professional-service-best-practices/professional-service
19
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

example(vpn): add usecases #20

Merged
mauritz.uphoff merged 1 commit from example/vpn-example-usecase into main 2026-05-13 11:42:35 +00:00
Conversation 2 Commits 1 Files changed 27 +2011 -1
mauritz.uphoff commented 2026-05-12 09:21:39 +00:00
Owner
Copy link

Description

Checklist

  • The CI pipeline passed successfully.
## Description <!-- **Please link some issue here describing what you are trying to achieve.** --> ## Checklist - [ ] The CI pipeline passed successfully.
mauritz.uphoff added 1 commit 2026-05-12 09:21:39 +00:00
example(vpn): add module to create sna with test machine
Some checks failed
Default CI / Check for Open TODOs (pull_request) Failing after 33s
Details
Default CI / Secret Scanner (TruffleHog) (pull_request) Successful in 1m0s
Details
Default CI / Pre-Commit Hooks (pull_request) Successful in 1m45s
Details
71eddfed62
mauritz.uphoff added 1 commit 2026-05-12 09:29:31 +00:00
example(vpn): add module to create sna with test machine
Some checks failed
Default CI / Check for Open TODOs (pull_request) Failing after 27s
Details
Default CI / Secret Scanner (TruffleHog) (pull_request) Successful in 53s
Details
Default CI / Pre-Commit Hooks (pull_request) Successful in 1m46s
Details
db88535b6f
mauritz.uphoff force-pushed example/vpn-example-usecase from db88535b6f to d23be1ca43 2026-05-12 14:29:55 +00:00 Compare
mauritz.uphoff force-pushed example/vpn-example-usecase from d23be1ca43 to c148e3b716 2026-05-12 14:30:30 +00:00 Compare
mauritz.uphoff changed title from example(vpn): add module to create sna with test machine to example(vpn): WIP 2026-05-12 14:30:53 +00:00
mauritz.uphoff force-pushed example/vpn-example-usecase from c148e3b716 to 7ed20f586b 2026-05-13 07:57:47 +00:00 Compare
mauritz.uphoff force-pushed example/vpn-example-usecase from 7ed20f586b to bede872194 2026-05-13 07:59:07 +00:00 Compare
sven.schmidt reviewed 2026-05-13 08:39:17 +00:00
sven.schmidt left a comment
Owner
Copy link

Overall this looks good, but I added a few comments on points that should be clarified or adjusted before merging.

Overall this looks good, but I added a few comments on points that should be clarified or adjusted before merging.
examples/vpn-usecases/module/stackit-sna-with-debug-machine/README.md Outdated
@ -0,0 +44,4 @@
| <a name="input_sna_default_nameserver"></a> [sna_default_nameserver](#input_sna_default_nameserver) | A list of STACKIT SNA default nameservers (IP addresses). | `list(string)` | <pre>[<br/> "1.1.1.1"<br/>]</pre> | no |
| <a name="input_sna_name"></a> [sna_name](#input_sna_name) | The name of the STACKIT Network Area (SNA). | `string` | n/a | yes |
| <a name="input_sna_network_range_prefix"></a> [sna_network_range_prefix](#input_sna_network_range_prefix) | A list of STACKIT SNA network range prefixes in CIDR notation. | `list(string)` | <pre>[<br/> "10.28.0.0/16"<br/>]</pre> | no |
| <a name="input_sna_transfer_range"></a> [sna_transfer_range](#input_sna_transfer_range) | The STACKIT SNA transfer range in CIDR notation. | `string` | `"172.3.0.0/16"` | no |
sven.schmidt commented 2026-05-13 08:24:07 +00:00
Owner
Copy link

172.3.0.0/16 is part of the public IPv4 address space and is not covered by the private ranges defined in RFC1918.

I would suggest using 172.16.0.0/16 instead, as it falls within the private 172.16.0.0/12 range. Using a public IP range internally can lead to routing issues later on. Especially if traffic to a real public endpoint within that range needs to be resolved or routed externally.
https://datatracker.ietf.org/doc/html/rfc1918

172.3.0.0/16 is part of the public IPv4 address space and is not covered by the private ranges defined in RFC1918. I would suggest using 172.16.0.0/16 instead, as it falls within the private 172.16.0.0/12 range. Using a public IP range internally can lead to routing issues later on. Especially if traffic to a real public endpoint within that range needs to be resolved or routed externally. https://datatracker.ietf.org/doc/html/rfc1918
mauritz.uphoff commented 2026-05-13 08:43:11 +00:00
Author
Owner
Copy link

nice catch!

nice catch!
mauritz.uphoff marked this conversation as resolved
examples/vpn-usecases/module/stackit-sna-with-debug-machine/variables.tf Outdated
@ -0,0 +47,4 @@
variable "sna_transfer_range" {
description = "The STACKIT SNA transfer range in CIDR notation."
type = string
default = "172.3.0.0/16"
sven.schmidt commented 2026-05-13 08:21:27 +00:00
Owner
Copy link

Please adjust here also to the RFC1918

Please adjust here also to the RFC1918
mauritz.uphoff marked this conversation as resolved
examples/vpn-usecases/stackit-gcp/010-provider.tf Outdated
@ -0,0 +16,4 @@
required_providers {
stackit = {
source = "stackitcloud/stackit"
version = ">=0.66.0"
sven.schmidt commented 2026-05-13 08:32:15 +00:00
Owner
Copy link

The STACKIT Terraform provider version should be used consistently across this example.

The STACKIT Terraform provider version should be used consistently across this example.
mauritz.uphoff marked this conversation as resolved
examples/vpn-usecases/stackit-gcp/020-variables.tf Outdated
@ -0,0 +14,4 @@
variable "stackit_org_id" {
type = string
default = "03a34540-3c1a-4794-b2c6-7111ecf824ef"
sven.schmidt commented 2026-05-13 08:33:11 +00:00
Owner
Copy link

hard coded org id in the vars

hard coded org id in the vars
mauritz.uphoff marked this conversation as resolved
examples/vpn-usecases/stackit-gcp/020-variables.tf Outdated
@ -0,0 +26,4 @@
type = string
# TODO remove
default = "/Users/uphoffm/GolandProjects/professional-service/keys/stackit-sa.json"
}
sven.schmidt commented 2026-05-13 08:33:36 +00:00
Owner
Copy link

adjust to generic vars

adjust to generic vars
mauritz.uphoff marked this conversation as resolved
examples/vpn-usecases/stackit-gcp/020-variables.tf Outdated
@ -0,0 +32,4 @@
type = string
# TODO remove
default = "/Users/uphoffm/GolandProjects/professional-service/keys/gcp-sa.json"
}
sven.schmidt commented 2026-05-13 08:33:41 +00:00
Owner
Copy link

adjust to generic vars

adjust to generic vars
mauritz.uphoff marked this conversation as resolved
examples/vpn-usecases/stackit-stackit/010-provider.tf Outdated
@ -0,0 +16,4 @@
required_providers {
stackit = {
source = "stackitcloud/stackit"
version = ">=0.66.0"
sven.schmidt commented 2026-05-13 08:27:48 +00:00
Owner
Copy link

The STACKIT Terraform provider version should be used consistently across this example.

The STACKIT Terraform provider version should be used consistently across this example.
mauritz.uphoff commented 2026-05-13 08:45:33 +00:00
Author
Owner
Copy link

locked the version in tflock file. Still updated provider.tf

locked the version in tflock file. Still updated provider.tf
mauritz.uphoff marked this conversation as resolved
examples/vpn-usecases/stackit-stackit/020-variables.tf Outdated
@ -0,0 +15,4 @@
variable "stackit_org_id" {
type = string
default = "03a34540-3c1a-4794-b2c6-7111ecf824ef"
}
sven.schmidt commented 2026-05-13 08:37:20 +00:00
Owner
Copy link

Hard coded org ids

Hard coded org ids
mauritz.uphoff marked this conversation as resolved
mauritz.uphoff force-pushed example/vpn-example-usecase from bede872194 to 720eabd8d3 2026-05-13 08:42:15 +00:00 Compare
mauritz.uphoff force-pushed example/vpn-example-usecase from 720eabd8d3 to 8dffccb78a 2026-05-13 08:44:58 +00:00 Compare
mauritz.uphoff force-pushed example/vpn-example-usecase from 8dffccb78a to aa8265a13c 2026-05-13 08:48:05 +00:00 Compare
mauritz.uphoff force-pushed example/vpn-example-usecase from aa8265a13c to 8f3b77c345 2026-05-13 08:49:56 +00:00 Compare
mauritz.uphoff changed title from example(vpn): WIP to example(vpn): add example usecases 2026-05-13 08:50:17 +00:00
mauritz.uphoff changed title from example(vpn): add example usecases to example(vpn): add usecases 2026-05-13 08:50:22 +00:00
mauritz.uphoff force-pushed example/vpn-example-usecase from 8f3b77c345 to 7d87aadd12 2026-05-13 08:50:45 +00:00 Compare
sven.schmidt reviewed 2026-05-13 09:58:29 +00:00
sven.schmidt left a comment
Owner
Copy link

If the README.md is intended to be the source of truth, it might make sense to align the referenced configuration/files accordingly.

If the README.md is intended to be the source of truth, it might make sense to align the referenced configuration/files accordingly.
examples/vpn-usecases/module/stackit-sna-with-debug-machine/README.md Outdated
@ -0,0 +11,4 @@
| Name | Version |
| ------------------------------------------------------------------ | --------- |
| <a name="requirement_stackit"></a> [stackit](#requirement_stackit) | >= 0.87.0 |
sven.schmidt commented 2026-05-13 09:46:53 +00:00
Owner
Copy link

I don’t want to be nitpicky here, but just for the record: should we use v0.87 or v0.95 now?

I’m still of the opinion that we should keep the referenced provider version consistent across the example, even if Terraform will always pick the latest matching version because of the >= constraint.

I don’t want to be nitpicky here, but just for the record: should we use v0.87 or v0.95 now? I’m still of the opinion that we should keep the referenced provider version consistent across the example, even if Terraform will always pick the latest matching version because of the >= constraint.
mauritz.uphoff marked this conversation as resolved
examples/vpn-usecases/module/stackit-sna-with-debug-machine/README.md Outdated
@ -0,0 +18,4 @@
| Name | Version |
| ------------------------------------------------------------ | --------- |
| <a name="provider_stackit"></a> [stackit](#provider_stackit) | >= 0.87.0 |
sven.schmidt commented 2026-05-13 09:47:03 +00:00
Owner
Copy link

don’t want to be nitpicky here, but just for the record: should we use v0.87 or v0.95 now?

I’m still of the opinion that we should keep the referenced provider version consistent across the example, even if Terraform will always pick the latest matching version because of the >= constraint.

don’t want to be nitpicky here, but just for the record: should we use v0.87 or v0.95 now? I’m still of the opinion that we should keep the referenced provider version consistent across the example, even if Terraform will always pick the latest matching version because of the >= constraint.
mauritz.uphoff marked this conversation as resolved
examples/vpn-usecases/module/stackit-sna-with-debug-machine/README.md Outdated
@ -0,0 +42,4 @@
| --------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------- | -------------- | ---------------------------------------- | :------: |
| <a name="input_machine_availability_zone"></a> [machine_availability_zone](#input_machine_availability_zone) | The availability zone (e.g. eu01-1) | `string` | n/a | yes |
| <a name="input_machine_disk_performance_class"></a> [machine_disk_performance_class](#input_machine_disk_performance_class) | Storage performance class | `string` | `"storage_premium_perf4"` | no |
| <a name="input_machine_disk_size"></a> [machine_disk_size](#input_machine_disk_size) | Boot volume size in GB | `number` | `50` | no |
sven.schmidt commented 2026-05-13 09:48:16 +00:00
Owner
Copy link

To keep this cost-effective, we should use the minimum required disk size here. 50 GB seems a bit too large for this example.

To keep this cost-effective, we should use the minimum required disk size here. 50 GB seems a bit too large for this example.
mauritz.uphoff marked this conversation as resolved
examples/vpn-usecases/module/stackit-sna-with-debug-machine/README.md Outdated
@ -0,0 +43,4 @@
| <a name="input_machine_availability_zone"></a> [machine_availability_zone](#input_machine_availability_zone) | The availability zone (e.g. eu01-1) | `string` | n/a | yes |
| <a name="input_machine_disk_performance_class"></a> [machine_disk_performance_class](#input_machine_disk_performance_class) | Storage performance class | `string` | `"storage_premium_perf4"` | no |
| <a name="input_machine_disk_size"></a> [machine_disk_size](#input_machine_disk_size) | Boot volume size in GB | `number` | `50` | no |
| <a name="input_machine_image_id"></a> [machine_image_id](#input_machine_image_id) | Image UUID (Default: Debian 12) | `string` | `"c751cde7-e648-4f81-9722-ce9c7848bed0"` | no |
sven.schmidt commented 2026-05-13 09:51:13 +00:00
Owner
Copy link

Image IDs are not the same across projects. For example, in my test project I get the following image ID:

be18b266-372a-4da3-b6b1-61cc6e3f7b13

So maybe we should add an instruction showing users how to retrieve the correct image ID for their own project instead of hardcoding one.

Image IDs are not the same across projects. For example, in my test project I get the following image ID: be18b266-372a-4da3-b6b1-61cc6e3f7b13 So maybe we should add an instruction showing users how to retrieve the correct image ID for their own project instead of hardcoding one.
mauritz.uphoff marked this conversation as resolved
examples/vpn-usecases/module/stackit-sna-with-debug-machine/README.md Outdated
@ -0,0 +47,4 @@
| <a name="input_machine_ipv4_prefix"></a> [machine_ipv4_prefix](#input_machine_ipv4_prefix) | The IPv4 prefix for the test machine's network (CIDR notation). This must be a subnet within the defined SNA network ranges. | `string` | n/a | yes |
| <a name="input_machine_name"></a> [machine_name](#input_machine_name) | name of the stackit test machine | `string` | `"vpn-test-01"` | no |
| <a name="input_machine_network_name"></a> [machine_network_name](#input_machine_network_name) | The name of the network where the test machine will be connected. | `string` | n/a | yes |
| <a name="input_machine_type"></a> [machine_type](#input_machine_type) | Flavor of the machine | `string` | `"g1.1"` | no |
sven.schmidt commented 2026-05-13 09:54:09 +00:00
Owner
Copy link

according to the modules/test-machine/variables.tf its c2.1

according to the modules/test-machine/variables.tf its c2.1
sven.schmidt commented 2026-05-13 10:00:12 +00:00
Owner
Copy link

have to correct myself its c2i.1 not c2.1

have to correct myself its c2i.1 not c2.1
mauritz.uphoff marked this conversation as resolved
examples/vpn-usecases/module/stackit-sna-with-debug-machine/README.md Outdated
@ -0,0 +51,4 @@
| <a name="input_sna_default_nameserver"></a> [sna_default_nameserver](#input_sna_default_nameserver) | A list of STACKIT SNA default nameservers (IP addresses). | `list(string)` | <pre>[<br/> "1.1.1.1"<br/>]</pre> | no |
| <a name="input_sna_name"></a> [sna_name](#input_sna_name) | The name of the STACKIT Network Area (SNA). | `string` | n/a | yes |
| <a name="input_sna_network_range_prefix"></a> [sna_network_range_prefix](#input_sna_network_range_prefix) | A list of STACKIT SNA network range prefixes in CIDR notation. | `list(string)` | <pre>[<br/> "10.28.0.0/16"<br/>]</pre> | no |
| <a name="input_sna_transfer_range"></a> [sna_transfer_range](#input_sna_transfer_range) | The STACKIT SNA transfer range in CIDR notation. | `string` | `"172.3.0.0/16"` | no |
sven.schmidt commented 2026-05-13 09:51:43 +00:00
Owner
Copy link

pls adjust to the RFC1918

pls adjust to the RFC1918
mauritz.uphoff marked this conversation as resolved
examples/vpn-usecases/module/stackit-sna-with-debug-machine/variables.tf Outdated
@ -0,0 +123,4 @@
variable "machine_disk_size" {
description = "Boot volume size in GB"
type = number
default = 50
sven.schmidt commented 2026-05-13 09:55:05 +00:00
Owner
Copy link

see comment on README.md

see comment on README.md
mauritz.uphoff marked this conversation as resolved
modules/test-machine/variables.tf Outdated
@ -57,3 +57,3 @@
description = "Flavor of the machine"
type = string
default = "g1.1"
default = "c2i.1"
sven.schmidt commented 2026-05-13 09:56:04 +00:00
Owner
Copy link

This needs to be adjusted if the README.md is intended to be the source of truth.

This needs to be adjusted if the README.md is intended to be the source of truth.
mauritz.uphoff marked this conversation as resolved
mauritz.uphoff force-pushed example/vpn-example-usecase from 7d87aadd12 to 8c027e6ef2 2026-05-13 10:38:49 +00:00 Compare
mauritz.uphoff force-pushed example/vpn-example-usecase from 8c027e6ef2 to cff1e365fc 2026-05-13 11:16:48 +00:00 Compare
mauritz.uphoff force-pushed example/vpn-example-usecase from cff1e365fc to 1f6abdc72d 2026-05-13 11:19:51 +00:00 Compare
mauritz.uphoff force-pushed example/vpn-example-usecase from 1f6abdc72d to 41762cf7dc 2026-05-13 11:21:29 +00:00 Compare
mauritz.uphoff merged commit f1dca38328 into main 2026-05-13 11:42:35 +00:00
mauritz.uphoff deleted branch example/vpn-example-usecase 2026-05-13 11:42:36 +00:00
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels
No items
No labels
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
2 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: professional-service-best-practices/professional-service#20
No description provided.
Delete branch "example/vpn-example-usecase"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?