Compare commits

..

1 commit

Author SHA1 Message Date
Mauritz Uphoff
5efb0f1bd6 hackathon: work on idea 2026-07-01 13:40:32 +02:00
34 changed files with 1098 additions and 0 deletions

View file

@ -0,0 +1,50 @@
# Copyright 2026 Schwarz Digits Cloud GmbH & Co. KG
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
name: Sync STACKIT Docs
on:
push:
branches:
- main
paths:
- "examples/**/stackit.docs.yaml"
workflow_dispatch: {}
jobs:
sync-docs:
runs-on: ubuntu-latest
permissions:
contents: write
pull-requests: write
steps:
- name: Checkout professional-services
uses: actions/checkout@v4
- name: Setup Python
uses: actions/setup-python@v5
with:
python-version: "3.12"
- name: Install dependencies
run: pip install pyyaml
- name: Authenticate GitHub CLI
run: gh auth login --with-token <<< "${{ secrets.STACKIT_DOCS_TOKEN }}"
- name: Run docs sync
env:
STACKIT_DOCS_TOKEN: ${{ secrets.STACKIT_DOCS_TOKEN }}
STACKIT_DOCS_REPO: stackitcloud/docs-content
run: bash ci-scripts/sync-stackit-docs.sh

3
.gitignore vendored
View file

@ -77,3 +77,6 @@ keys
# ignore backend.conf files, but keep backend.conf.example
*backend.conf
# Generated docs assets
.generated-mdx/

170
STACKIT-DOCS.md Normal file
View file

@ -0,0 +1,170 @@
# STACKIT Docs Integration
This document describes how Professional Services Terraform examples are synced as `.mdx` asset cards to the STACKIT documentation assetcontainer.
## Overview
Each example in `examples/` declares metadata in `stackit.docs.yaml`. On merge to `main`, a GitHub Actions workflow generates `.mdx` asset files and opens a PR to the `stackitcloud/docs-content` repository under `docs/cloud-framework/architecture-framework/assetcontainer/professional-services/`.
## Directory Structure
```
professional-service/
├── examples/
│ ├── alb-tls-examples/
│ │ ├── README.md
│ │ ├── stackit.docs.yaml # <-- metadata for docs card
│ │ └── ...
│ ├── ske-azure-arc-integration/
│ │ ├── README.md
│ │ ├── stackit.docs.yaml # <-- metadata for docs card
│ │ └── ...
│ └── ...
├── ci-scripts/
│ ├── aggregate_docs.py # generates .mdx files + _meta.yml
│ └── sync-stackit-docs.sh # CI: clone docs, copy files, PR
└── STACKIT-DOCS.md # this file
```
## stackit.docs.yaml Format
Each example must contain:
```yaml
headline: Example Title
description: Short description of what the example demonstrates.
tags:
- ske
- kubernetes
- terraform
```
| Field | Required | Description |
| ------------- | -------- | ----------------------------------------- |
| `headline` | Yes | Title displayed on the asset card |
| `description` | Yes | Brief summary (1-2 sentences) on the card |
| `tags` | Yes | Tags for filtering (shown on card, max 5) |
## Generated .mdx Format
Each `stackit.docs.yaml` is transformed into an `.mdx` file with `frameworkAsset` frontmatter:
```mdx
---
title: SKE Azure Arc Integration
description: Terraform and CLI steps to connect a STACKIT SKE cluster to Azure Arc.
hideBreadcrumbs: true
sidebar:
hidden: true
frameworkAsset:
owner: Professional Services
managed: true
category: guide
external: true
recommended: true
tags:
- ske
- azure
- terraform
---
import { Card } from "@astrojs/starlight/components";
# SKE Azure Arc Integration
...
```
## CI Process
```mermaid
flowchart TD
A[Developer adds/updates<br>stackit.docs.yaml] --> B[PR to professional-services]
B --> Merged{Merged to main?}
Merged -->|Yes| C[GitHub Actions triggered]
Merged -->|No| B
C --> D[aggregate_docs.py<br>generates .mdx files + _meta.yml]
D --> E[Clone docs-content repo]
E --> F[Copy .mdx files to<br>assetcontainer/professional-services/]
F --> G{Any file changes<br>vs current docs?}
G -->|No| H[Exit: docs up to date]
G -->|Yes| I[Create feature branch<br>autopr/sync-professional-service-examples]
I --> J[Commit + push changes]
J --> K[Create PR to docs-content]
K --> L[Review and merge on<br>docs-content side]
```
## Adding a New Example
1. Create a new directory under `examples/`
2. Add your Terraform code and `README.md`
3. Create `stackit.docs.yaml` with the required fields:
```yaml
headline: My New Example
description: Demonstrates how to deploy X on STACKIT using Y.
tags:
- ske
- terraform
- my-tag
```
4. Open a PR to this repository
5. Once merged, the CI will automatically:
- Generate `.mdx` asset files from all `stackit.docs.yaml` files
- Clone the `docs-content` repository
- Copy files to `assetcontainer/professional-services/`
- Open a PR if content has changed
## Scripts
### aggregate_docs.py
The Python script:
- Scans `examples/*/stackit.docs.yaml`
- Generates `.mdx` files with `frameworkAsset` frontmatter
- Generates `_meta.yml` for the assetcontainer
Run locally to preview:
```bash
python3 ci-scripts/aggregate_docs.py
ls .generated-mdx/professional-services/
cat .generated-mdx/professional-services/ps-my-example.mdx
```
### sync-stackit-docs.sh
The CI entrypoint:
- Calls `aggregate_docs.py` to generate `.mdx` files
- Clones `stackitcloud/docs-content`
- Copies generated files to `assetcontainer/professional-services/`
- Creates a PR if changes are detected
### Environment Variables
| Variable | Required | Description |
| -------------------- | -------- | ------------------------------------------------------- |
| `STACKIT_DOCS_TOKEN` | Yes | GitHub PAT with repo write permissions |
| `STACKIT_DOCS_REPO` | No | Target docs repo (default: `stackitcloud/docs-content`) |
### Manual Execution
```bash
export STACKIT_DOCS_TOKEN=<your-github-pat>
bash ci-scripts/sync-stackit-docs.sh
```
## GitHub Actions Secret
To enable the CI workflow, add the following secret to the repository:
- **Secret name:** `STACKIT_DOCS_TOKEN`
- **Value:** GitHub Personal Access Token with `repo` scope
The workflow (`.github/workflows/sync-stackit-docs.yaml`) triggers on:
- Every push to `main` that modifies `examples/**/stackit.docs.yaml`
- Manual trigger via the GitHub Actions UI

View file

@ -0,0 +1,162 @@
#!/usr/bin/env python3
# Copyright 2026 Schwarz Digits Cloud GmbH & Co. KG
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""
Generate .mdx asset files for the STACKIT docs assetcontainer from stackit.docs.yaml metadata.
Each example becomes its own .mdx file with frameworkAsset frontmatter.
"""
import os
import re
import sys
try:
import yaml
except ImportError:
print("ERROR: PyYAML not installed. Run: pip install pyyaml", file=sys.stderr)
sys.exit(1)
GITHUB_REPO = "https://github.com/stackitcloud/professional-service/tree/main/examples"
ASSETCONTAINER_META = """# Professional Services Terraform Examples
customLabel: "PS Examples"
navigation:
hidden: true
renderAsLinkOnSlug: "cloud-framework/assets/professional-services"
renderAsDetailPageOnSlug: "cloud-framework/assets/professional-services"
"""
def slugify(name):
"""Convert a directory name to a valid mdx filename slug."""
slug = re.sub(r"[_\s]+", "-", name).lower()
return slug if slug.startswith("ps-") else f"ps-{slug}"
def find_example_dirs(examples_root):
entries = []
for entry in sorted(os.listdir(examples_root)):
full_path = os.path.join(examples_root, entry)
if os.path.isdir(full_path):
yaml_path = os.path.join(full_path, "stackit.docs.yaml")
if os.path.isfile(yaml_path):
entries.append((entry, yaml_path))
return entries
def load_yaml_file(filepath):
with open(filepath, "r") as f:
data = yaml.safe_load(f)
if not isinstance(data, dict):
print(
f"WARNING: {filepath} does not contain a YAML mapping, skipping.",
file=sys.stderr,
)
return None
return data
def generate_mdx(example_name, data, output_path):
"""Generate a single .mdx file with frameworkAsset frontmatter."""
headline = data.get("headline", example_name)
description = data.get("description", "")
tags = data.get("tags", [])
slug = slugify(example_name)
repo_link = f"{GITHUB_REPO}/{example_name}"
frontmatter = {
"title": headline,
"description": description,
"hideBreadcrumbs": True,
"sidebar": {"hidden": True},
"frameworkAsset": {
"owner": "Professional Services",
"managed": True,
"category": "guide",
"external": True,
"recommended": True,
"tags": tags,
},
}
content_lines = [
'import { Card } from "@astrojs/starlight/components";',
"",
f"# {headline}",
"",
f"{description}",
"",
f'<Card title="View Terraform Example" link="{repo_link}" icon="link">',
" Open the complete Terraform implementation on GitHub",
"</Card>",
"",
]
with open(output_path, "w") as f:
f.write("---\n")
yaml.dump(
frontmatter,
f,
default_flow_style=False,
sort_keys=False,
allow_unicode=True,
)
f.write("---\n\n")
f.write("\n".join(content_lines))
return slug
def main():
script_dir = os.path.dirname(os.path.abspath(__file__))
repo_root = os.path.dirname(script_dir)
examples_root = os.path.join(repo_root, "examples")
output_dir = os.environ.get("MDX_OUTPUT_DIR")
if not output_dir:
output_dir = os.path.join(repo_root, ".generated-mdx", "professional-services")
if not os.path.isdir(examples_root):
print(f"ERROR: Examples directory not found: {examples_root}", file=sys.stderr)
sys.exit(1)
os.makedirs(output_dir, exist_ok=True)
meta_path = os.path.join(output_dir, "_meta.yml")
with open(meta_path, "w") as f:
f.write(ASSETCONTAINER_META)
examples = find_example_dirs(examples_root)
if not examples:
print("WARNING: No stackit.docs.yaml files found.", file=sys.stderr)
sys.exit(1)
count = 0
for example_name, yaml_path in examples:
data = load_yaml_file(yaml_path)
if data is None:
continue
slug = generate_mdx(
example_name, data, os.path.join(output_dir, f"{slugify(example_name)}.mdx")
)
print(f" generated: {slug}.mdx")
count += 1
print(f"Generated {count} .mdx files in {output_dir}")
if __name__ == "__main__":
main()

174
ci-scripts/sync-stackit-docs.sh Executable file
View file

@ -0,0 +1,174 @@
#!/usr/bin/env bash
#
# CI script to sync .mdx asset files from professional-services examples
# to the STACKIT docs assetcontainer.
#
# Usage:
# export STACKIT_DOCS_TOKEN=<gh-pat>
# ./ci-scripts/sync-stackit-docs.sh
#
set -euo pipefail
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
REPO_ROOT="$(dirname "$SCRIPT_DIR")"
DOCS_CLONE_DIR="/tmp/stackit-docs-sync"
GENERATED_DIR="${REPO_ROOT}/.generated-mdx"
DOCS_ASSET_DIR="docs/cloud-framework/architecture-framework/assetcontainer/professional-services"
BRANCH_NAME="autopr/sync-professional-service-examples"
DOCS_REPO="${STACKIT_DOCS_REPO:-stackitcloud/docs-content}"
GREEN='\033[0;32m'
RED='\033[0;31m'
YELLOW='\033[1;33m'
NC='\033[0m'
log_info() {
echo -e "${GREEN}[INFO]${NC} $*"
}
log_warn() {
echo -e "${YELLOW}[WARN]${NC} $*"
}
log_error() {
echo -e "${RED}[ERROR]${NC} $*"
}
cleanup() {
rm -rf "$DOCS_CLONE_DIR"
rm -rf "$GENERATED_DIR"
}
trap cleanup EXIT
check_prerequisites() {
if ! command -v python3 &>/dev/null; then
log_error "python3 not found"
exit 1
fi
if ! command -v gh &>/dev/null; then
log_error "gh (GitHub CLI) not found"
exit 1
fi
if [ -z "${STACKIT_DOCS_TOKEN:-}" ]; then
log_error "STACKIT_DOCS_TOKEN environment variable is not set"
exit 1
fi
python3 -c "import yaml" 2>/dev/null || {
log_info "Installing PyYAML..."
pip3 install pyyaml
}
}
generate_mdx_files() {
log_info "Generating .mdx asset files..."
MDX_OUTPUT_DIR="$GENERATED_DIR/professional-services" python3 "$SCRIPT_DIR/aggregate_docs.py"
if [ ! -d "$GENERATED_DIR/professional-services" ]; then
log_error "Generation did not produce .mdx files"
exit 1
fi
local count
count=$(find "$GENERATED_DIR/professional-services" -name "*.mdx" | wc -l)
log_info "Generated $count .mdx files in $GENERATED_DIR/professional-services"
}
checkout_docs_repo() {
log_info "Cloning STACKIT docs repository..."
rm -rf "$DOCS_CLONE_DIR"
gh repo clone "$DOCS_REPO" "$DOCS_CLONE_DIR" -- --quiet
log_info "Cloned to $DOCS_CLONE_DIR"
}
copy_generated_files() {
local target_dir="$DOCS_CLONE_DIR/$DOCS_ASSET_DIR"
mkdir -p "$target_dir"
cp -R "$GENERATED_DIR/professional-services"/* "$target_dir/"
log_info "Copied generated files to $target_dir"
}
check_for_changes() {
copy_generated_files
if gh pr list --repo "$DOCS_REPO" --head "$BRANCH_NAME" --state open --json number --jq '.[] | .number' &>/dev/null; then
log_warn "PR already exists for branch $BRANCH_NAME, skipping"
return 1
fi
cd "$DOCS_CLONE_DIR"
local status
status=$(git status --porcelain)
if [ -z "$status" ]; then
log_info "No changes detected in docs"
return 1
fi
log_info "Changes detected in docs:"
echo "$status"
return 0
}
create_pr() {
copy_generated_files
cd "$DOCS_CLONE_DIR"
git config user.name "stackit-bot"
git config user.email "bot@stackit.cloud"
git checkout -b "$BRANCH_NAME" || git checkout "$BRANCH_NAME"
git add "$DOCS_ASSET_DIR"
git diff --cached --quiet || git commit -m "chore(professional-services): sync Terraform example assets
Updated .mdx asset files from professional-service/examples/*/stackit.docs.yaml"
log_info "Pushing branch $BRANCH_NAME..."
git push origin "$BRANCH_NAME" --force-with-lease --quiet
local pr_title="Sync Professional Services Terraform Examples"
local pr_body="## Auto-generated PR
This PR syncs the Professional Services Terraform example assets to the STACKIT documentation assetcontainer.
### Changes
- Updated .mdx asset files for all examples in \`professional-service/examples/\`
- Generated from \`stackit.docs.yaml\` metadata in each example directory
### Assets Updated
\`\`\`
$DOCS_ASSET_DIR/
\`\`\`
---
*Created automatically by the professional-services CI pipeline.*"
log_info "Creating PR..."
local pr_url
pr_url=$(gh pr create \
--repo "$DOCS_REPO" \
--title "$pr_title" \
--body "$pr_body" \
--head "$BRANCH_NAME" \
--base main \
--label "automation" \
--label "professional-services" \
2>&1 || true)
log_info "PR result: $pr_url"
}
main() {
check_prerequisites
generate_mdx_files
checkout_docs_repo
if check_for_changes; then
create_pr
else
log_info "Nothing to do. Docs are up to date."
fi
}
main "$@"

View file

@ -0,0 +1,26 @@
# Copyright 2026 Schwarz Digits Cloud GmbH & Co. KG
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
headline: ALB TLS Examples
description: A collection of STACKIT Application Load Balancer showcases with different TLS strategies — from self-signed to Let's Encrypt, from a single VM to Kubernetes.
tags:
[
"alb",
"tls",
"loadbalancer",
"terraform",
"kubernetes",
"certbot",
"letsencrypt",
]

View file

@ -0,0 +1,17 @@
# Copyright 2026 Schwarz Digits Cloud GmbH & Co. KG
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
headline: Static Website on STACKIT CDN with S3 Backend
description: A reference implementation showing how to deploy a static website using STACKIT CDN with STACKIT Object Storage as the origin.
tags: ["cdn", "s3", "object-storage", "static-website", "terraform"]

View file

@ -0,0 +1,26 @@
# Copyright 2026 Schwarz Digits Cloud GmbH & Co. KG
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
headline: DBaaS OpenTelemetry Metrics Collection
description: Collect metrics from STACKIT PostgreSQL Flex and MongoDB instances using OpenTelemetry and export them to STACKIT Observability.
tags:
[
"dbaas",
"opentelemetry",
"metrics",
"postgresql",
"mongodb",
"observability",
"terraform",
]

View file

@ -0,0 +1,25 @@
# Copyright 2026 Schwarz Digits Cloud GmbH & Co. KG
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
headline: IaaS Cross AZ Layer4 Loadbalancer
description: A classic highly-available architecture provisioning multiple VMs across different Availability Zones behind a STACKIT L4 Load Balancer.
tags:
[
"iaas",
"loadbalancer",
"layer4",
"high-availability",
"multi-az",
"terraform",
]

View file

@ -0,0 +1,26 @@
# Copyright 2026 Schwarz Digits Cloud GmbH & Co. KG
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
headline: IaaS Cross AZ Layer7 Loadbalancer with WAF
description: A classic highly-available architecture provisioning multiple VMs across different Availability Zones behind a STACKIT L7 Load Balancer with Web Application Firewall configuration.
tags:
[
"iaas",
"loadbalancer",
"layer7",
"waf",
"high-availability",
"multi-az",
"terraform",
]

View file

@ -0,0 +1,17 @@
# Copyright 2026 Schwarz Digits Cloud GmbH & Co. KG
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
headline: IaaS High Availability with VRRP
description: A comprehensive guide for setting up a Basic High Availability cluster using the Virtual Router Redundancy Protocol (VRRP) on STACKIT.
tags: ["iaas", "vrrp", "high-availability", "terraform"]

View file

@ -0,0 +1,17 @@
# Copyright 2026 Schwarz Digits Cloud GmbH & Co. KG
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
headline: IaaS Custom Image Upload
description: Upload a custom VM image to STACKIT using Terraform, covering disk format, boot requirements, and UEFI/Secure Boot settings.
tags: ["iaas", "image", "upload", "custom-image", "terraform"]

View file

@ -0,0 +1,17 @@
# Copyright 2026 Schwarz Digits Cloud GmbH & Co. KG
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
headline: IaaS Volume Encryption
description: KMS and IaaS resources to deploy an encrypted Block Storage Volume with migration steps from non-encrypted volumes.
tags: ["iaas", "encryption", "kms", "volume", "block-storage", "terraform"]

View file

@ -0,0 +1,17 @@
# Copyright 2026 Schwarz Digits Cloud GmbH & Co. KG
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
headline: BYOL Windows Migration to STACKIT
description: A migration guide for custom-built Windows Server VMs (Bring Your Own License) from a local virtualization environment to the STACKIT cloud platform.
tags: ["iaas", "windows", "byol", "migration", "virtio", "qemu"]

View file

@ -0,0 +1,17 @@
# Copyright 2026 Schwarz Digits Cloud GmbH & Co. KG
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
headline: IAM-SCIM Integration with Authentik
description: An automated setup for Authentik on STACKIT SKE, pre-configured as an Identity Provider for STACKIT with both OIDC and SCIM support.
tags: ["iam", "scim", "authentik", "oidc", "identity", "ske", "terraform"]

View file

@ -0,0 +1,18 @@
# Copyright 2026 Schwarz Digits Cloud GmbH & Co. KG
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
headline: Hub-and-Spoke VPN with OPNsense
description: A reference implementation of a hub-and-spoke network topology on STACKIT using OPNsense as the central firewall, provisioned with Terraform.
tags:
["vpn", "opnsense", "hub-and-spoke", "networking", "firewall", "terraform"]

View file

@ -0,0 +1,17 @@
# Copyright 2026 Schwarz Digits Cloud GmbH & Co. KG
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
headline: Nested Resource Manager Folders
description: Demonstrates how to generate nested folders within a STACKIT project using Terraform.
tags: ["resourcemanager", "folders", "nested", "terraform"]

View file

@ -0,0 +1,17 @@
# Copyright 2026 Schwarz Digits Cloud GmbH & Co. KG
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
headline: AWS Provider S3 Integration
description: Demonstrates how to use the HashiCorp AWS provider to interact with STACKIT's S3-compatible Object Storage.
tags: ["s3", "aws-provider", "object-storage", "terraform", "compatibility"]

View file

@ -0,0 +1,17 @@
# Copyright 2026 Schwarz Digits Cloud GmbH & Co. KG
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
headline: Secrets Manager Vault Provider Integration
description: Utilizes the HashiCorp Vault provider alongside the STACKIT provider to write secrets in the STACKIT Secrets Manager.
tags: ["secrets-manager", "vault", "hashicorp", "terraform", "secrets"]

View file

@ -0,0 +1,17 @@
# Copyright 2026 Schwarz Digits Cloud GmbH & Co. KG
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
headline: SKE Azure Arc Integration
description: Terraform and CLI steps to connect a STACKIT SKE cluster to Azure Arc.
tags: ["ske", "azure", "azure-arc", "kubernetes", "terraform"]

View file

@ -0,0 +1,17 @@
# Copyright 2026 Schwarz Digits Cloud GmbH & Co. KG
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
headline: Encrypted Volumes for SKE
description: Demonstrates how to roll out an encrypted storage class for SKE using STACKIT Key Management Service with Service Account Impersonation.
tags: ["ske", "encryption", "kms", "storage", "csi", "kubernetes", "terraform"]

View file

@ -0,0 +1,17 @@
# Copyright 2026 Schwarz Digits Cloud GmbH & Co. KG
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
headline: SKE Ephemeral Kubeconfig
description: Demonstrates how to generate ephemeral kubeconfigs for SKE clusters.
tags: ["ske", "kubeconfig", "ephemeral", "kubernetes", "terraform"]

View file

@ -0,0 +1,17 @@
# Copyright 2026 Schwarz Digits Cloud GmbH & Co. KG
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
headline: SKE External Secrets Sync
description: Demonstrates how to synchronize STACKIT Secrets Manager secrets with Kubernetes secrets using External Secrets Operator.
tags: ["ske", "external-secrets", "secrets-manager", "kubernetes", "terraform"]

View file

@ -0,0 +1,17 @@
# Copyright 2026 Schwarz Digits Cloud GmbH & Co. KG
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
headline: SKE GPU Operator Installation
description: Demonstrates how to deploy a SKE cluster with an NVIDIA H100 node pool and install the GPU Operator.
tags: ["ske", "gpu", "nvidia", "h100", "kubernetes", "terraform"]

View file

@ -0,0 +1,17 @@
# Copyright 2026 Schwarz Digits Cloud GmbH & Co. KG
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
headline: SKE Kubernetes Provider Integration
description: Demonstrates how to use the HashiCorp Kubernetes provider to manage resources inside a SKE cluster.
tags: ["ske", "kubernetes-provider", "terraform", "kubernetes"]

View file

@ -0,0 +1,17 @@
# Copyright 2026 Schwarz Digits Cloud GmbH & Co. KG
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
headline: SKE Mountpoint S3 CSI Driver
description: Demonstrates how to use the Mountpoint for Amazon S3 CSI driver with SKE clusters for S3-backed storage.
tags: ["ske", "s3", "mountpoint", "csi", "storage", "kubernetes", "terraform"]

View file

@ -0,0 +1,18 @@
# Copyright 2026 Schwarz Digits Cloud GmbH & Co. KG
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
headline: SKE Nginx Ingress Rate Limiting and Client IP
description: How to forward the real client IP to the ingress controller using TCP Proxy Protocol and configure rate limiting with Nginx on SKE.
tags:
["ske", "nginx", "ingress", "proxy-protocol", "rate-limiting", "kubernetes"]

View file

@ -0,0 +1,25 @@
# Copyright 2026 Schwarz Digits Cloud GmbH & Co. KG
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
headline: SKE Observability with Kube-State-Metrics
description: Configures STACKIT Observability to send alerts using metrics gathered from kube-state-metrics on SKE.
tags:
[
"ske",
"observability",
"kube-state-metrics",
"alerting",
"kubernetes",
"terraform",
]

View file

@ -0,0 +1,18 @@
# Copyright 2026 Schwarz Digits Cloud GmbH & Co. KG
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
headline: SKE Observability Log Alerts
description: Setting up log-based alerting in STACKIT Observability using Promtail to ship Kubernetes logs from SKE.
tags:
["ske", "observability", "log-alerts", "promtail", "kubernetes", "terraform"]

View file

@ -0,0 +1,17 @@
# Copyright 2026 Schwarz Digits Cloud GmbH & Co. KG
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
headline: SKE STACKIT File Storage Integration
description: Terraform example of deploying a STACKIT File Storage NFS Service with RWX access on SKE.
tags: ["ske", "sfs", "file-storage", "nfs", "rwx", "kubernetes", "terraform"]

View file

@ -0,0 +1,17 @@
# Copyright 2026 Schwarz Digits Cloud GmbH & Co. KG
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
headline: STACKIT Landing Zone
description: Reference to the STACKIT Terraform Landing Zone implementation for enterprise-grade cloud foundation.
tags: ["landing-zone", "enterprise", "governance", "terraform"]

View file

@ -0,0 +1,17 @@
# Copyright 2026 Schwarz Digits Cloud GmbH & Co. KG
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
headline: Telemetry Router Hub-and-Spoke Setup
description: Centralize observability data across multiple projects, folders, and the entire organization using STACKIT Telemetry Router.
tags: ["telemetry", "observability", "hub-and-spoke", "logging", "terraform"]

View file

@ -0,0 +1,17 @@
# Copyright 2026 Schwarz Digits Cloud GmbH & Co. KG
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
headline: Terraform PostgreSQL Backend with State Locking
description: Configure STACKIT PostgreSQL Flex as a Terraform backend for remote state storage and native state locking.
tags: ["postgresql", "terraform", "backend", "state-locking", "dbaas"]

View file

@ -0,0 +1,17 @@
# Copyright 2026 Schwarz Digits Cloud GmbH & Co. KG
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
headline: VPN Usecases
description: VPN connection examples between STACKIT and various cloud providers including STACKIT-STACKIT, STACKIT-GCP, and STACKIT-AZURE.
tags: ["vpn", "networking", "azure", "gcp", "cross-cloud", "terraform"]