From 2c184baca016dbb1712942f041e6ba5c9f29df5a Mon Sep 17 00:00:00 2001
From: Mauritz Uphoff <mauritz.uphoff@stackit.cloud>
Date: Tue, 19 May 2026 14:59:41 +0200
Subject: [PATCH] example(ske-azure-arc): add example on how to add ske cluster
 to azure arc

---
 .gitignore                                    |   3 +
 .../.terraform.lock.hcl                       | 104 ++++++++++++++++++
 .../ske-azure-arc-integration/010-provider.tf |  57 ++++++++++
 .../020-variables.tf                          |  30 +++++
 .../030-stackit-azure-arc.tf                  |  23 ++++
 .../ske-azure-arc-integration/040-outputs.tf  |  30 +++++
 .../ske-azure-arc-integration/MAINTAINERS.md  |   9 ++
 examples/ske-azure-arc-integration/README.md  |  46 ++++++++
 8 files changed, 302 insertions(+)
 create mode 100644 examples/ske-azure-arc-integration/.terraform.lock.hcl
 create mode 100644 examples/ske-azure-arc-integration/010-provider.tf
 create mode 100644 examples/ske-azure-arc-integration/020-variables.tf
 create mode 100644 examples/ske-azure-arc-integration/030-stackit-azure-arc.tf
 create mode 100644 examples/ske-azure-arc-integration/040-outputs.tf
 create mode 100644 examples/ske-azure-arc-integration/MAINTAINERS.md
 create mode 100644 examples/ske-azure-arc-integration/README.md

diff --git a/.gitignore b/.gitignore
index 4567528..50637e9 100644
--- a/.gitignore
+++ b/.gitignore
@@ -68,3 +68,6 @@ go.work.sum
 .idea
 ssh
 keys
+
+### K8s
+.kubeconfig
diff --git a/examples/ske-azure-arc-integration/.terraform.lock.hcl b/examples/ske-azure-arc-integration/.terraform.lock.hcl
new file mode 100644
index 0000000..83474cf
--- /dev/null
+++ b/examples/ske-azure-arc-integration/.terraform.lock.hcl
@@ -0,0 +1,104 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/hashicorp/azurerm" {
+  version     = "4.72.0"
+  constraints = "4.72.0"
+  hashes = [
+    "h1:QYnPAHT/PYheOOZz52ucHqw/ZO9PxWyPLtO7UD/jSMg=",
+    "zh:073472587c3752e89738522814d2b4eb2fd69eb2cb19c5a5ead3c7d2eabdc279",
+    "zh:1950effc0c315b6002c8cb6327b94fe59bda210e699367d9727bc66490d651d2",
+    "zh:47c990db75658525de57c8955a05b4752b88f3a900fffac0e7661d4a749e94f2",
+    "zh:610f2cbd6fab76750d8b093f03beabbb7162dc8c6affe0109f534ce240b3ff0f",
+    "zh:6739d645fe548c5a489d711f7748f32368cf68d723d2c59d3f2e21456304d692",
+    "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3",
+    "zh:a277ab095cc8aff3aede9e43eca2a699936472ef90abb272adf3daa609eb9141",
+    "zh:b1fdcdaf926c86de0d884beda90d78cb94a42ddede03a1f0b92c36b321d4f07e",
+    "zh:c003f1f15e52c54e189301ae2c7d8dd65acb2e5a7527d201355f2757b5465ba9",
+    "zh:c45f2d2206c0f8f71f207cd39eec73da9619d35932bbe1a5b8be7679c50a151e",
+    "zh:d7040d8ec295481bc1d30346ed7f3075c40ede87c0fedf1db34dd91c1c367a10",
+    "zh:e595f0b870cd5fd5debdc926fc1740201d2b66188b9b132dc598bdd6444e7348",
+  ]
+}
+
+provider "registry.terraform.io/hashicorp/helm" {
+  version = "3.1.1"
+  hashes = [
+    "h1:47CqNwkxctJtL/N/JuEj+8QMg8mRNI/NWeKO5/ydfZU=",
+    "zh:1a6d5ce931708aec29d1f3d9e360c2a0c35ba5a54d03eeaff0ce3ca597cd0275",
+    "zh:3411919ba2a5941801e677f0fea08bdd0ae22ba3c9ce3309f55554699e06524a",
+    "zh:81b36138b8f2320dc7f877b50f9e38f4bc614affe68de885d322629dd0d16a29",
+    "zh:95a2a0a497a6082ee06f95b38bd0f0d6924a65722892a856cfd914c0d117f104",
+    "zh:9d3e78c2d1bb46508b972210ad706dd8c8b106f8b206ecf096cd211c54f46990",
+    "zh:a79139abf687387a6efdbbb04289a0a8e7eaca2bd91cdc0ce68ea4f3286c2c34",
+    "zh:aaa8784be125fbd50c48d84d6e171d3fb6ef84a221dbc5165c067ce05faab4c8",
+    "zh:afecd301f469975c9d8f350cc482fe656e082b6ab0f677d1a816c3c615837cc1",
+    "zh:c54c22b18d48ff9053d899d178d9ffef7d9d19785d9bf310a07d648b7aac075b",
+    "zh:db2eefd55aea48e73384a555c72bac3f7d428e24147bedb64e1a039398e5b903",
+    "zh:ee61666a233533fd2be971091cecc01650561f1585783c381b6f6e8a390198a4",
+    "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c",
+  ]
+}
+
+provider "registry.terraform.io/hashicorp/kubernetes" {
+  version     = "3.1.0"
+  constraints = "> 2.14.0"
+  hashes = [
+    "h1:G9QqKNpcztBRqrywtlNylFJSpGzDfRFtO8hcWLdkvRY=",
+    "zh:0215c5c60be62028c09a2f22458e89cda3ef5830a632299f1d401eb3538874b0",
+    "zh:09ebb9f442431e278a310a9423f32caf467cb4b3cad3fe59573ca71fa7b14e20",
+    "zh:0c4e5912f83bb35846ae0a9ae54fc320706ee61894cd21cc6b4181b1c5a2fa5c",
+    "zh:1678c982853ad461e65ccb5e79d585e13ed109dd47dab2a66d3a7a304faeef65",
+    "zh:1c050a5c15e330457a9c18caacf61a923c59d663e13f2962e4b32f04fef523a0",
+    "zh:2c55bcec83be58ec132c7cb0a1ac644758b800d794fdc636d53a0eada0358a3a",
+    "zh:a062bb0aa316c08d8460c66a5d68da71da40de5d3bc3b31abcf3a1a9a19650f1",
+    "zh:a26fdea0afaa9b247c73c0b42843ca51ba7db0ac2571f9d3d50dcabd20ca1b98",
+    "zh:c872c9385a78d502bf5823d61cd3bb0f9a0585030e025eb12585c83451beeaa1",
+    "zh:f180879af931182beee4c8c0d9dab62b81d86f17ddcbe3786ef4c7cec9163a4e",
+    "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c",
+    "zh:f70f5789264069e0eef06f9b5d5fde955ef7206f7d446d1ce51a4c37a3f3e02f",
+  ]
+}
+
+provider "registry.terraform.io/hashicorp/random" {
+  version     = "3.9.0"
+  constraints = "3.9.0"
+  hashes = [
+    "h1:OO+IuvQJSPmWdN8AyyIEvPJbLvDQpgX/zbktoa9KsJE=",
+    "zh:161ad0bd9a75768c82f53fb6e7172a9d8be2d4889b012645a34795031aaf1bf1",
+    "zh:19dc9a5b17729725ccfc4f45b0500af0ee5bc6b6b160c7adb8f2bf617d2c80ea",
+    "zh:269eda8fe42daa7974d5a34d166c3ba9defe80cde86c01e4dadcfdf2e1f05e5f",
+    "zh:373f7c65566f8f2cc7f45d698654feb9d988996957e1266a69ca00c52d6d16d0",
+    "zh:5599d16804c41c83009ec621b6d6b6f74e102f5827678a4750f8809055546b61",
+    "zh:583be0440469a22bff70dcfa56593b01566860b29607437264adb51060cf46fc",
+    "zh:5f211d8ec3f2e1f414870d9584bfe26e6995560ef81c748f8447a48164767398",
+    "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3",
+    "zh:7b547fd16216761ef86efc3ed516ac5ac0c5c42b7c7eb24a08cef2d93f69ed5e",
+    "zh:7e7c0679daf2a382151d05068c8c3f0dae6b7b7dccf818827b73dd08638df2ef",
+    "zh:8089dec888a8038b9b4fb23b3df7e1057293dbc5b60b42cc47ff690d69d4b61b",
+    "zh:c51f15a031edfd6f23ce8ced3446ca7f8d8d647e2499890d7d5d10d5016d7257",
+    "zh:c94784f005708890dc6895afd53636ec00ec1e430b15d41e5aebfb1d4b39bd04",
+  ]
+}
+
+provider "registry.terraform.io/stackitcloud/stackit" {
+  version     = "0.96.0"
+  constraints = ">= 0.95.0"
+  hashes = [
+    "h1:NgwbVCV5pfBVMO3xUMop4l5AzvVv3BuBzXpJjgoZfSU=",
+    "zh:04d309851424a53d3d014dde3b143fc1cdc19fbebf558eb4b927878103f78fb0",
+    "zh:0dde99e7b343fa01f8eefc378171fb8621bedb20f59157d6cc8e3d46c738105f",
+    "zh:0ebcdf98a47f301e12925803198320d637552ef57abc49e2a48a009f1ddbf39a",
+    "zh:176238c057193c9c60c365b83463e758892186fcc2bd14bc9bbf69bf471f1d6b",
+    "zh:1c514ec6d09ee210ebb813d49b7d3a71b5b9d0b173c743bce9ab937b1e3d303a",
+    "zh:20433d0dc7e4aa2a806863fc289a2cecb19763624f199babfbe44f22d4d9150f",
+    "zh:452ceacbe4a1f70c81320b9223f4958c9bc122508c79e86bc97cb9241682c053",
+    "zh:5f893229f41f8dc2169b5b02785fb2988e8cad2141722a411711182bafefa015",
+    "zh:69383e27067a6413300d3acbcdad8f890bd187e16630580c09900ba379659284",
+    "zh:694de24bd05027c3c8b7a7c477973f76cd5a11d7fd38819026b5a0e588698fd9",
+    "zh:7c7399e3223dd76efb56ca2e3c9435b41bcbaf549839cec36023f801ca5bdcd2",
+    "zh:8a92b221694c59648d22e2e2a0059015872eff7034ae0ba9eb801fe399644a2c",
+    "zh:90a8ae716c9bc6c8804a38f7a903c7af7114ce324d0126c64e1447b6d255cdba",
+    "zh:d29eb17fde9460c5ce3c7a7975eef0ad7fea692eb17fad5e0421952e4d29dbd2",
+  ]
+}
diff --git a/examples/ske-azure-arc-integration/010-provider.tf b/examples/ske-azure-arc-integration/010-provider.tf
new file mode 100644
index 0000000..871e78b
--- /dev/null
+++ b/examples/ske-azure-arc-integration/010-provider.tf
@@ -0,0 +1,57 @@
+# Copyright 2026 Schwarz Digits Cloud GmbH & Co. KG
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+terraform {
+  required_providers {
+    stackit = {
+      source  = "stackitcloud/stackit"
+      version = ">=0.95.0"
+    }
+    kubernetes = {
+      source  = "hashicorp/kubernetes"
+      version = ">2.14.0"
+    }
+    azurerm = {
+      source  = "hashicorp/azurerm"
+      version = "4.72.0"
+    }
+  }
+}
+
+provider "stackit" {
+  default_region           = var.stackit_region
+  service_account_key_path = var.stackit_service_account_key_path
+  enable_beta_resources    = true
+}
+
+provider "azurerm" {
+  features {}
+  subscription_id = var.azure_subscription_id
+}
+
+provider "kubernetes" {
+  host                   = yamldecode(module.ske.kubeconfig).clusters.0.cluster.server
+  client_certificate     = base64decode(yamldecode(module.ske.kubeconfig).users.0.user.client-certificate-data)
+  client_key             = base64decode(yamldecode(module.ske.kubeconfig).users.0.user.client-key-data)
+  cluster_ca_certificate = base64decode(yamldecode(module.ske.kubeconfig).clusters.0.cluster.certificate-authority-data)
+}
+
+provider "helm" {
+  kubernetes = {
+    host                   = yamldecode(module.ske.kubeconfig).clusters.0.cluster.server
+    client_certificate     = base64decode(yamldecode(module.ske.kubeconfig).users.0.user.client-certificate-data)
+    client_key             = base64decode(yamldecode(module.ske.kubeconfig).users.0.user.client-key-data)
+    cluster_ca_certificate = base64decode(yamldecode(module.ske.kubeconfig).clusters.0.cluster.certificate-authority-data)
+  }
+}
diff --git a/examples/ske-azure-arc-integration/020-variables.tf b/examples/ske-azure-arc-integration/020-variables.tf
new file mode 100644
index 0000000..ccc5d37
--- /dev/null
+++ b/examples/ske-azure-arc-integration/020-variables.tf
@@ -0,0 +1,30 @@
+# Copyright 2026 Schwarz Digits Cloud GmbH & Co. KG
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+variable "stackit_project_id" {
+  type = string
+}
+
+variable "stackit_region" {
+  type    = string
+  default = "eu01"
+}
+
+variable "stackit_service_account_key_path" {
+  type = string
+}
+
+variable "azure_subscription_id" {
+  type = string
+}
diff --git a/examples/ske-azure-arc-integration/030-stackit-azure-arc.tf b/examples/ske-azure-arc-integration/030-stackit-azure-arc.tf
new file mode 100644
index 0000000..3a99206
--- /dev/null
+++ b/examples/ske-azure-arc-integration/030-stackit-azure-arc.tf
@@ -0,0 +1,23 @@
+# Copyright 2026 Schwarz Digits Cloud GmbH & Co. KG
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+module "ske" {
+  source     = "../../modules/test-ske"
+  project_id = var.stackit_project_id
+}
+
+resource "azurerm_resource_group" "arc_rg" {
+  name     = "rg-stackit-arc-poc"
+  location = "West Europe"
+}
diff --git a/examples/ske-azure-arc-integration/040-outputs.tf b/examples/ske-azure-arc-integration/040-outputs.tf
new file mode 100644
index 0000000..bdd2b97
--- /dev/null
+++ b/examples/ske-azure-arc-integration/040-outputs.tf
@@ -0,0 +1,30 @@
+# Copyright 2026 Schwarz Digits Cloud GmbH & Co. KG
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+output "kubeconfig" {
+  value     = module.ske.kubeconfig
+  sensitive = true
+}
+
+output "cluster_name" {
+  value = module.ske.cluster_name
+}
+
+output "azure_resource_group" {
+  value = azurerm_resource_group.arc_rg.name
+}
+
+output "azure_location" {
+  value = azurerm_resource_group.arc_rg.location
+}
diff --git a/examples/ske-azure-arc-integration/MAINTAINERS.md b/examples/ske-azure-arc-integration/MAINTAINERS.md
new file mode 100644
index 0000000..1aaefce
--- /dev/null
+++ b/examples/ske-azure-arc-integration/MAINTAINERS.md
@@ -0,0 +1,9 @@
+# Maintainers
+
+General maintainers:
+
+- Mauritz Uphoff (mauritz.uphoff@digits.schwarz)
+
+This example is actively maintained. The owner is responsible for reviewing and updating dependencies and functionalities on a monthly basis.
+For questions, issues, or feature requests, please email general maintainers.
+Please include the BP name and version in your request. We will track your request as an issue.
diff --git a/examples/ske-azure-arc-integration/README.md b/examples/ske-azure-arc-integration/README.md
new file mode 100644
index 0000000..391679b
--- /dev/null
+++ b/examples/ske-azure-arc-integration/README.md
@@ -0,0 +1,46 @@
+# STACKIT SKE Azure Arc Integration
+
+This repository contains Terraform and CLI steps to connect a **STACKIT SKE cluster** to **Azure Arc**.
+
+## Prerequisites
+
+- Azure CLI installed and authenticated (`az login`)
+- Terraform installed
+- STACKIT Project & Service Account configured
+
+## Setup Guide
+
+### 1. Provision Infrastructure
+
+Deploy the SKE cluster and an Azure Resource Group to host the Arc connection:
+
+```bash
+terraform init
+terraform apply
+```
+
+### 2. Connect to Azure Arc
+
+Run the following commands to register required Azure providers and connect the cluster:
+
+```bash
+# Register Azure Arc providers
+az extension add --name connectedk8s
+az provider register --namespace Microsoft.Kubernetes
+az provider register --namespace Microsoft.KubernetesConfiguration
+az provider register --namespace Microsoft.ExtendedLocation
+
+# Export SKE Kubeconfig
+terraform output -raw kubeconfig > .kubeconfig
+
+# Connect cluster to Azure Arc
+az connectedk8s connect \
+  --name "stackit-$(terraform output -raw cluster_name)" \
+  --resource-group "$(terraform output -raw azure_resource_group)" \
+  --location "$(terraform output -raw azure_location)" \
+  --kube-config .kubeconfig
+```
+
+## References
+
+- [Azure Arc Quickstart](https://learn.microsoft.com/en-us/azure/azure-arc/kubernetes/quickstart-connect-cluster?tabs=azure-cli)
-- 
2.49.1