbb63b703de2599d", - "zh:54a1864cf1315a118c043f834e02f2a1ca0ecbc8c2a246460589a95847da6c80", - "zh:83424712926ccef3c60cc011dfa298721bdbaee3598a0c8459da46bc6b7424cc", - "zh:a3c38ebffdbca21dd177b06acf891bed1a903907ba252d0219d91ff0ecf9d861", - "zh:c6325e583b77aa1e9df94e3b4b12479d7bf12c66a2ace71c1b8f64e46ac5c37e", - "zh:de6db8deeee895af5670df2449c8b8c34df051277f8a6e2f19c5c9ec1f0ddb12", - "zh:e18b05e7d8356caa6103c5c80b5ea373be3ff255b453cf577c68798ffe1b93ce", - "zh:f4d9215f7a2888c882892642539b2edd3ea97cb25904e4fa358db4f001c3ccd0", - "zh:f94d0c0c2bf843867122ababc8d8066d52257e68bbcb5c62a603f77c581e9668", - ] -} diff --git a/examples/iaas-cross-az-layer7-loadbalancer-waf/00-provider.tf b/examples/iaas-cross-az-layer7-loadbalancer-waf/00-provider.tf deleted file mode 100644 index 8673fee..0000000 --- a/examples/iaas-cross-az-layer7-loadbalancer-waf/00-provider.tf +++ /dev/null @@ -1,48 +0,0 @@ -# Copyright 2026 Schwarz Digits Cloud GmbH & Co. KG -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Define required providers -terraform { - required_version = ">= 0.14.0" - required_providers { - stackit = { - source = "stackitcloud/stackit" - version = ">= 0.87.0" - } - random = { - source = "hashicorp/random" - version = ">= 3.6.3" - } - restapi = { - source = "Mastercard/restapi" - version = ">= 3.0.0" - } - } -} - -ephemeral "stackit_access_token" "alb" {} - -provider "restapi" { - uri = "https://alb-waf.api.stackit.cloud" - bearer_token = ephemeral.stackit_access_token.alb.access_token - - id_attribute = "name" - write_returns_object = true -} - -provider "stackit" { - default_region = var.stackit_region - service_account_key_path = var.stackit_service_account_key_path - enable_beta_resources = true -} diff --git a/examples/iaas-cross-az-layer7-loadbalancer-waf/01-variables.tf b/examples/iaas-cross-az-layer7-loadbalancer-waf/01-variables.tf deleted file mode 100644 index efb773e..0000000 --- a/examples/iaas-cross-az-layer7-loadbalancer-waf/01-variables.tf +++ /dev/null @@ -1,37 +0,0 @@ -# Copyright 2026 Schwarz Digits Cloud GmbH & Co. KG -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -variable "stackit_project_id" { - type = string - default = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" -} - -variable "stackit_region" { - type = string - default = "eu01" -} - -variable "stackit_service_account_key_path" { - type = string - default = "../../keys/stackit-sa.json" -} - -resource "stackit_key_pair" "admin_keypair" { - name = "admin-keypair-12345" - public_key = chomp(file("~/.ssh/id_rsa.pub")) -} - -variable "jumphost_flavor" { - default = "c2i.1" -} diff --git a/examples/iaas-cross-az-layer7-loadbalancer-waf/02-network.tf b/examples/iaas-cross-az-layer7-loadbalancer-waf/02-network.tf deleted file mode 100644 index 29222d3..0000000 --- a/examples/iaas-cross-az-layer7-loadbalancer-waf/02-network.tf +++ /dev/null @@ -1,20 +0,0 @@ -# Copyright 2026 Schwarz Digits Cloud GmbH & Co. KG -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -resource "stackit_network" "network" { - project_id = var.stackit_project_id - name = "network01" - ipv4_nameservers = ["1.1.1.1", "9.9.9.9"] - ipv4_prefix = "172.17.1.0/24" -} diff --git a/examples/iaas-cross-az-layer7-loadbalancer-waf/03-machine01.tf b/examples/iaas-cross-az-layer7-loadbalancer-waf/03-machine01.tf deleted file mode 100644 index 1972d38..0000000 --- a/examples/iaas-cross-az-layer7-loadbalancer-waf/03-machine01.tf +++ /dev/null @@ -1,28 +0,0 @@ -# Copyright 2026 Schwarz Digits Cloud GmbH & Co. KG -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -module "test-machine01" { - source = "../../modules/test-machine" - - project_id = var.stackit_project_id - network_id = stackit_network.network.network_id - availability_zone = "eu01-1" - security_enabled = true - - name = "machine01" - machine_type = var.jumphost_flavor - disk_size = 48 - - user_data = templatefile("${path.module}/apache-debug-user.yaml", {}) -} diff --git a/examples/iaas-cross-az-layer7-loadbalancer-waf/04-machine02.tf b/examples/iaas-cross-az-layer7-loadbalancer-waf/04-machine02.tf deleted file mode 100644 index a197447..0000000 --- a/examples/iaas-cross-az-layer7-loadbalancer-waf/04-machine02.tf +++ /dev/null @@ -1,28 +0,0 @@ -# Copyright 2026 Schwarz Digits Cloud GmbH & Co. KG -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -module "test-machine02" { - source = "../../modules/test-machine" - - project_id = var.stackit_project_id - network_id = stackit_network.network.network_id - availability_zone = "eu01-2" - security_enabled = true - - name = "machine02" - machine_type = var.jumphost_flavor - disk_size = 48 - - user_data = templatefile("${path.module}/apache-debug-user.yaml", {}) -} diff --git a/examples/iaas-cross-az-layer7-loadbalancer-waf/05-l7-loadbalancer.tf b/examples/iaas-cross-az-layer7-loadbalancer-waf/05-l7-loadbalancer.tf deleted file mode 100644 index 969dfc7..0000000 --- a/examples/iaas-cross-az-layer7-loadbalancer-waf/05-l7-loadbalancer.tf +++ /dev/null @@ -1,117 +0,0 @@ -# Copyright 2026 Schwarz Digits Cloud GmbH & Co. KG -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -resource "tls_private_key" "example" { - algorithm = "RSA" - rsa_bits = 2048 -} - -resource "tls_self_signed_cert" "example" { - private_key_pem = tls_private_key.example.private_key_pem - - subject { - common_name = "localhost" - organization = "STACKIT Test" - } - - validity_period_hours = 12 - - allowed_uses = [ - "key_encipherment", - "digital_signature", - "server_auth", - ] -} - -resource "stackit_public_ip" "public_ip" { - project_id = var.stackit_project_id - - lifecycle { - ignore_changes = [network_interface_id] - } -} - -resource "stackit_alb_certificate" "this" { - project_id = var.stackit_project_id - name = "example-certificate" - private_key = tls_private_key.example.private_key_pem - public_key = tls_self_signed_cert.example.cert_pem -} - -resource "stackit_application_load_balancer" "this" { - project_id = var.stackit_project_id - region = var.stackit_region - name = "example-load-balancer" - plan_id = "p10" - external_address = stackit_public_ip.public_ip.ip - - listeners = [ - { - name = "listener01" - port = 443 - http = { - hosts = [{ - host = "*" - rules = [{ - target_pool = "target-pool-01" - /*path = { - prefix = "/path" - }*/ - }] - }] - } - https = { - certificate_config = { - certificate_ids = [ - stackit_alb_certificate.this.cert_id - ] - } - } - waf_config_name = restapi_object.waf.api_data.name - protocol = "PROTOCOL_HTTPS" - } - ] - networks = [ - { - network_id = stackit_network.network.network_id - role = "ROLE_LISTENERS_AND_TARGETS" - } - ] - target_pools = [ - { - name = "target-pool-01" - target_port = 80 - targets = [ - { - display_name = "server01" - ip = module.test-machine01.primary_ip - }, - { - display_name = "server02" - ip = module.test-machine02.primary_ip - } - ] - } - ] -} - - -output "alb_external_address" { - value = stackit_application_load_balancer.this.external_address -} - -/*output "alb_private_ip_address" { - // for private alb loadbalancer usage - value = stackit_application_load_balancer.this.private_address -}*/ diff --git a/examples/iaas-cross-az-layer7-loadbalancer-waf/06-waf.tf b/examples/iaas-cross-az-layer7-loadbalancer-waf/06-waf.tf deleted file mode 100644 index 405898e..0000000 --- a/examples/iaas-cross-az-layer7-loadbalancer-waf/06-waf.tf +++ /dev/null @@ -1,46 +0,0 @@ -# Copyright 2026 Schwarz Digits Cloud GmbH & Co. KG -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -resource "restapi_object" "waf_crs" { - path = "/v1alpha/projects/${var.stackit_project_id}/regions/${var.stackit_region}/core-rule-sets" - data = jsonencode({ - name = "example-crs" - active = true - }) - - ignore_server_additions = true -} - -resource "restapi_object" "waf_rules" { - path = "/v1alpha/projects/${var.stackit_project_id}/regions/${var.stackit_region}/rules" - data = jsonencode({ - name = "example-rules" - rules = file("${path.module}/example-waf.conf") - }) - - ignore_server_additions = true - depends_on = [restapi_object.waf_crs] -} - -resource "restapi_object" "waf" { - path = "/v1alpha/projects/${var.stackit_project_id}/regions/${var.stackit_region}/wafs" - data = jsonencode({ - name = "example-waf" - coreRuleSetName = restapi_object.waf_crs.api_data.name - rulesConfigName = restapi_object.waf_rules.api_data.name - }) - - ignore_server_additions = true - depends_on = [restapi_object.waf_rules] -} diff --git a/examples/iaas-cross-az-layer7-loadbalancer-waf/MAINTAINERS.md b/examples/iaas-cross-az-layer7-loadbalancer-waf/MAINTAINERS.md deleted file mode 100644 index 6457701..0000000 --- a/examples/iaas-cross-az-layer7-loadbalancer-waf/MAINTAINERS.md +++ /dev/null @@ -1,9 +0,0 @@ -# Maintainers - -General maintainers: - -- Mauritz Uphoff (Mauritz.Uphoff@digits.schwarz) - -This example is actively maintained. The owner is responsible for reviewing and updating dependencies and functionalities on a monthly basis. -For questions, issues, or feature requests, please email general maintainers. -Please include the BP name and version in your request. We will track your request as an issue. diff --git a/examples/iaas-cross-az-layer7-loadbalancer-waf/README.md b/examples/iaas-cross-az-layer7-loadbalancer-waf/README.md deleted file mode 100644 index 895244b..0000000 --- a/examples/iaas-cross-az-layer7-loadbalancer-waf/README.md +++ /dev/null @@ -1,36 +0,0 @@ -# IaaS cross AZ Layer 7 Loadbalancer - -## Overview - -A classic highly-available architecture: provisioning multiple VMs across different Availability Zones (AZs) and putting them behind a STACKIT L7 Load Balancer. This example also includes a Web Application Firewall (WAF) configuration to secure the backend workloads against malicious traffic. - -## ⚠️ Important Note: [WAF Implementation](06-waf.tf) - -Currently, the official STACKIT Terraform provider does not natively support Web Application Firewall (WAF) resources. - -To bridge this gap and fully automate the deployment, this example utilizes a `restapi` provider as a workaround. This allows Terraform to interact directly with the STACKIT WAF REST API (`/v1alpha/projects/...`) to create and attach the Core Rule Sets and custom SecLang rules until native support is released. - -## Testing the WAF - -This deployment includes rules written in SecLang. These rules are specifically designed to safely verify that the WAF is successfully deployed, actively intercepting traffic, and applying your configurations. - -Once `terraform apply` completes successfully, extract the public IP of your Load Balancer from the Terraform outputs: - -```bash -# Export the Load Balancer IP to an environment variable -export ALB_IP=$(terraform output -raw alb_external_address) -``` - -Now, use curl to trigger the custom rules. Because the WAF is configured to block these specific signatures, both of the following commands should return an HTTP 403 Forbidden status code. - -Test 1: Trigger via Query Parameter - -```Bash -curl -k -I -X GET "https://${ALB_IP}/?waf_test=trigger" -``` - -Test 2: Trigger via Custom HTTP Header - -```Bash -curl -k -I -H "X-WAF-Test: trigger" "https://${ALB_IP}/" -``` diff --git a/examples/iaas-cross-az-layer7-loadbalancer-waf/apache-debug-user.yaml b/examples/iaas-cross-az-layer7-loadbalancer-waf/apache-debug-user.yaml deleted file mode 100644 index c44cda9..0000000 --- a/examples/iaas-cross-az-layer7-loadbalancer-waf/apache-debug-user.yaml +++ /dev/null @@ -1,22 +0,0 @@ -#cloud-config -users: - - name: debug - groups: sudo - shell: /bin/bash - sudo: ["ALL=(ALL) NOPASSWD:ALL"] - lock_passwd: false - passwd: "$6$JZBVJ2zsw/o4C1UJ$FskGQWf.nqwj.o9bHbxkSGvSilQcHt03KdPYlgsiE3L77tNqFj0/vnlCXSf.SRb4jR2xsHk/.OlEyT16Txj4J." # hashed version of 'House123!' - -chpasswd: - expire: false - -ssh_pwauth: true - -packages: - - apache2 - -runcmd: - - systemctl enable apache2 - - systemctl start apache2 - - echo "Hostname $(hostname)
" > /var/www/html/index.html - - chown www-data:www-data /var/www/html/index.html diff --git a/examples/iaas-cross-az-layer7-loadbalancer-waf/example-waf.conf b/examples/iaas-cross-az-layer7-loadbalancer-waf/example-waf.conf deleted file mode 100644 index 31067e4..0000000 --- a/examples/iaas-cross-az-layer7-loadbalancer-waf/example-waf.conf +++ /dev/null @@ -1,23 +0,0 @@ -# ------------------------------------------------------------------------ -# WAF TEST RULES -# Custom rule IDs should generally start at 1000000 to avoid conflicting -# with the OWASP Core Rule Set (which uses the 900000 - 999999 range). -# ------------------------------------------------------------------------ - -# Test Rule 1: Block based on a specific query parameter (?waf_test=trigger) -SecRule ARGS:waf_test "@streq trigger" \ - "id:1000001,\ - phase:1,\ - deny,\ - status:403,\ - log,\ - msg:'WAF Test Rule Triggered via Query Parameter'" - -# Test Rule 2: Block based on a specific custom header (X-WAF-Test: trigger) -SecRule REQUEST_HEADERS:X-WAF-Test "@streq trigger" \ - "id:1000002,\ - phase:1,\ - deny,\ - status:403,\ - log,\ - msg:'WAF Test Rule Triggered via Custom Header'" diff --git a/examples/iaas-ha-vrrp/.terraform.lock.hcl b/examples/iaas-ha-vrrp/.terraform.lock.hcl index c8e7f0a..22969f3 100644 --- a/examples/iaas-ha-vrrp/.terraform.lock.hcl +++ b/examples/iaas-ha-vrrp/.terraform.lock.hcl @@ -5,7 +5,6 @@ provider "registry.terraform.io/hashicorp/random" { version = "3.8.1" constraints = ">= 3.6.3" hashes = [ - "h1:Eexl06+6J+s75uD46+WnZtpJZYRVUMB0AiuPBifK6Jc=", "h1:u8AKlWVDTH5r9YLSeswoVEjiY72Rt4/ch7U+61ZDkiQ=", "zh:08dd03b918c7b55713026037c5400c48af5b9f468f483463321bd18e17b907b4", "zh:0eee654a5542dc1d41920bbf2419032d6f0d5625b03bd81339e5b33394a3e0ae", @@ -26,7 +25,6 @@ provider "registry.terraform.io/stackitcloud/stackit" { version = "0.90.0" constraints = ">= 0.87.0" hashes = [ - "h1:QgP6TOtucJ3A6fA51rdUvxhYGjl9RrWvXQZpjHTOuiU=", "h1:W29Kv6XUxYssF2Gy8KcmTx3EFstt6k8sKgPRIBbq+qs=", "zh:003af58a84884558bbb2fc40fcbefa6774ec20aa9e4b97cf3f950190a600afd2", "zh:026ee9cef4670cf33369f8654c6b9b1d8c0e116ceb0b353c882be222951ecdd4", diff --git a/examples/iaas-ha-vrrp/01-config.tf b/examples/iaas-ha-vrrp/01-config.tf index e01eeda..a0793e7 100644 --- a/examples/iaas-ha-vrrp/01-config.tf +++ b/examples/iaas-ha-vrrp/01-config.tf @@ -14,7 +14,7 @@ variable "stackit_project_id" { type = string - default = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" + default = "d75e6aab-b616-4b42-ae3b-aaf161ad626d" } variable "stackit_region" { diff --git a/examples/iaas-volume-encryption/.terraform.lock.hcl b/examples/iaas-volume-encryption/.terraform.lock.hcl index f4f00c9..7c3993a 100644 --- a/examples/iaas-volume-encryption/.terraform.lock.hcl +++ b/examples/iaas-volume-encryption/.terraform.lock.hcl @@ -5,7 +5,6 @@ provider "registry.terraform.io/stackitcloud/stackit" { version = "0.80.0" constraints = "0.80.0" hashes = [ - "h1:VqmLlSV9sMOX7aq5Bnsj18KNKCUPFahZzf0SA5fTkVk=", "h1:wz7uGwzVoo1NO18CDLcfjLraTSiWQ5EzJnDeCKcFi60=", "zh:0dde99e7b343fa01f8eefc378171fb8621bedb20f59157d6cc8e3d46c738105f", "zh:3a0e6cb125ef76a24b2b5ff9c786c57058f385571d283bd68f633225fcca695a", diff --git a/examples/iaas-volume-encryption/01-config.tf b/examples/iaas-volume-encryption/01-config.tf index 7fbb8c0..ba124eb 100644 --- a/examples/iaas-volume-encryption/01-config.tf +++ b/examples/iaas-volume-encryption/01-config.tf @@ -29,5 +29,5 @@ variable "zone" { variable "STACKIT_PROJECT_ID" { type = string description = "STACKIT Project ID" - default = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" + default = "16ec118f-90d0-466d-8393-99eea504c536" } diff --git a/examples/iaas-volume-encryption/05-server.tf b/examples/iaas-volume-encryption/05-server.tf index 3c342fb..9cbc0d6 100644 --- a/examples/iaas-volume-encryption/05-server.tf +++ b/examples/iaas-volume-encryption/05-server.tf @@ -33,7 +33,7 @@ resource "stackit_network_interface" "nic" { data "stackit_security_group" "default" { project_id = var.STACKIT_PROJECT_ID - security_group_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" + security_group_id = "a6b4708e-b8ee-48ba-b084-a4892e9a73af" } data "stackit_network" "default" { diff --git a/examples/iam-scim-integration/.terraform.lock.hcl b/examples/iam-scim-integration/.terraform.lock.hcl deleted file mode 100644 index 3a43f35..0000000 --- a/examples/iam-scim-integration/.terraform.lock.hcl +++ /dev/null @@ -1,146 +0,0 @@ -# This file is maintained automatically by "terraform init". -# Manual edits may be lost in future updates. - -provider "registry.terraform.io/goauthentik/authentik" { - version = "2026.2.0" - constraints = "2026.2.0" - hashes = [ - "h1:On3/Zzv3W72aGsJ4AhW/tnpi4hvq9cxwgf7tF6Tg+a4=", - "zh:00c44e8ee842e75de9cc4fd6193b10258d1dc840e5be4aaaf118ffc180dceee0", - "zh:13057f08bce3b63613e1be3997dd454ff9568c569dd983987b1550280fbe3d01", - "zh:410a1ff2ae4647cc0ab37894f81e4d474b588a0a7f005d05d55e8c3a40978dd2", - "zh:43830834d12b3c0eeabe397842f82ca3a6b58a5bc8dd837d55b821419b55ed61", - "zh:56eaedd196ed7c4003cee0434b891b38242b4fde2031978d0ddcfdf6e16ee5ad", - "zh:5b3c10bb63c3c215ed9e0918e5808b240e3f2ee8248d10cd4d824a4998a213c5", - "zh:99c14891bcb92a6b21ef4c0e60f6c0df23e3452808f3eefd67cde78d132c80d9", - "zh:9a32cdda9f939f8484e27d4200d004c44f016fe97579a111201083f4beea78e8", - "zh:ae5086816144f68de9a0002e7696321169a71473f9d161793f4ae996388f56de", - "zh:bd09409dd34608a4ef3ea80cfc5e397268e7872f2e84c1ccdc9b5698e36ddad5", - "zh:be7af8b9eb61b0eb5053f14360e5a68caeb32c115efe8e1b583f2e7c91352a2a", - "zh:e11726812a1b2caf6b6784a3d074d1f50e3d406e9629c02096a001e5a5979331", - "zh:e39183d10d8158ccab51208f4f727c7419b1b1e596f4feb23dc42aebb36d01e3", - ] -} - -provider "registry.terraform.io/hashicorp/helm" { - version = "3.1.1" - hashes = [ - "h1:47CqNwkxctJtL/N/JuEj+8QMg8mRNI/NWeKO5/ydfZU=", - "zh:1a6d5ce931708aec29d1f3d9e360c2a0c35ba5a54d03eeaff0ce3ca597cd0275", - "zh:3411919ba2a5941801e677f0fea08bdd0ae22ba3c9ce3309f55554699e06524a", - "zh:81b36138b8f2320dc7f877b50f9e38f4bc614affe68de885d322629dd0d16a29", - "zh:95a2a0a497a6082ee06f95b38bd0f0d6924a65722892a856cfd914c0d117f104", - "zh:9d3e78c2d1bb46508b972210ad706dd8c8b106f8b206ecf096cd211c54f46990", - "zh:a79139abf687387a6efdbbb04289a0a8e7eaca2bd91cdc0ce68ea4f3286c2c34", - "zh:aaa8784be125fbd50c48d84d6e171d3fb6ef84a221dbc5165c067ce05faab4c8", - "zh:afecd301f469975c9d8f350cc482fe656e082b6ab0f677d1a816c3c615837cc1", - "zh:c54c22b18d48ff9053d899d178d9ffef7d9d19785d9bf310a07d648b7aac075b", - "zh:db2eefd55aea48e73384a555c72bac3f7d428e24147bedb64e1a039398e5b903", - "zh:ee61666a233533fd2be971091cecc01650561f1585783c381b6f6e8a390198a4", - "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", - ] -} - -provider "registry.terraform.io/hashicorp/kubernetes" { - version = "3.1.0" - constraints = "> 2.14.0" - hashes = [ - "h1:G9QqKNpcztBRqrywtlNylFJSpGzDfRFtO8hcWLdkvRY=", - "zh:0215c5c60be62028c09a2f22458e89cda3ef5830a632299f1d401eb3538874b0", - "zh:09ebb9f442431e278a310a9423f32caf467cb4b3cad3fe59573ca71fa7b14e20", - "zh:0c4e5912f83bb35846ae0a9ae54fc320706ee61894cd21cc6b4181b1c5a2fa5c", - "zh:1678c982853ad461e65ccb5e79d585e13ed109dd47dab2a66d3a7a304faeef65", - "zh:1c050a5c15e330457a9c18caacf61a923c59d663e13f2962e4b32f04fef523a0", - "zh:2c55bcec83be58ec132c7cb0a1ac644758b800d794fdc636d53a0eada0358a3a", - "zh:a062bb0aa316c08d8460c66a5d68da71da40de5d3bc3b31abcf3a1a9a19650f1", - "zh:a26fdea0afaa9b247c73c0b42843ca51ba7db0ac2571f9d3d50dcabd20ca1b98", - "zh:c872c9385a78d502bf5823d61cd3bb0f9a0585030e025eb12585c83451beeaa1", - "zh:f180879af931182beee4c8c0d9dab62b81d86f17ddcbe3786ef4c7cec9163a4e", - "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", - "zh:f70f5789264069e0eef06f9b5d5fde955ef7206f7d446d1ce51a4c37a3f3e02f", - ] -} - -provider "registry.terraform.io/hashicorp/local" { - version = "2.9.0" - hashes = [ - "h1:m24fjcInWvTVZ1XSo2MaNuKPe+X/gfG8SIi09rA7a7M=", - "zh:0baa4566cf77f1ff52f4293d1c8536202dd23edc197c3196413a28343c3ac3a0", - "zh:16b5559c3c07088ddad11a9bb9e9c0799999363c2958e9a5be2bcbbf2cd9ca64", - "zh:197c79015a10d1cce904a8ea722cbc750c42aeae2da53f44a6a0751d9fd1aa90", - "zh:29d0b03e5343a80677ebfeb2e2c31cbe4b1f65e736e53417454a4277fec2544c", - "zh:4896bfa6cf1d2fd562b47ef2e87f47862ae92a04f8ad5d764380f0c6653473b8", - "zh:531f8529cbca49f681883e57761a05a8398afaef6d1ab0d205d26bf12f4428e8", - "zh:6aaf5011d83161c86d2bfb80c0923ec934e578288758da2f37acb7aec129004b", - "zh:7430275253d3d3c40aa6179e0ec0d63212874dbbc06c5a51b9d07ec590f9756c", - "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", - "zh:be17dc611e95e26cdf6cad79dfccf1064f0e32032a2efeb939a9bbe7fb1cbfe9", - "zh:f0e3b0aa644202e1d79d2000dca91f6019425da71e9800fa23f27e51c034f195", - "zh:f62bae4519e4ead49182ddc8afe8cf61e2a4c3ba3973b0fbba967736a2696aa3", - "zh:fcafa360a5b0b96244f26f4e3a6d642b716a376557142c2442ff2fb12d11da18", - ] -} - -provider "registry.terraform.io/hashicorp/random" { - version = "3.9.0" - constraints = "3.9.0" - hashes = [ - "h1:OO+IuvQJSPmWdN8AyyIEvPJbLvDQpgX/zbktoa9KsJE=", - "zh:161ad0bd9a75768c82f53fb6e7172a9d8be2d4889b012645a34795031aaf1bf1", - "zh:19dc9a5b17729725ccfc4f45b0500af0ee5bc6b6b160c7adb8f2bf617d2c80ea", - "zh:269eda8fe42daa7974d5a34d166c3ba9defe80cde86c01e4dadcfdf2e1f05e5f", - "zh:373f7c65566f8f2cc7f45d698654feb9d988996957e1266a69ca00c52d6d16d0", - "zh:5599d16804c41c83009ec621b6d6b6f74e102f5827678a4750f8809055546b61", - "zh:583be0440469a22bff70dcfa56593b01566860b29607437264adb51060cf46fc", - "zh:5f211d8ec3f2e1f414870d9584bfe26e6995560ef81c748f8447a48164767398", - "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", - "zh:7b547fd16216761ef86efc3ed516ac5ac0c5c42b7c7eb24a08cef2d93f69ed5e", - "zh:7e7c0679daf2a382151d05068c8c3f0dae6b7b7dccf818827b73dd08638df2ef", - "zh:8089dec888a8038b9b4fb23b3df7e1057293dbc5b60b42cc47ff690d69d4b61b", - "zh:c51f15a031edfd6f23ce8ced3446ca7f8d8d647e2499890d7d5d10d5016d7257", - "zh:c94784f005708890dc6895afd53636ec00ec1e430b15d41e5aebfb1d4b39bd04", - ] -} - -provider "registry.terraform.io/hashicorp/time" { - version = "0.14.0" - constraints = ">= 0.9.1" - hashes = [ - "h1:/hlxsUpuN/lvPTNL9+NyVGsOyRsK5NsxwFMsj5CdOp4=", - "zh:12abfd6b800e4d7fa6db7310dec8ffd440b31993861ef188c7ed5260b3073937", - "zh:23005521e800bb19e1597bf755c5f70d675d30b685d4255001ed5fa47d9df3f1", - "zh:2fea249b582ae97cd1cc10385187ea50993bb47c28cc5df0305e57ceaabf0a10", - "zh:322018d3b987b7aad08697178029a2bb667bed699e88328f0c89c52a2fd41341", - "zh:32a08e98fce2d273cb9b2c89d6c54727cc9f0a32e15bfd896be4e02cc6b48f95", - "zh:3db89aabd0e619616bd4b0f8b373a7586dfe60feffcea12a84a0bdbc445714b3", - "zh:7488f56c81d742dc020f29063626c8f07ca188aa97be61e7307e8d62397020a2", - "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", - "zh:7cb4067f2e7559b13f7562ef722f948950901eb37834873e98360ab28f66e9d7", - "zh:9d552c8345f61e1b7db8e725144981345f18ac1014d58d6f5ddf0928a195fffb", - "zh:a8e69fb6b97fc9d86fb19a9f4d42abe33c4a68e700b15387ce2e17d2b9934bed", - "zh:aeeb900eb8dd0f790c60ea5c0e0c8d42bd6e4a54f391681d4decca15b544394b", - "zh:c239c619101a8c95e1f14061eb973c57a8d15fa0e68878ced5bbd76858ee5b79", - ] -} - -provider "registry.terraform.io/stackitcloud/stackit" { - version = "0.96.0" - constraints = ">= 0.87.0, >= 0.95.0" - hashes = [ - "h1:NgwbVCV5pfBVMO3xUMop4l5AzvVv3BuBzXpJjgoZfSU=", - "zh:04d309851424a53d3d014dde3b143fc1cdc19fbebf558eb4b927878103f78fb0", - "zh:0dde99e7b343fa01f8eefc378171fb8621bedb20f59157d6cc8e3d46c738105f", - "zh:0ebcdf98a47f301e12925803198320d637552ef57abc49e2a48a009f1ddbf39a", - "zh:176238c057193c9c60c365b83463e758892186fcc2bd14bc9bbf69bf471f1d6b", - "zh:1c514ec6d09ee210ebb813d49b7d3a71b5b9d0b173c743bce9ab937b1e3d303a", - "zh:20433d0dc7e4aa2a806863fc289a2cecb19763624f199babfbe44f22d4d9150f", - "zh:452ceacbe4a1f70c81320b9223f4958c9bc122508c79e86bc97cb9241682c053", - "zh:5f893229f41f8dc2169b5b02785fb2988e8cad2141722a411711182bafefa015", - "zh:69383e27067a6413300d3acbcdad8f890bd187e16630580c09900ba379659284", - "zh:694de24bd05027c3c8b7a7c477973f76cd5a11d7fd38819026b5a0e588698fd9", - "zh:7c7399e3223dd76efb56ca2e3c9435b41bcbaf549839cec36023f801ca5bdcd2", - "zh:8a92b221694c59648d22e2e2a0059015872eff7034ae0ba9eb801fe399644a2c", - "zh:90a8ae716c9bc6c8804a38f7a903c7af7114ce324d0126c64e1447b6d255cdba", - "zh:d29eb17fde9460c5ce3c7a7975eef0ad7fea692eb17fad5e0421952e4d29dbd2", - ] -} diff --git a/examples/iam-scim-integration/010-provider.tf b/examples/iam-scim-integration/010-provider.tf deleted file mode 100644 index ba5d9ed..0000000 --- a/examples/iam-scim-integration/010-provider.tf +++ /dev/null @@ -1,66 +0,0 @@ -# Copyright 2026 Schwarz Digits Cloud GmbH & Co. KG -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -terraform { - required_providers { - stackit = { - source = "stackitcloud/stackit" - version = ">=0.95.0" - } - kubernetes = { - source = "hashicorp/kubernetes" - version = ">2.14.0" - } - random = { - source = "hashicorp/random" - version = ">= 3.0.0" - } - authentik = { - source = "goauthentik/authentik" - version = "2026.2.0" - } - time = { - source = "hashicorp/time" - version = ">= 0.9.1" - } - } -} - -provider "authentik" { - url = "https://${stackit_dns_record_set.authentik.name}.${stackit_dns_zone.this.dns_name}" - token = random_password.authentik_bootstrap_token.result -} - -provider "stackit" { - default_region = var.stackit_region - service_account_key_path = var.stackit_service_account_key_path - enable_beta_resources = true -} - - -provider "kubernetes" { - host = yamldecode(module.ske.kubeconfig).clusters.0.cluster.server - client_certificate = base64decode(yamldecode(module.ske.kubeconfig).users.0.user.client-certificate-data) - client_key = base64decode(yamldecode(module.ske.kubeconfig).users.0.user.client-key-data) - cluster_ca_certificate = base64decode(yamldecode(module.ske.kubeconfig).clusters.0.cluster.certificate-authority-data) -} - -provider "helm" { - kubernetes = { - host = yamldecode(module.ske.kubeconfig).clusters.0.cluster.server - client_certificate = base64decode(yamldecode(module.ske.kubeconfig).users.0.user.client-certificate-data) - client_key = base64decode(yamldecode(module.ske.kubeconfig).users.0.user.client-key-data) - cluster_ca_certificate = base64decode(yamldecode(module.ske.kubeconfig).clusters.0.cluster.certificate-authority-data) - } -} diff --git a/examples/iam-scim-integration/020-variables.tf b/examples/iam-scim-integration/020-variables.tf deleted file mode 100644 index f6539e9..0000000 --- a/examples/iam-scim-integration/020-variables.tf +++ /dev/null @@ -1,47 +0,0 @@ -# Copyright 2026 Schwarz Digits Cloud GmbH & Co. KG -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -variable "stackit_project_id" { - type = string -} - -variable "stackit_region" { - type = string - default = "eu01" -} - -variable "stackit_service_account_key_path" { - type = string -} - -variable "acme_email" { - description = "The email address used for ACME registration." - type = string -} - -variable "authentik_scim_long_lived_token" { - description = "The SCIM synchronization token provided by the IDP team. This configuration uses a long-lived static token due to Authentik Community Edition limitations. For production environments, dynamically generated, short-lived tokens are highly recommended." - type = string -} - -variable "authentik_number_of_users" { - description = "The number of test users to generate" - type = number -} - -variable "authentik_default_user_password" { - description = "The default password assigned to all created test users" - type = string - sensitive = true -} diff --git a/examples/iam-scim-integration/030-ske-cluster.tf b/examples/iam-scim-integration/030-ske-cluster.tf deleted file mode 100644 index 7241a13..0000000 --- a/examples/iam-scim-integration/030-ske-cluster.tf +++ /dev/null @@ -1,37 +0,0 @@ -# Copyright 2026 Schwarz Digits Cloud GmbH & Co. KG -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -module "ske" { - source = "../../modules/test-ske" - project_id = var.stackit_project_id - cluster_name = "ske-test" -} - -resource "kubernetes_namespace_v1" "cert_manager" { - metadata { - name = "cert-manager" - } -} - -resource "kubernetes_namespace_v1" "authentik" { - metadata { - name = "authentik" - } -} - -resource "kubernetes_namespace_v1" "nginx" { - metadata { - name = "nginx" - } -} diff --git a/examples/iam-scim-integration/040-dns.tf b/examples/iam-scim-integration/040-dns.tf deleted file mode 100644 index 57a1ce6..0000000 --- a/examples/iam-scim-integration/040-dns.tf +++ /dev/null @@ -1,46 +0,0 @@ -# Copyright 2026 Schwarz Digits Cloud GmbH & Co. KG -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -resource "stackit_public_ip" "ingress_floating_ip" { - project_id = var.stackit_project_id - - lifecycle { - ignore_changes = [network_interface_id] - } -} - -resource "random_string" "this" { - length = 6 - special = false - upper = false -} - -resource "stackit_dns_zone" "this" { - project_id = var.stackit_project_id - name = random_string.this.result - dns_name = "${random_string.this.result}.runs.onstackit.cloud" - type = "primary" - default_ttl = 60 - contact_email = "hostmaster@stackit.cloud" -} - -resource "stackit_dns_record_set" "authentik" { - project_id = var.stackit_project_id - zone_id = stackit_dns_zone.this.zone_id - name = "authentik" - type = "A" - ttl = 60 - comment = "a record" - records = [stackit_public_ip.ingress_floating_ip.ip] -} diff --git a/examples/iam-scim-integration/050-cert-manager.tf b/examples/iam-scim-integration/050-cert-manager.tf deleted file mode 100644 index 0cf6ac9..0000000 --- a/examples/iam-scim-integration/050-cert-manager.tf +++ /dev/null @@ -1,62 +0,0 @@ -# Copyright 2026 Schwarz Digits Cloud GmbH & Co. KG -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -resource "helm_release" "cert_manager" { - name = "cert-manager" - repository = "https://charts.jetstack.io" - chart = "cert-manager" - version = "v1.15.1" - - timeout = 120 - cleanup_on_fail = true - force_update = false - namespace = kubernetes_namespace_v1.cert_manager.metadata.0.name - - set = [ - { - name = "crds.enabled" - value = "true" - } - ] -} - -resource "kubernetes_manifest" "cluster_issuer" { - manifest = { - apiVersion = "cert-manager.io/v1" - kind = "ClusterIssuer" - metadata = { - name = "letsencrypt-prod-cluster" - } - spec = { - acme = { - email = var.acme_email - server = "https://acme-v02.api.letsencrypt.org/directory" - privateKeySecretRef = { - name = "letsencrypt-prod-cluster" - } - solvers = [ - { - http01 = { - ingress = { - class = "nginx" - } - } - } - ] - } - } - } - - depends_on = [helm_release.cert_manager] -} diff --git a/examples/iam-scim-integration/060-nginx-ingress.tf b/examples/iam-scim-integration/060-nginx-ingress.tf deleted file mode 100644 index 4aa4624..0000000 --- a/examples/iam-scim-integration/060-nginx-ingress.tf +++ /dev/null @@ -1,36 +0,0 @@ -# Copyright 2026 Schwarz Digits Cloud GmbH & Co. KG -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -resource "helm_release" "nginx_ingress" { - name = "nginx-ingress" - repository = "https://kubernetes.github.io/ingress-nginx" - chart = "ingress-nginx" - version = "4.2.3" - - namespace = kubernetes_namespace_v1.nginx.metadata.0.name - - values = [ - <[| no | -| [sna_name](#input_sna_name) | The name of the STACKIT Network Area (SNA). | `string` | n/a | yes | -| [sna_network_range_prefix](#input_sna_network_range_prefix) | A list of STACKIT SNA network range prefixes in CIDR notation. | `list(string)` |
"1.1.1.1"
]
[| no | -| [sna_transfer_range](#input_sna_transfer_range) | The STACKIT SNA transfer range in CIDR notation. | `string` | `"172.16.0.0/16"` | no | -| [stackit_admin_email](#input_stackit_admin_email) | The email address of the project administrator. | `string` | n/a | yes | -| [stackit_org_id](#input_stackit_org_id) | The STACKIT Organization ID (UUID). | `string` | n/a | yes | -| [stackit_project_name](#input_stackit_project_name) | The name of the STACKIT project where the managed VPN and test machine will be deployed. | `string` | n/a | yes | - -## Outputs - -| Name | Description | -| ----------------------------------------------------------------------------------------------- | ---------------------------------------------------------- | -| [machine_network_ipv4](#output_machine_network_ipv4) | The IPv4 prefix of the machine's network. | -| [machine_private_ipv4](#output_machine_private_ipv4) | The private IP address of the test machine. | -| [machine_public_ip](#output_machine_public_ip) | The public IP address of the test machine. | -| [project_id](#output_project_id) | The ID of the STACKIT project. | -| [sna_id](#output_sna_id) | The ID of the STACKIT Network Area. | -| [sna_network_range](#output_sna_network_range) | The network ranges (sna-ipv4) of the STACKIT Network Area. | - - diff --git a/examples/vpn-usecases/module/stackit-sna-with-debug-machine/debug-user.yml b/examples/vpn-usecases/module/stackit-sna-with-debug-machine/debug-user.yml deleted file mode 100644 index 865ffb5..0000000 --- a/examples/vpn-usecases/module/stackit-sna-with-debug-machine/debug-user.yml +++ /dev/null @@ -1,25 +0,0 @@ -#cloud-config -# --------------------------------------------------------------------------- -# Example cloud-init for Linux instances (RHEL / Debian). -# Creates a local admin user for initial access. -# -# IMPORTANT: Replace the password hash below with a hash of your own -# secure password before deploying. Never use a shared or well-known -# default password in production. -# -# Generate a SHA-512 hash on Linux/macOS: -# openssl passwd -6 "YourPassword" -# --------------------------------------------------------------------------- -users: - - name: debug - groups: sudo - shell: /bin/bash - sudo: ["ALL=(ALL) NOPASSWD:ALL"] - lock_passwd: false - # debug123 - passwd: "$6$dIIA5b1oK7qi89.P$MH9SSMtnzCo8QvvUnVoCE5e1c7FY0NUgB4dpsv5JDq9zpRDiTpfiYtM5DitiJIuQWvZ7T1emTTgKaBufayaIW." - -chpasswd: - expire: false - -ssh_pwauth: true diff --git a/examples/vpn-usecases/module/stackit-sna-with-debug-machine/main.tf b/examples/vpn-usecases/module/stackit-sna-with-debug-machine/main.tf deleted file mode 100644 index a8f09c4..0000000 --- a/examples/vpn-usecases/module/stackit-sna-with-debug-machine/main.tf +++ /dev/null @@ -1,96 +0,0 @@ -# Copyright 2026 Schwarz Digits Cloud GmbH & Co. KG -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -resource "stackit_network_area" "this" { - name = var.sna_name - organization_id = var.stackit_org_id - labels = { - "preview/routingtables" = "true" - } -} - -resource "stackit_network_area_region" "this" { - organization_id = var.stackit_org_id - network_area_id = stackit_network_area.this.network_area_id - ipv4 = { - transfer_network = var.sna_transfer_range - network_ranges = [ - for prefix in var.sna_network_range_prefix : { - prefix = prefix - } - ] - default_nameservers = var.sna_default_nameserver - } -} - -resource "stackit_resourcemanager_project" "this" { - parent_container_id = var.stackit_org_id - name = var.stackit_project_name - owner_email = var.stackit_admin_email - labels = { - "networkArea" = stackit_network_area.this.network_area_id - } -} - -resource "stackit_volume" "this" { - project_id = stackit_resourcemanager_project.this.project_id - name = "${var.machine_name}-volume" - availability_zone = var.machine_availability_zone - size = var.machine_disk_size - performance_class = var.machine_disk_performance_class - source = { - type = "image" - id = var.machine_image_id - } -} - -resource "stackit_network" "this" { - name = var.machine_network_name - project_id = stackit_resourcemanager_project.this.project_id - ipv4_prefix = var.machine_ipv4_prefix - ipv4_nameservers = var.sna_default_nameserver -} - -resource "stackit_network_interface" "this" { - project_id = stackit_resourcemanager_project.this.project_id - network_id = stackit_network.this.network_id - security = false -} - -resource "stackit_server" "this" { - project_id = stackit_resourcemanager_project.this.project_id - name = var.machine_name - availability_zone = var.machine_availability_zone - machine_type = var.machine_type - - boot_volume = { - source_type = "volume" - source_id = stackit_volume.this.volume_id - } - - agent = { - provisioning_policy = "ALWAYS" - } - - network_interfaces = [ - stackit_network_interface.this.network_interface_id - ] - - user_data = file("${path.module}/debug-user.yml") -} - -resource "stackit_public_ip" "this" { - project_id = stackit_resourcemanager_project.this.project_id - network_interface_id = stackit_network_interface.this.network_interface_id -} diff --git a/examples/vpn-usecases/module/stackit-sna-with-debug-machine/outputs.tf b/examples/vpn-usecases/module/stackit-sna-with-debug-machine/outputs.tf deleted file mode 100644 index ec2f79d..0000000 --- a/examples/vpn-usecases/module/stackit-sna-with-debug-machine/outputs.tf +++ /dev/null @@ -1,43 +0,0 @@ -# Copyright 2026 Schwarz Digits Cloud GmbH & Co. KG -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -output "sna_id" { - description = "The ID of the STACKIT Network Area." - value = stackit_network_area.this.network_area_id -} - -output "project_id" { - description = "The ID of the STACKIT project." - value = stackit_resourcemanager_project.this.project_id -} - -output "machine_public_ip" { - description = "The public IP address of the test machine." - value = stackit_public_ip.this.ip -} - -output "machine_private_ipv4" { - description = "The private IP address of the test machine." - value = stackit_network_interface.this.ipv4 -} - -output "machine_network_ipv4" { - description = "The IPv4 prefix of the machine's network." - value = stackit_network.this.ipv4_prefix -} - -output "sna_network_range" { - description = "The network ranges (sna-ipv4) of the STACKIT Network Area." - value = stackit_network_area_region.this.ipv4.network_ranges -} diff --git a/examples/vpn-usecases/module/stackit-sna-with-debug-machine/provider.tf b/examples/vpn-usecases/module/stackit-sna-with-debug-machine/provider.tf deleted file mode 100644 index edbbfce..0000000 --- a/examples/vpn-usecases/module/stackit-sna-with-debug-machine/provider.tf +++ /dev/null @@ -1,22 +0,0 @@ -# Copyright 2026 Schwarz Digits Cloud GmbH & Co. KG -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -terraform { - required_providers { - stackit = { - source = "stackitcloud/stackit" - version = ">=0.95.0" - } - } -} diff --git a/examples/vpn-usecases/module/stackit-sna-with-debug-machine/variables.tf b/examples/vpn-usecases/module/stackit-sna-with-debug-machine/variables.tf deleted file mode 100644 index a3fce06..0000000 --- a/examples/vpn-usecases/module/stackit-sna-with-debug-machine/variables.tf +++ /dev/null @@ -1,138 +0,0 @@ -# Copyright 2026 Schwarz Digits Cloud GmbH & Co. KG -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -variable "stackit_org_id" { - description = "The STACKIT Organization ID (UUID)." - type = string - validation { - condition = can(regex("^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}$", var.stackit_org_id)) - error_message = "The stackit_org_id must be a valid UUID." - } -} - -variable "stackit_project_name" { - description = "The name of the STACKIT project where the managed VPN and test machine will be deployed." - type = string - validation { - condition = length(var.stackit_project_name) >= 1 && length(var.stackit_project_name) <= 63 - error_message = "The project name must be between 1 and 63 characters long." - } -} - -variable "stackit_admin_email" { - description = "The email address of the project administrator." - type = string - validation { - condition = can(regex("^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$", var.stackit_admin_email)) - error_message = "The stackit_admin_email must be a valid email address." - } -} - -variable "sna_name" { - description = "The name of the STACKIT Network Area (SNA)." - type = string -} - -variable "sna_transfer_range" { - description = "The STACKIT SNA transfer range in CIDR notation." - type = string - default = "172.16.0.0/16" - validation { - condition = can(cidrnetmask(var.sna_transfer_range)) - error_message = "The sna_transfer_range must be a valid CIDR notation." - } -} - -variable "sna_network_range_prefix" { - description = "A list of STACKIT SNA network range prefixes in CIDR notation." - type = list(string) - default = ["10.28.0.0/16"] - validation { - condition = alltrue([for r in var.sna_network_range_prefix : can(cidrnetmask(r))]) - error_message = "All elements in sna_network_range_prefix must be valid CIDR notations." - } -} - -variable "sna_default_nameserver" { - description = "A list of STACKIT SNA default nameservers (IP addresses)." - type = list(string) - default = ["1.1.1.1"] - validation { - condition = alltrue([for ns in var.sna_default_nameserver : can(regex("^((25[0-5]|(2[0-4]|1\\d|[1-9]|)\\d)\\.?\\b){4}$", ns))]) - error_message = "All elements in sna_default_nameserver must be valid IP addresses." - } -} - -variable "machine_network_name" { - description = "The name of the network where the test machine will be connected." - type = string -} - -variable "machine_ipv4_prefix" { - description = "The IPv4 prefix for the test machine's network (CIDR notation). This must be a subnet within the defined SNA network ranges." - type = string - validation { - condition = can(cidrnetmask(var.machine_ipv4_prefix)) - error_message = "The machine_ipv4_prefix must be a valid CIDR notation." - } -} - -variable "machine_name" { - type = string - description = "name of the stackit test machine" -} - -variable "machine_availability_zone" { - description = "The availability zone (e.g. eu01-1)" - type = string - - validation { - condition = can(regex("^[a-z]{2}[0-9]{2}-[a-zA-Z0-9]+$", var.machine_availability_zone)) - error_message = "The availability zone must follow the STACKIT pattern (e.g., eu01-1, eu01-m)." - } -} - -variable "machine_type" { - description = "Flavor of the machine" - type = string - default = "c2i.1" -} - -variable "machine_image_id" { - description = "Image UUID (Default: Debian 12)" - type = string - default = "c751cde7-e648-4f81-9722-ce9c7848bed0" - - validation { - condition = can(regex("^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$", var.machine_image_id)) - error_message = "The image_id must be a valid UUID." - } -} - -variable "machine_disk_size" { - description = "Boot volume size in GB" - type = number - default = 20 - - validation { - condition = var.machine_disk_size >= 1 - error_message = "The disk_size must be at least 1 GB." - } -} - -variable "machine_disk_performance_class" { - description = "Storage performance class" - type = string - default = "storage_premium_perf4" -} diff --git a/examples/vpn-usecases/stackit-azure/.terraform.lock.hcl b/examples/vpn-usecases/stackit-azure/.terraform.lock.hcl deleted file mode 100644 index e793dcf..0000000 --- a/examples/vpn-usecases/stackit-azure/.terraform.lock.hcl +++ /dev/null @@ -1,105 +0,0 @@ -# This file is maintained automatically by "terraform init". -# Manual edits may be lost in future updates. - -provider "registry.terraform.io/hashicorp/azurerm" { - version = "4.72.0" - constraints = "4.72.0" - hashes = [ - "h1:QYnPAHT/PYheOOZz52ucHqw/ZO9PxWyPLtO7UD/jSMg=", - "zh:073472587c3752e89738522814d2b4eb2fd69eb2cb19c5a5ead3c7d2eabdc279", - "zh:1950effc0c315b6002c8cb6327b94fe59bda210e699367d9727bc66490d651d2", - "zh:47c990db75658525de57c8955a05b4752b88f3a900fffac0e7661d4a749e94f2", - "zh:610f2cbd6fab76750d8b093f03beabbb7162dc8c6affe0109f534ce240b3ff0f", - "zh:6739d645fe548c5a489d711f7748f32368cf68d723d2c59d3f2e21456304d692", - "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", - "zh:a277ab095cc8aff3aede9e43eca2a699936472ef90abb272adf3daa609eb9141", - "zh:b1fdcdaf926c86de0d884beda90d78cb94a42ddede03a1f0b92c36b321d4f07e", - "zh:c003f1f15e52c54e189301ae2c7d8dd65acb2e5a7527d201355f2757b5465ba9", - "zh:c45f2d2206c0f8f71f207cd39eec73da9619d35932bbe1a5b8be7679c50a151e", - "zh:d7040d8ec295481bc1d30346ed7f3075c40ede87c0fedf1db34dd91c1c367a10", - "zh:e595f0b870cd5fd5debdc926fc1740201d2b66188b9b132dc598bdd6444e7348", - ] -} - -provider "registry.terraform.io/hashicorp/random" { - version = "3.9.0" - hashes = [ - "h1:OO+IuvQJSPmWdN8AyyIEvPJbLvDQpgX/zbktoa9KsJE=", - "zh:161ad0bd9a75768c82f53fb6e7172a9d8be2d4889b012645a34795031aaf1bf1", - "zh:19dc9a5b17729725ccfc4f45b0500af0ee5bc6b6b160c7adb8f2bf617d2c80ea", - "zh:269eda8fe42daa7974d5a34d166c3ba9defe80cde86c01e4dadcfdf2e1f05e5f", - "zh:373f7c65566f8f2cc7f45d698654feb9d988996957e1266a69ca00c52d6d16d0", - "zh:5599d16804c41c83009ec621b6d6b6f74e102f5827678a4750f8809055546b61", - "zh:583be0440469a22bff70dcfa56593b01566860b29607437264adb51060cf46fc", - "zh:5f211d8ec3f2e1f414870d9584bfe26e6995560ef81c748f8447a48164767398", - "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", - "zh:7b547fd16216761ef86efc3ed516ac5ac0c5c42b7c7eb24a08cef2d93f69ed5e", - "zh:7e7c0679daf2a382151d05068c8c3f0dae6b7b7dccf818827b73dd08638df2ef", - "zh:8089dec888a8038b9b4fb23b3df7e1057293dbc5b60b42cc47ff690d69d4b61b", - "zh:c51f15a031edfd6f23ce8ced3446ca7f8d8d647e2499890d7d5d10d5016d7257", - "zh:c94784f005708890dc6895afd53636ec00ec1e430b15d41e5aebfb1d4b39bd04", - ] -} - -provider "registry.terraform.io/hashicorp/time" { - version = "0.14.0" - hashes = [ - "h1:/hlxsUpuN/lvPTNL9+NyVGsOyRsK5NsxwFMsj5CdOp4=", - "zh:12abfd6b800e4d7fa6db7310dec8ffd440b31993861ef188c7ed5260b3073937", - "zh:23005521e800bb19e1597bf755c5f70d675d30b685d4255001ed5fa47d9df3f1", - "zh:2fea249b582ae97cd1cc10385187ea50993bb47c28cc5df0305e57ceaabf0a10", - "zh:322018d3b987b7aad08697178029a2bb667bed699e88328f0c89c52a2fd41341", - "zh:32a08e98fce2d273cb9b2c89d6c54727cc9f0a32e15bfd896be4e02cc6b48f95", - "zh:3db89aabd0e619616bd4b0f8b373a7586dfe60feffcea12a84a0bdbc445714b3", - "zh:7488f56c81d742dc020f29063626c8f07ca188aa97be61e7307e8d62397020a2", - "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", - "zh:7cb4067f2e7559b13f7562ef722f948950901eb37834873e98360ab28f66e9d7", - "zh:9d552c8345f61e1b7db8e725144981345f18ac1014d58d6f5ddf0928a195fffb", - "zh:a8e69fb6b97fc9d86fb19a9f4d42abe33c4a68e700b15387ce2e17d2b9934bed", - "zh:aeeb900eb8dd0f790c60ea5c0e0c8d42bd6e4a54f391681d4decca15b544394b", - "zh:c239c619101a8c95e1f14061eb973c57a8d15fa0e68878ced5bbd76858ee5b79", - ] -} - -provider "registry.terraform.io/magodo/restful" { - version = "0.25.2" - hashes = [ - "h1:gvoDTFfxp7n1B4Wsnx9IC7Ku8g8tdVR4mCC6TDX0Mws=", - "zh:0513ff62fce41a59462f39e1c4636f3c87e6f8d24ee579075900d3e0f57f6992", - "zh:1a3e39e6b8c7fd0f3983730944a029db8f00557922e337cff0567a07c5e74b45", - "zh:2527c96fcc45458efc9eca1c66cee98269d80693b571c57baee783402bfbaa28", - "zh:50cec9afe8b55629d1c94d477b26ff95de8cc8e3304f6c2bfc5dad3bccc6decc", - "zh:89e94c0f312d0ef4213b46ee776a27f6a5d114520c08a4716f4fee4c26c16f91", - "zh:9a9762ebaf9567a4aa34a1911f051527696241679e087137fcc7821e52b66483", - "zh:a065be3488e24928199904f4a496974c03fdcf2b06fccf016e405b3068d5ef76", - "zh:c62a1a6fb3c5135451f68ea4ed1f66d999ab654323d10526756e83f6f77d6bdf", - "zh:cf01364f89b713dc10eb87098839317e6f2de222bec2597923cddbb07bdd9c13", - "zh:dc0ac6a1e5e3199e1d35fb49f9de1d9325caa3c0d3e87ea8128295e19ac941c3", - "zh:e55cf6e8230f081b7c8ade592c14f1b8b45ee0aaa14c2bde2da9531d819a4392", - "zh:f333748916e68050c8935d760d6b9b469dd76eb94363af93562cbd076dba6ff5", - "zh:f809ab383cca0a5f83072981c64208cbd7fa67e986a86ee02dd2c82333221e32", - "zh:fdfdca8b7976c1a8b1b6a3589b4bfec277beb6dfb40c5568271d42f0b2f88a9d", - ] -} - -provider "registry.terraform.io/stackitcloud/stackit" { - version = "0.95.0" - constraints = ">= 0.87.0, >= 0.95.0" - hashes = [ - "h1:sKmc6SGKEFglXKLMtOluJkFm7tzQZKQV3/QxUbHug1E=", - "zh:023edbb8ca984233bb51605a9005d4f7cb3365f0b11ddd68d911a1e30ccf64be", - "zh:0dde99e7b343fa01f8eefc378171fb8621bedb20f59157d6cc8e3d46c738105f", - "zh:1fc43ed3055c4912e5b3ae2eba49dd5407beaa9ba6617612f317543f7d26ccd7", - "zh:31e587a9f279661b74b139e2a964a7d1c54a4073d27d21c2f948e0e7ba4c0d04", - "zh:37427a23800dff84c1b89d4985cb935c0112c59acd716d8920c160221c459061", - "zh:3a575f5c7d1252d99aea9187923087e1d483b2b34e42c9f058f557ec28c45d84", - "zh:44c7ee340e1a09d6f9a9873959f8283f0d73aee4a8c884f7b36985f943874b65", - "zh:4fab8fe953a0d4c21589cd36d23afe072c6403e37620c82839f9f829139cbbbf", - "zh:69fc061b3c7ea82d9e9a31d3665a535f6bb9dc3d6ff5b466f940d3d04a105e19", - "zh:85ee00442eff70ea103a96276efb5e1485b661b0a1db08bcdbd28b11b1f966e6", - "zh:9761ef1321c93cb3e4bc2499995b3e7ae910e2ae68b3228164dea73e9687ddb5", - "zh:b158a4e4726a4d4c9f61c5dc71abb4ca3a621269e1d7af88ab36d34c3bcec66f", - "zh:da37df9a426d83da8f6c1340104a6b9a7eef4a7e2589d0b70a89c574a1b3cc78", - "zh:e6421b9a351b2c9b2ab2341f2c07d863eb2ed055b847ea839de96b0fd62baf97", - ] -} diff --git a/examples/vpn-usecases/stackit-azure/010-provider.tf b/examples/vpn-usecases/stackit-azure/010-provider.tf deleted file mode 100644 index 88f7674..0000000 --- a/examples/vpn-usecases/stackit-azure/010-provider.tf +++ /dev/null @@ -1,54 +0,0 @@ -# Copyright 2026 Schwarz Digits Cloud GmbH & Co. KG -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -terraform { - required_providers { - stackit = { - source = "stackitcloud/stackit" - version = ">=0.95.0" - } - restful = { - source = "magodo/restful" - } - azurerm = { - source = "hashicorp/azurerm" - version = "4.72.0" - } - } -} - -provider "stackit" { - default_region = var.stackit_region - service_account_key_path = var.stackit_service_account_key_path - enable_beta_resources = true -} - -provider "azurerm" { - features {} - subscription_id = var.azure_subscription_id -} - -ephemeral "stackit_access_token" "this" {} - -provider "restful" { - alias = "stackit" - base_url = "https://vpn.api.eu01.stackit.cloud" - security = { - http = { - token = { - token = ephemeral.stackit_access_token.this.access_token - } - } - } -} diff --git a/examples/vpn-usecases/stackit-azure/020-variables.tf b/examples/vpn-usecases/stackit-azure/020-variables.tf deleted file mode 100644 index ae3c32e..0000000 --- a/examples/vpn-usecases/stackit-azure/020-variables.tf +++ /dev/null @@ -1,34 +0,0 @@ -# Copyright 2026 Schwarz Digits Cloud GmbH & Co. KG -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -variable "stackit_org_id" { - type = string -} - -variable "stackit_region" { - type = string - default = "eu01" -} - -variable "stackit_service_account_key_path" { - type = string -} - -variable "azure_subscription_id" { - type = string -} - -variable "stackit_admin_email" { - type = string -} diff --git a/examples/vpn-usecases/stackit-azure/030-stackit-azure-vpn.tf b/examples/vpn-usecases/stackit-azure/030-stackit-azure-vpn.tf deleted file mode 100644 index 2d3d7a2..0000000 --- a/examples/vpn-usecases/stackit-azure/030-stackit-azure-vpn.tf +++ /dev/null @@ -1,376 +0,0 @@ -# Copyright 2026 Schwarz Digits Cloud GmbH & Co. KG -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# STACKIT Side (vpn-sna-01) -module "vpn_sna_01" { - source = "../module/stackit-sna-with-debug-machine" - machine_availability_zone = "eu01-1" - machine_ipv4_prefix = "10.10.10.0/24" - machine_network_name = "vpn-sna-01" - sna_name = "vpn-sna-01" - machine_name = "vpn-sna-01" - stackit_admin_email = var.stackit_admin_email - stackit_org_id = var.stackit_org_id - stackit_project_name = "vpn-sna-01" - sna_network_range_prefix = [ - "10.10.0.0/16" - ] -} - -resource "restful_resource" "vpn_01_gateway" { - provider = restful.stackit - path = "/v1/projects/${module.vpn_sna_01.project_id}/regions/eu01/gateways" - body = { - availabilityZones = { - tunnel1 = "eu01-1" - tunnel2 = "eu01-2" - } - bgp = { - localAsn = 64512 - overrideAdvertisedRoutes = ["10.10.0.0/16"] - } - displayName = "vpn01" - labels = null - planId = "p500" - routingType = "BGP_ROUTE_BASED" - } - - read_path = "$(path)/$(body.id)" - update_path = "$(path)/$(body.id)" - update_method = "PUT" - delete_path = "$(path)/$(body.id)" - delete_method = "DELETE" -} - -data "restful_resource" "vpn_01_gateway_status" { - provider = restful.stackit - id = "${restful_resource.vpn_01_gateway.id}/status" -} - -resource "random_password" "vpn_psk" { - length = 32 - special = false -} - -# Azure Side -resource "azurerm_resource_group" "rg" { - name = "rg-vpn-test" - location = "West Europe" -} - -# 1. Azure VNet and Subnets -resource "azurerm_virtual_network" "azure_vnet" { - name = "azure-vpn-network" - location = azurerm_resource_group.rg.location - resource_group_name = azurerm_resource_group.rg.name - address_space = ["10.11.0.0/16"] -} - -resource "azurerm_subnet" "azure_gateway_subnet" { - name = "GatewaySubnet" # MUST be exactly named GatewaySubnet - resource_group_name = azurerm_resource_group.rg.name - virtual_network_name = azurerm_virtual_network.azure_vnet.name - address_prefixes = ["10.11.0.0/24"] -} - -resource "azurerm_subnet" "azure_vm_subnet" { - name = "vm-subnet" - resource_group_name = azurerm_resource_group.rg.name - virtual_network_name = azurerm_virtual_network.azure_vnet.name - address_prefixes = ["10.11.1.0/24"] -} - -# 2. Azure Public IPs (2 required for Active-Active HA VPN) -resource "azurerm_public_ip" "azure_gw_pip1" { - name = "azure-gw-pip1" - location = azurerm_resource_group.rg.location - resource_group_name = azurerm_resource_group.rg.name - allocation_method = "Static" - sku = "Standard" - zones = ["1", "2", "3"] - - lifecycle { - ignore_changes = [domain_name_label] - } -} - -resource "azurerm_public_ip" "azure_gw_pip2" { - name = "azure-gw-pip2" - location = azurerm_resource_group.rg.location - resource_group_name = azurerm_resource_group.rg.name - allocation_method = "Static" - sku = "Standard" - zones = ["1", "2", "3"] - - lifecycle { - ignore_changes = [domain_name_label] - } -} - -# 3. Azure HA VPN Gateway -resource "azurerm_virtual_network_gateway" "azure_gateway" { - name = "azure-ha-vpn" - location = azurerm_resource_group.rg.location - resource_group_name = azurerm_resource_group.rg.name - - type = "Vpn" - vpn_type = "RouteBased" - active_active = true - bgp_enabled = true - sku = "VpnGw1AZ" - - bgp_settings { - asn = 64513 # Azure's local ASN - peering_addresses { - ip_configuration_name = "vnetGatewayConfig1" - apipa_addresses = ["169.254.21.2"] - } - peering_addresses { - ip_configuration_name = "vnetGatewayConfig2" - apipa_addresses = ["169.254.21.6"] - } - } - - ip_configuration { - name = "vnetGatewayConfig1" - public_ip_address_id = azurerm_public_ip.azure_gw_pip1.id - private_ip_address_allocation = "Dynamic" - subnet_id = azurerm_subnet.azure_gateway_subnet.id - } - - ip_configuration { - name = "vnetGatewayConfig2" - public_ip_address_id = azurerm_public_ip.azure_gw_pip2.id - private_ip_address_allocation = "Dynamic" - subnet_id = azurerm_subnet.azure_gateway_subnet.id - } -} - -# 4. Azure Local Network Gateways (Represents the 2 STACKIT Tunnels) -resource "azurerm_local_network_gateway" "stackit_tunnel1" { - name = "stackit-tunnel-1" - location = azurerm_resource_group.rg.location - resource_group_name = azurerm_resource_group.rg.name - gateway_address = data.restful_resource.vpn_01_gateway_status.output.tunnels[0].publicIP - - bgp_settings { - asn = 64512 - bgp_peering_address = "169.254.21.1" - } -} - -resource "azurerm_local_network_gateway" "stackit_tunnel2" { - name = "stackit-tunnel-2" - location = azurerm_resource_group.rg.location - resource_group_name = azurerm_resource_group.rg.name - gateway_address = data.restful_resource.vpn_01_gateway_status.output.tunnels[1].publicIP - - bgp_settings { - asn = 64512 - bgp_peering_address = "169.254.21.5" - } -} - -# 5. Azure VPN Connections -resource "azurerm_virtual_network_gateway_connection" "azure_tunnel1" { - name = "conn-to-stackit-tunnel1" - location = azurerm_resource_group.rg.location - resource_group_name = azurerm_resource_group.rg.name - - type = "IPsec" - virtual_network_gateway_id = azurerm_virtual_network_gateway.azure_gateway.id - local_network_gateway_id = azurerm_local_network_gateway.stackit_tunnel1.id - shared_key = random_password.vpn_psk.result - enable_bgp = true - - ipsec_policy { - ike_encryption = "GCMAES256" - ike_integrity = "SHA256" - ipsec_encryption = "GCMAES256" - ipsec_integrity = "GCMAES256" - dh_group = "DHGroup14" - pfs_group = "PFS14" - sa_lifetime = 3600 - sa_datasize = 102400000 - } -} - -resource "azurerm_virtual_network_gateway_connection" "azure_tunnel2" { - name = "conn-to-stackit-tunnel2" - location = azurerm_resource_group.rg.location - resource_group_name = azurerm_resource_group.rg.name - - type = "IPsec" - virtual_network_gateway_id = azurerm_virtual_network_gateway.azure_gateway.id - local_network_gateway_id = azurerm_local_network_gateway.stackit_tunnel2.id - shared_key = random_password.vpn_psk.result - enable_bgp = true - - ipsec_policy { - ike_encryption = "GCMAES256" - ike_integrity = "SHA256" - ipsec_encryption = "GCMAES256" - ipsec_integrity = "GCMAES256" - dh_group = "DHGroup14" - pfs_group = "PFS14" - sa_lifetime = 3600 - sa_datasize = 102400000 - } -} - -# Connection from STACKIT to Azure -resource "restful_resource" "vpn_01_connection" { - provider = restful.stackit - path = "${restful_resource.vpn_01_gateway.id}/connections" - body = { - displayName = "conn-to-azure" - tunnel1 = { - bgp = { - remoteAsn = 64513 - } - peering = { - localAddress = "169.254.21.1" - remoteAddress = "169.254.21.2" - } - phase1 = { - dhGroups = ["modp2048"] - encryptionAlgorithms = ["aes256gcm16"] - integrityAlgorithms = ["sha2_256"] - } - phase2 = { - dhGroups = ["modp2048"] - encryptionAlgorithms = ["aes256gcm16"] - integrityAlgorithms = ["sha2_256"] - } - preSharedKey = random_password.vpn_psk.result - remoteAddress = azurerm_public_ip.azure_gw_pip1.ip_address - } - tunnel2 = { - bgp = { - remoteAsn = 64513 - } - peering = { - localAddress = "169.254.21.5" - remoteAddress = "169.254.21.6" - } - phase1 = { - dhGroups = ["modp2048"] - encryptionAlgorithms = ["aes256gcm16"] - integrityAlgorithms = ["sha2_256"] - } - phase2 = { - dhGroups = ["modp2048"] - encryptionAlgorithms = ["aes256gcm16"] - integrityAlgorithms = ["sha2_256"] - } - preSharedKey = random_password.vpn_psk.result - remoteAddress = azurerm_public_ip.azure_gw_pip2.ip_address - } - } - - lifecycle { - ignore_changes = [ - body.tunnel1.preSharedKey, - body.tunnel2.preSharedKey - ] - } - - read_path = "$(path)/$(body.id)" - update_path = "$(path)/$(body.id)" - update_method = "PUT" - delete_path = "$(path)/$(body.id)" - delete_method = "DELETE" -} - -# Azure Test VM & NSG -resource "azurerm_network_security_group" "vm_nsg" { - name = "test-vm-nsg" - location = azurerm_resource_group.rg.location - resource_group_name = azurerm_resource_group.rg.name - - security_rule { - name = "Allow-STACKIT" - priority = 100 - direction = "Inbound" - access = "Allow" - protocol = "*" - source_port_range = "*" - destination_port_range = "*" - source_address_prefix = "10.10.0.0/16" - destination_address_prefix = "*" - } -} - -resource "azurerm_network_interface" "vm_nic" { - name = "test-vm-nic" - location = azurerm_resource_group.rg.location - resource_group_name = azurerm_resource_group.rg.name - - ip_configuration { - name = "internal" - subnet_id = azurerm_subnet.azure_vm_subnet.id - private_ip_address_allocation = "Dynamic" - } -} - -resource "azurerm_network_interface_security_group_association" "vm_nsg_assoc" { - network_interface_id = azurerm_network_interface.vm_nic.id - network_security_group_id = azurerm_network_security_group.vm_nsg.id -} - -resource "azurerm_linux_virtual_machine" "azure_test_vm" { - name = "azure-vpn-test-vm" - resource_group_name = azurerm_resource_group.rg.name - location = azurerm_resource_group.rg.location - size = "Standard_B1s" - admin_username = "azureuser" - admin_password = "VpnTestPassw0rd!" - disable_password_authentication = false - - network_interface_ids = [ - azurerm_network_interface.vm_nic.id, - ] - - os_disk { - caching = "ReadWrite" - storage_account_type = "Standard_LRS" - } - - source_image_reference { - publisher = "Canonical" - offer = "0001-com-ubuntu-server-jammy" - sku = "22_04-lts" - version = "latest" - } -} - -# Outputs -output "vpn01_public_ip" { - value = module.vpn_sna_01.machine_public_ip - description = "Connect here via SSH to ping Azure" -} - -output "vpn01_private_ip" { - value = module.vpn_sna_01.machine_private_ipv4 -} - -output "azure_test_vm_private_ip" { - value = azurerm_linux_virtual_machine.azure_test_vm.private_ip_address -} - -# Command to run a ping test without SSHing -output "azure_run_command_ping_test" { - value = "az vm run-command invoke --resource-group ${azurerm_resource_group.rg.name} --name ${azurerm_linux_virtual_machine.azure_test_vm.name} --command-id RunShellScript --scripts 'ping -c 4 ${module.vpn_sna_01.machine_private_ipv4}'" - description = "Copy and paste this in your terminal to securely ping from the Azure VM to the STACKIT VM." -} diff --git a/examples/vpn-usecases/stackit-azure/MAINTAINERS.md b/examples/vpn-usecases/stackit-azure/MAINTAINERS.md deleted file mode 100644 index 1aaefce..0000000 --- a/examples/vpn-usecases/stackit-azure/MAINTAINERS.md +++ /dev/null @@ -1,9 +0,0 @@ -# Maintainers - -General maintainers: - -- Mauritz Uphoff (mauritz.uphoff@digits.schwarz) - -This example is actively maintained. The owner is responsible for reviewing and updating dependencies and functionalities on a monthly basis. -For questions, issues, or feature requests, please email general maintainers. -Please include the BP name and version in your request. We will track your request as an issue. diff --git a/examples/vpn-usecases/stackit-azure/README.md b/examples/vpn-usecases/stackit-azure/README.md deleted file mode 100644 index 626bac6..0000000 --- a/examples/vpn-usecases/stackit-azure/README.md +++ /dev/null @@ -1,48 +0,0 @@ -# STACKIT-to-Azure HA VPN Gateway - -> ⚠️ azurerm_virtual_network_gateway.azure_gateway takes between 30-90mins - -This example demonstrates how to establish a secure, Highly Available (HA) IPsec VPN connection between a STACKIT Network Area (SNA) and Microsoft Azure. - -The connection uses **BGP (Border Gateway Protocol)** via an Azure Virtual Network Gateway (Active-Active mode) to automatically exchange and propagate routes dynamically between the two cloud environments. - -## Architecture - -This Terraform configuration provisions the following resources: - -- **STACKIT:** An SNA, a debug machine, and an HA VPN Gateway (`ASN 64512`). -- **Azure:** A Resource Group, VNet, dedicated `GatewaySubnet`, an Active-Active Virtual Network Gateway (`ASN 64513`), two Local Network Gateways (representing STACKIT), and a private Ubuntu test VM. -- **VPN Connection:** Two redundant IPsec tunnels using dynamically generated PSKs and Link-Local BGP peering (`169.254.x.x/30`). -- **Security:** Azure Network Security Group (NSG) rules configured to allow inbound ICMP/SSH traffic specifically from the STACKIT network range. - -## Prerequisites - -- Configured STACKIT and Azure provider credentials. -- Azure CLI (`az`) installed and authenticated for testing from the Azure side. - -## Outputs - -Once the deployment is complete, Terraform will output the following information to help you verify connectivity: - -- `vpn01_public_ip`: The public IP of the debug machine in STACKIT. -- `vpn01_private_ip`: The private IP of the debug machine in STACKIT. -- `azure_test_vm_private_ip`: The private IP of the test VM in Azure. -- `azure_run_command_ping_test`: A pre-formatted Azure CLI command to test the connection. - -## How to Test the Connection - -You can verify the bi-directional tunnel is fully operational by following these steps: - -### 1. Test from Azure to STACKIT (Zero-Config) - -We utilize the Azure "Run Command" feature to execute a ping test directly inside the private Azure VM without needing SSH access or a Bastion host. - -Copy the command generated by the `azure_run_command_ping_test` output and run it in your terminal: - -```bash -az vm run-command invoke \ - --resource-group rg-vpn-test \ - --name azure-vpn-test-vm \ - --command-id RunShellScript \ - --scripts 'ping -c 4
"10.28.0.0/16"
]
object({
enable_kubernetes_version_updates = bool
enable_machine_image_version_updates = bool
start = string
end = string
}) | {
"enable_kubernetes_version_updates": true,
"enable_machine_image_version_updates": true,
"end": "02:00:00Z",
"start": "01:00:00Z"
} | no |
-| [network_id](#input_network_id) | The ID of the STACKIT network in which the SKE cluster will be deployed. If not provided, the cluster will automatically create a network on demand. Specifying a network ID is only supported in SNA setups | `string` | `null` | no |
-| [node_pools](#input_node_pools) | Configuration for the cluster node pools | `any` | [| no | -| [project_id](#input_project_id) | The STACKIT project ID | `string` | n/a | yes | - -## Outputs - -| Name | Description | -| ----------------------------------------------------------------------- | --------------------------------------------- | -| [cluster_name](#output_cluster_name) | The name of the provisioned SKE cluster | -| [kubeconfig](#output_kubeconfig) | The kubeconfig contents to access the cluster | - - diff --git a/modules/test-ske/main.tf b/modules/test-ske/main.tf deleted file mode 100644 index 38bf7f4..0000000 --- a/modules/test-ske/main.tf +++ /dev/null @@ -1,84 +0,0 @@ -# Copyright 2026 Schwarz Digits Cloud GmbH & Co. KG -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -data "stackit_ske_kubernetes_versions" "this" { - version_state = "SUPPORTED" -} - -data "stackit_ske_machine_image_versions" "this" { - version_state = "SUPPORTED" -} - -resource "random_string" "this" { - length = 6 - special = false - upper = false -} - -locals { - flatcar_supported_versions = flatten([ - for mi in data.stackit_ske_machine_image_versions.this.machine_images : [ - for v in mi.versions : v.version if mi.name == "flatcar" - ] - ]) - flatcar_supported_version = length(local.flatcar_supported_versions) > 0 ? local.flatcar_supported_versions[0] : null - - ubuntu_supported_versions = flatten([ - for mi in data.stackit_ske_machine_image_versions.this.machine_images : [ - for v in mi.versions : v.version if mi.name == "ubuntu" - ] - ]) - ubuntu_supported_version = length(local.ubuntu_supported_versions) > 0 ? local.ubuntu_supported_versions[0] : null -} - -resource "stackit_ske_cluster" "this" { - project_id = var.project_id - name = var.cluster_name != null && var.cluster_name != "" ? var.cluster_name : "ske-${random_string.this.result}" - kubernetes_version_min = data.stackit_ske_kubernetes_versions.this.kubernetes_versions[0].version - - maintenance = var.maintenance - - network = var.network_id != null && var.network_id != "" ? { - id = var.network_id - } : null - - node_pools = [ - for np in var.node_pools : { - name = np.name - machine_type = np.machine_type - minimum = np.minimum - maximum = np.maximum - max_surge = np.max_surge - availability_zones = np.availability_zones - os_name = np.os_name - # Dynamically injects the latest OS version based on os_name if not explicitly set - os_version_min = lookup(np, "os_version_min", np.os_name == "flatcar" ? local.flatcar_supported_version : local.ubuntu_supported_version) - volume_size = np.volume_size - volume_type = np.volume_type - } - ] - - lifecycle { - ignore_changes = [ - kubernetes_version_min, - node_pools - ] - } -} - -resource "stackit_ske_kubeconfig" "this" { - project_id = var.project_id - cluster_name = stackit_ske_cluster.this.name - refresh = true -} diff --git a/modules/test-ske/outputs.tf b/modules/test-ske/outputs.tf deleted file mode 100644 index 3a16cc5..0000000 --- a/modules/test-ske/outputs.tf +++ /dev/null @@ -1,24 +0,0 @@ -# Copyright 2026 Schwarz Digits Cloud GmbH & Co. KG -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -output "cluster_name" { - description = "The name of the provisioned SKE cluster" - value = stackit_ske_cluster.this.name -} - -output "kubeconfig" { - description = "The kubeconfig contents to access the cluster" - value = stackit_ske_kubeconfig.this.kube_config - sensitive = true -} diff --git a/modules/test-ske/provider.tf b/modules/test-ske/provider.tf deleted file mode 100644 index 994578e..0000000 --- a/modules/test-ske/provider.tf +++ /dev/null @@ -1,26 +0,0 @@ -# Copyright 2026 Schwarz Digits Cloud GmbH & Co. KG -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -terraform { - required_providers { - stackit = { - source = "stackitcloud/stackit" - version = ">=0.95.0" - } - random = { - source = "hashicorp/random" - version = "3.9.0" - } - } -} diff --git a/modules/test-ske/variables.tf b/modules/test-ske/variables.tf deleted file mode 100644 index c029aa2..0000000 --- a/modules/test-ske/variables.tf +++ /dev/null @@ -1,64 +0,0 @@ -# Copyright 2026 Schwarz Digits Cloud GmbH & Co. KG -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -variable "project_id" { - description = "The STACKIT project ID" - type = string -} - -variable "cluster_name" { - description = "The name of the Kubernetes cluster" - type = string - default = null -} - -variable "network_id" { - description = "The ID of the STACKIT network in which the SKE cluster will be deployed. If not provided, the cluster will automatically create a network on demand. Specifying a network ID is only supported in SNA setups" - type = string - default = null -} - -variable "maintenance" { - description = "Maintenance window configuration for the cluster" - type = object({ - enable_kubernetes_version_updates = bool - enable_machine_image_version_updates = bool - start = string - end = string - }) - default = { - enable_kubernetes_version_updates = true - enable_machine_image_version_updates = true - start = "01:00:00Z" - end = "02:00:00Z" - } -} - -variable "node_pools" { - description = "Configuration for the cluster node pools" - type = any - default = [ - { - name = "standard" - machine_type = "g2i.4" - minimum = 1 - maximum = 3 - max_surge = 3 - availability_zones = ["eu01-1", "eu01-2", "eu01-3"] - os_name = "flatcar" - volume_size = 20 - volume_type = "storage_premium_perf6" - } - ] -} diff --git a/scripts/README.md b/scripts/README.md deleted file mode 100644 index d839906..0000000 --- a/scripts/README.md +++ /dev/null @@ -1,260 +0,0 @@ -# Scripts - -Helper scripts for working with STACKIT services. - -> **Warning:** These scripts can perform destructive or wide-reaching operations against your STACKIT account (e.g. deleting volumes, overwriting kubeconfigs, writing secrets). Review each script and understand what it does before running it. - -## Overview - -| Script | Purpose | Required tools | -| ---------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------- | ---------------------------------- | -| [`check-stackit-ip.sh`](#check-stackit-ipsh) | Check whether a given IP address belongs to STACKIT's public IP ranges. | `stackit`, `jq`, `grepcidr` | -| [`create-kubeconfig-multiple-projects.sh`](#create-kubeconfig-multiple-projectssh) | Generate kubeconfig entries for every SKE cluster across one or more STACKIT projects. | `stackit`, `yq` | -| [`delete-unused-volumes.sh`](#delete-unused-volumessh) | Delete all STACKIT volumes whose status is `AVAILABLE` (i.e. not attached). | `stackit`, `yq` | -| [`list-project-resources.sh`](#list-project-resourcessh) | Render a Markdown inventory of resources (DNS, SKE, databases, storage, …) for one or more STACKIT projects. | `stackit`, `jq` | -| [`ske-show-versions.sh`](#ske-show-versionssh) | Print overview of SKE cluster Kubernetes versions and nodepool image versions, marking deprecated versions. | `stackit` (>= 0.59.0), `jq`, `awk` | -| [`smctl.sh`](#smctlsh) | Unified CLI wrapper around HashiCorp Vault for the STACKIT Secret Manager (KV v2), think `kubectl` for secrets | `vault`, `jq` | -| [`vault-migrate.sh`](#vault-migratesh) | Migrate secrets between two Vault instances using the KV v2 API (supports userpass and LDAP for source). | `vault`, `jq` | - ---- - -## `check-stackit-ip.sh` - -Looks up the STACKIT public IP ranges (via `stackit curl https://iaas.api.eu01.stackit.cloud/v1/networks/public-ip-ranges`) and tells you whether a given IP falls inside any of them. Useful to verify whether a public-facing address actually originates from STACKIT. - -Exits `0` if the IP is found, `1` otherwise. - -### Example - -```bash -# Check a single IP -./check-stackit-ip.sh 45.129.40.1 -``` - -Sample output: - -``` -Fetching STACKIT IP ranges... -Found: 45.129.40.1 is in the range 45.129.40.0/22 -``` - ---- - -## `create-kubeconfig-multiple-projects.sh` - -Logs in to STACKIT, iterates over a hard-coded list of project IDs, lists all SKE clusters in each project and writes a 60-day kubeconfig for every cluster into a single kubeconfig file. - -Edit the `projects=( ... )` array near the bottom of the script before running. - -### Flags - -- `-f, --filepath
{
"availability_zones": [
"eu01-1",
"eu01-2",
"eu01-3"
],
"machine_type": "g2i.4",
"max_surge": 3,
"maximum": 3,
"minimum": 1,
"name": "standard",
"os_name": "flatcar",
"volume_size": 20,
"volume_type": "storage_premium_perf6"
}
]