diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 6c7483b..7ea597b 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -60,11 +60,19 @@ repos: - repo: local hooks: + # Requires `addlicense` to be installed locally (go install github.com/google/addlicense@latest) - id: addlicense name: Add License Headers description: Ensures all files have the Apache 2.0 license header - # Requires `addlicense` to be installed locally (go install github.com/google/addlicense@latest) entry: addlicense -c "Schwarz Digits Cloud GmbH & Co. KG" -l apache language: system types_or: [terraform, python, go, javascript, yaml, json] pass_filenames: true + + - id: terraform-numbered-files + name: Terraform Files Must Have Number Prefix + description: Ensures all committed .tf files start with a number (e.g., 01-, 010-, 100-) + entry: scripts/check-terraform-numbered-files.sh + language: script + types: [terraform] + pass_filenames: true diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 167ea7a..0bd64ec 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -58,6 +58,7 @@ To maintain a clean and secure codebase, we enforce a strict CI pipeline on all // limitations under the License. ``` +- **Terraform file naming:** All `.tf` files in examples **must** be prefixed with exactly 3 digits to enforce consistent ordering (e.g., `010-provider.tf`, `020-variables.tf`, `030-resources.tf`, `100-outputs.tf`). Files inside `modules/` directories are exempt from this rule. This check is enforced automatically by pre-commit. - **Scan for Secrets:** Never commit credentials. We use `trufflehog` in the CI pipeline. Ensure you have no hardcoded tokens or passwords in your code. ### Repository structure @@ -78,8 +79,7 @@ If you built a great module for a customer project and want to share it, follow - `variables.tf` (Inputs with clear descriptions and types) - `outputs.tf` (Values to return to the caller) - `README.md` (Documentation on what the module does and its inputs/outputs. We recommend using `terraform-docs` to generate this automatically). -3. **Provide an example:** A module is only as good as its documentation. Create a working example in the `examples/` folder showing how to instantiate your module. -4. **Test it locally:** Run `terraform init`, `terraform plan`, and ideally `terraform apply` in a sandbox environment to ensure your code works before opening a PR. +3. **Test it locally:** Run `terraform init`, `terraform plan`, and ideally `terraform apply` in a sandbox environment to ensure your code works before opening a PR. ### Adding a new Script diff --git a/examples/alb-tls-examples/alb-k8s/terraform/00-backend.tf b/examples/alb-tls-examples/alb-k8s/terraform/010-backend.tf similarity index 100% rename from examples/alb-tls-examples/alb-k8s/terraform/00-backend.tf rename to examples/alb-tls-examples/alb-k8s/terraform/010-backend.tf diff --git a/examples/alb-tls-examples/alb-k8s/terraform/00-provider.tf b/examples/alb-tls-examples/alb-k8s/terraform/020-provider.tf similarity index 100% rename from examples/alb-tls-examples/alb-k8s/terraform/00-provider.tf rename to examples/alb-tls-examples/alb-k8s/terraform/020-provider.tf diff --git a/examples/alb-tls-examples/alb-k8s/terraform/01-variables.tf b/examples/alb-tls-examples/alb-k8s/terraform/030-variables.tf similarity index 100% rename from examples/alb-tls-examples/alb-k8s/terraform/01-variables.tf rename to examples/alb-tls-examples/alb-k8s/terraform/030-variables.tf diff --git a/examples/alb-tls-examples/alb-k8s/terraform/02-resource-hierarchy.tf b/examples/alb-tls-examples/alb-k8s/terraform/040-resource-hierarchy.tf similarity index 100% rename from examples/alb-tls-examples/alb-k8s/terraform/02-resource-hierarchy.tf rename to examples/alb-tls-examples/alb-k8s/terraform/040-resource-hierarchy.tf diff --git a/examples/alb-tls-examples/alb-k8s/terraform/03-network.tf b/examples/alb-tls-examples/alb-k8s/terraform/050-network.tf similarity index 100% rename from examples/alb-tls-examples/alb-k8s/terraform/03-network.tf rename to examples/alb-tls-examples/alb-k8s/terraform/050-network.tf diff --git a/examples/alb-tls-examples/alb-k8s/terraform/04-compute.tf b/examples/alb-tls-examples/alb-k8s/terraform/060-compute.tf similarity index 100% rename from examples/alb-tls-examples/alb-k8s/terraform/04-compute.tf rename to examples/alb-tls-examples/alb-k8s/terraform/060-compute.tf diff --git a/examples/alb-tls-examples/alb-k8s/terraform/05-dns.tf b/examples/alb-tls-examples/alb-k8s/terraform/070-dns.tf similarity index 100% rename from examples/alb-tls-examples/alb-k8s/terraform/05-dns.tf rename to examples/alb-tls-examples/alb-k8s/terraform/070-dns.tf diff --git a/examples/alb-tls-examples/alb-k8s/terraform/06-outputs.tf b/examples/alb-tls-examples/alb-k8s/terraform/080-outputs.tf similarity index 100% rename from examples/alb-tls-examples/alb-k8s/terraform/06-outputs.tf rename to examples/alb-tls-examples/alb-k8s/terraform/080-outputs.tf diff --git a/examples/alb-tls-examples/alb-k8s/terraform/07-alb.tf b/examples/alb-tls-examples/alb-k8s/terraform/090-alb.tf similarity index 100% rename from examples/alb-tls-examples/alb-k8s/terraform/07-alb.tf rename to examples/alb-tls-examples/alb-k8s/terraform/090-alb.tf diff --git a/examples/alb-tls-examples/vm-alb-certbot-letsencrypt/00-backend.tf b/examples/alb-tls-examples/vm-alb-certbot-letsencrypt/010-backend.tf similarity index 100% rename from examples/alb-tls-examples/vm-alb-certbot-letsencrypt/00-backend.tf rename to examples/alb-tls-examples/vm-alb-certbot-letsencrypt/010-backend.tf diff --git a/examples/alb-tls-examples/vm-alb-certbot-letsencrypt/00-provider.tf b/examples/alb-tls-examples/vm-alb-certbot-letsencrypt/020-provider.tf similarity index 100% rename from examples/alb-tls-examples/vm-alb-certbot-letsencrypt/00-provider.tf rename to examples/alb-tls-examples/vm-alb-certbot-letsencrypt/020-provider.tf diff --git a/examples/alb-tls-examples/vm-alb-certbot-letsencrypt/01-variables.tf b/examples/alb-tls-examples/vm-alb-certbot-letsencrypt/030-variables.tf similarity index 100% rename from examples/alb-tls-examples/vm-alb-certbot-letsencrypt/01-variables.tf rename to examples/alb-tls-examples/vm-alb-certbot-letsencrypt/030-variables.tf diff --git a/examples/alb-tls-examples/vm-alb-certbot-letsencrypt/02-resource-hierarchy.tf b/examples/alb-tls-examples/vm-alb-certbot-letsencrypt/040-resource-hierarchy.tf similarity index 100% rename from examples/alb-tls-examples/vm-alb-certbot-letsencrypt/02-resource-hierarchy.tf rename to examples/alb-tls-examples/vm-alb-certbot-letsencrypt/040-resource-hierarchy.tf diff --git a/examples/alb-tls-examples/vm-alb-certbot-letsencrypt/03-network.tf b/examples/alb-tls-examples/vm-alb-certbot-letsencrypt/050-network.tf similarity index 100% rename from examples/alb-tls-examples/vm-alb-certbot-letsencrypt/03-network.tf rename to examples/alb-tls-examples/vm-alb-certbot-letsencrypt/050-network.tf diff --git a/examples/alb-tls-examples/vm-alb-certbot-letsencrypt/04-compute.tf b/examples/alb-tls-examples/vm-alb-certbot-letsencrypt/060-compute.tf similarity index 100% rename from examples/alb-tls-examples/vm-alb-certbot-letsencrypt/04-compute.tf rename to examples/alb-tls-examples/vm-alb-certbot-letsencrypt/060-compute.tf diff --git a/examples/alb-tls-examples/vm-alb-certbot-letsencrypt/05-dns.tf b/examples/alb-tls-examples/vm-alb-certbot-letsencrypt/070-dns.tf similarity index 100% rename from examples/alb-tls-examples/vm-alb-certbot-letsencrypt/05-dns.tf rename to examples/alb-tls-examples/vm-alb-certbot-letsencrypt/070-dns.tf diff --git a/examples/alb-tls-examples/vm-alb-certbot-letsencrypt/06-outputs.tf b/examples/alb-tls-examples/vm-alb-certbot-letsencrypt/080-outputs.tf similarity index 100% rename from examples/alb-tls-examples/vm-alb-certbot-letsencrypt/06-outputs.tf rename to examples/alb-tls-examples/vm-alb-certbot-letsencrypt/080-outputs.tf diff --git a/examples/alb-tls-examples/vm-alb-certbot-letsencrypt/07-alb.tf b/examples/alb-tls-examples/vm-alb-certbot-letsencrypt/090-alb.tf similarity index 100% rename from examples/alb-tls-examples/vm-alb-certbot-letsencrypt/07-alb.tf rename to examples/alb-tls-examples/vm-alb-certbot-letsencrypt/090-alb.tf diff --git a/examples/alb-tls-examples/vm-alb-self-signed-cert/00-backend.tf b/examples/alb-tls-examples/vm-alb-self-signed-cert/010-backend.tf similarity index 100% rename from examples/alb-tls-examples/vm-alb-self-signed-cert/00-backend.tf rename to examples/alb-tls-examples/vm-alb-self-signed-cert/010-backend.tf diff --git a/examples/alb-tls-examples/vm-alb-self-signed-cert/00-provider.tf b/examples/alb-tls-examples/vm-alb-self-signed-cert/020-provider.tf similarity index 100% rename from examples/alb-tls-examples/vm-alb-self-signed-cert/00-provider.tf rename to examples/alb-tls-examples/vm-alb-self-signed-cert/020-provider.tf diff --git a/examples/alb-tls-examples/vm-alb-self-signed-cert/01-variables.tf b/examples/alb-tls-examples/vm-alb-self-signed-cert/030-variables.tf similarity index 100% rename from examples/alb-tls-examples/vm-alb-self-signed-cert/01-variables.tf rename to examples/alb-tls-examples/vm-alb-self-signed-cert/030-variables.tf diff --git a/examples/alb-tls-examples/vm-alb-self-signed-cert/02-resource-hierarchy.tf b/examples/alb-tls-examples/vm-alb-self-signed-cert/040-resource-hierarchy.tf similarity index 100% rename from examples/alb-tls-examples/vm-alb-self-signed-cert/02-resource-hierarchy.tf rename to examples/alb-tls-examples/vm-alb-self-signed-cert/040-resource-hierarchy.tf diff --git a/examples/alb-tls-examples/vm-alb-self-signed-cert/03-network.tf b/examples/alb-tls-examples/vm-alb-self-signed-cert/050-network.tf similarity index 100% rename from examples/alb-tls-examples/vm-alb-self-signed-cert/03-network.tf rename to examples/alb-tls-examples/vm-alb-self-signed-cert/050-network.tf diff --git a/examples/alb-tls-examples/vm-alb-self-signed-cert/04-compute.tf b/examples/alb-tls-examples/vm-alb-self-signed-cert/060-compute.tf similarity index 100% rename from examples/alb-tls-examples/vm-alb-self-signed-cert/04-compute.tf rename to examples/alb-tls-examples/vm-alb-self-signed-cert/060-compute.tf diff --git a/examples/alb-tls-examples/vm-alb-self-signed-cert/05-certificate.tf b/examples/alb-tls-examples/vm-alb-self-signed-cert/070-certificate.tf similarity index 100% rename from examples/alb-tls-examples/vm-alb-self-signed-cert/05-certificate.tf rename to examples/alb-tls-examples/vm-alb-self-signed-cert/070-certificate.tf diff --git a/examples/alb-tls-examples/vm-alb-self-signed-cert/05-dns.tf b/examples/alb-tls-examples/vm-alb-self-signed-cert/080-dns.tf similarity index 100% rename from examples/alb-tls-examples/vm-alb-self-signed-cert/05-dns.tf rename to examples/alb-tls-examples/vm-alb-self-signed-cert/080-dns.tf diff --git a/examples/alb-tls-examples/vm-alb-self-signed-cert/06-alb.tf b/examples/alb-tls-examples/vm-alb-self-signed-cert/090-alb.tf similarity index 100% rename from examples/alb-tls-examples/vm-alb-self-signed-cert/06-alb.tf rename to examples/alb-tls-examples/vm-alb-self-signed-cert/090-alb.tf diff --git a/examples/alb-tls-examples/vm-alb-self-signed-cert/07-outputs.tf b/examples/alb-tls-examples/vm-alb-self-signed-cert/100-outputs.tf similarity index 100% rename from examples/alb-tls-examples/vm-alb-self-signed-cert/07-outputs.tf rename to examples/alb-tls-examples/vm-alb-self-signed-cert/100-outputs.tf diff --git a/examples/dbaas-otel-collect-metrics/00-provider.tf b/examples/dbaas-otel-collect-metrics/010-provider.tf similarity index 100% rename from examples/dbaas-otel-collect-metrics/00-provider.tf rename to examples/dbaas-otel-collect-metrics/010-provider.tf diff --git a/examples/dbaas-otel-collect-metrics/01-variables.tf b/examples/dbaas-otel-collect-metrics/020-variables.tf similarity index 100% rename from examples/dbaas-otel-collect-metrics/01-variables.tf rename to examples/dbaas-otel-collect-metrics/020-variables.tf diff --git a/examples/dbaas-otel-collect-metrics/02-ske.tf b/examples/dbaas-otel-collect-metrics/030-ske.tf similarity index 100% rename from examples/dbaas-otel-collect-metrics/02-ske.tf rename to examples/dbaas-otel-collect-metrics/030-ske.tf diff --git a/examples/dbaas-otel-collect-metrics/03-observability.tf b/examples/dbaas-otel-collect-metrics/040-observability.tf similarity index 100% rename from examples/dbaas-otel-collect-metrics/03-observability.tf rename to examples/dbaas-otel-collect-metrics/040-observability.tf diff --git a/examples/dbaas-otel-collect-metrics/04-postgres.tf b/examples/dbaas-otel-collect-metrics/050-postgres.tf similarity index 100% rename from examples/dbaas-otel-collect-metrics/04-postgres.tf rename to examples/dbaas-otel-collect-metrics/050-postgres.tf diff --git a/examples/dbaas-otel-collect-metrics/04-service-account.tf b/examples/dbaas-otel-collect-metrics/051-service-account.tf similarity index 100% rename from examples/dbaas-otel-collect-metrics/04-service-account.tf rename to examples/dbaas-otel-collect-metrics/051-service-account.tf diff --git a/examples/dbaas-otel-collect-metrics/05-otel-helm.tf b/examples/dbaas-otel-collect-metrics/060-otel-helm.tf similarity index 100% rename from examples/dbaas-otel-collect-metrics/05-otel-helm.tf rename to examples/dbaas-otel-collect-metrics/060-otel-helm.tf diff --git a/examples/iaas-cross-az-layer4-loadbalancer/00-provider.tf b/examples/iaas-cross-az-layer4-loadbalancer/010-provider.tf similarity index 100% rename from examples/iaas-cross-az-layer4-loadbalancer/00-provider.tf rename to examples/iaas-cross-az-layer4-loadbalancer/010-provider.tf diff --git a/examples/iaas-cross-az-layer4-loadbalancer/01-variables.tf b/examples/iaas-cross-az-layer4-loadbalancer/020-variables.tf similarity index 100% rename from examples/iaas-cross-az-layer4-loadbalancer/01-variables.tf rename to examples/iaas-cross-az-layer4-loadbalancer/020-variables.tf diff --git a/examples/iaas-cross-az-layer4-loadbalancer/02-network.tf b/examples/iaas-cross-az-layer4-loadbalancer/030-network.tf similarity index 100% rename from examples/iaas-cross-az-layer4-loadbalancer/02-network.tf rename to examples/iaas-cross-az-layer4-loadbalancer/030-network.tf diff --git a/examples/iaas-cross-az-layer4-loadbalancer/03-machine01.tf b/examples/iaas-cross-az-layer4-loadbalancer/040-machine01.tf similarity index 100% rename from examples/iaas-cross-az-layer4-loadbalancer/03-machine01.tf rename to examples/iaas-cross-az-layer4-loadbalancer/040-machine01.tf diff --git a/examples/iaas-cross-az-layer4-loadbalancer/04-machine02.tf b/examples/iaas-cross-az-layer4-loadbalancer/050-machine02.tf similarity index 100% rename from examples/iaas-cross-az-layer4-loadbalancer/04-machine02.tf rename to examples/iaas-cross-az-layer4-loadbalancer/050-machine02.tf diff --git a/examples/iaas-cross-az-layer4-loadbalancer/05-l4-loadbalancer.tf b/examples/iaas-cross-az-layer4-loadbalancer/060-l4-loadbalancer.tf similarity index 100% rename from examples/iaas-cross-az-layer4-loadbalancer/05-l4-loadbalancer.tf rename to examples/iaas-cross-az-layer4-loadbalancer/060-l4-loadbalancer.tf diff --git a/examples/iaas-cross-az-layer7-loadbalancer-waf/00-provider.tf b/examples/iaas-cross-az-layer7-loadbalancer-waf/010-provider.tf similarity index 100% rename from examples/iaas-cross-az-layer7-loadbalancer-waf/00-provider.tf rename to examples/iaas-cross-az-layer7-loadbalancer-waf/010-provider.tf diff --git a/examples/iaas-cross-az-layer7-loadbalancer-waf/01-variables.tf b/examples/iaas-cross-az-layer7-loadbalancer-waf/020-variables.tf similarity index 100% rename from examples/iaas-cross-az-layer7-loadbalancer-waf/01-variables.tf rename to examples/iaas-cross-az-layer7-loadbalancer-waf/020-variables.tf diff --git a/examples/iaas-cross-az-layer7-loadbalancer-waf/02-network.tf b/examples/iaas-cross-az-layer7-loadbalancer-waf/030-network.tf similarity index 100% rename from examples/iaas-cross-az-layer7-loadbalancer-waf/02-network.tf rename to examples/iaas-cross-az-layer7-loadbalancer-waf/030-network.tf diff --git a/examples/iaas-cross-az-layer7-loadbalancer-waf/03-machine01.tf b/examples/iaas-cross-az-layer7-loadbalancer-waf/040-machine01.tf similarity index 100% rename from examples/iaas-cross-az-layer7-loadbalancer-waf/03-machine01.tf rename to examples/iaas-cross-az-layer7-loadbalancer-waf/040-machine01.tf diff --git a/examples/iaas-cross-az-layer7-loadbalancer-waf/04-machine02.tf b/examples/iaas-cross-az-layer7-loadbalancer-waf/050-machine02.tf similarity index 100% rename from examples/iaas-cross-az-layer7-loadbalancer-waf/04-machine02.tf rename to examples/iaas-cross-az-layer7-loadbalancer-waf/050-machine02.tf diff --git a/examples/iaas-cross-az-layer7-loadbalancer-waf/05-l7-loadbalancer.tf b/examples/iaas-cross-az-layer7-loadbalancer-waf/060-l7-loadbalancer.tf similarity index 100% rename from examples/iaas-cross-az-layer7-loadbalancer-waf/05-l7-loadbalancer.tf rename to examples/iaas-cross-az-layer7-loadbalancer-waf/060-l7-loadbalancer.tf diff --git a/examples/iaas-cross-az-layer7-loadbalancer-waf/06-waf.tf b/examples/iaas-cross-az-layer7-loadbalancer-waf/070-waf.tf similarity index 100% rename from examples/iaas-cross-az-layer7-loadbalancer-waf/06-waf.tf rename to examples/iaas-cross-az-layer7-loadbalancer-waf/070-waf.tf diff --git a/examples/iaas-ha-vrrp/00-provider.tf b/examples/iaas-ha-vrrp/010-provider.tf similarity index 100% rename from examples/iaas-ha-vrrp/00-provider.tf rename to examples/iaas-ha-vrrp/010-provider.tf diff --git a/examples/iaas-ha-vrrp/01-config.tf b/examples/iaas-ha-vrrp/020-config.tf similarity index 100% rename from examples/iaas-ha-vrrp/01-config.tf rename to examples/iaas-ha-vrrp/020-config.tf diff --git a/examples/iaas-ha-vrrp/02-network.tf b/examples/iaas-ha-vrrp/030-network.tf similarity index 100% rename from examples/iaas-ha-vrrp/02-network.tf rename to examples/iaas-ha-vrrp/030-network.tf diff --git a/examples/iaas-ha-vrrp/03-master.tf b/examples/iaas-ha-vrrp/040-master.tf similarity index 100% rename from examples/iaas-ha-vrrp/03-master.tf rename to examples/iaas-ha-vrrp/040-master.tf diff --git a/examples/iaas-ha-vrrp/04-backup.tf b/examples/iaas-ha-vrrp/050-backup.tf similarity index 100% rename from examples/iaas-ha-vrrp/04-backup.tf rename to examples/iaas-ha-vrrp/050-backup.tf diff --git a/examples/iaas-ha-vrrp/05-ha.tf b/examples/iaas-ha-vrrp/060-ha.tf similarity index 100% rename from examples/iaas-ha-vrrp/05-ha.tf rename to examples/iaas-ha-vrrp/060-ha.tf diff --git a/examples/iaas-ha-vrrp/06-outputs.tf b/examples/iaas-ha-vrrp/070-outputs.tf similarity index 100% rename from examples/iaas-ha-vrrp/06-outputs.tf rename to examples/iaas-ha-vrrp/070-outputs.tf diff --git a/examples/iaas-volume-encryption/00-provider.tf b/examples/iaas-volume-encryption/010-provider.tf similarity index 100% rename from examples/iaas-volume-encryption/00-provider.tf rename to examples/iaas-volume-encryption/010-provider.tf diff --git a/examples/iaas-volume-encryption/01-config.tf b/examples/iaas-volume-encryption/020-config.tf similarity index 100% rename from examples/iaas-volume-encryption/01-config.tf rename to examples/iaas-volume-encryption/020-config.tf diff --git a/examples/iaas-volume-encryption/02-service-account.tf b/examples/iaas-volume-encryption/030-service-account.tf similarity index 100% rename from examples/iaas-volume-encryption/02-service-account.tf rename to examples/iaas-volume-encryption/030-service-account.tf diff --git a/examples/iaas-volume-encryption/03-kms.tf b/examples/iaas-volume-encryption/040-kms.tf similarity index 100% rename from examples/iaas-volume-encryption/03-kms.tf rename to examples/iaas-volume-encryption/040-kms.tf diff --git a/examples/iaas-volume-encryption/04-volume.tf b/examples/iaas-volume-encryption/050-volume.tf similarity index 100% rename from examples/iaas-volume-encryption/04-volume.tf rename to examples/iaas-volume-encryption/050-volume.tf diff --git a/examples/iaas-volume-encryption/05-server.tf b/examples/iaas-volume-encryption/060-server.tf similarity index 100% rename from examples/iaas-volume-encryption/05-server.tf rename to examples/iaas-volume-encryption/060-server.tf diff --git a/examples/resourcemanager-nested-folders/00-provider.tf b/examples/resourcemanager-nested-folders/010-provider.tf similarity index 100% rename from examples/resourcemanager-nested-folders/00-provider.tf rename to examples/resourcemanager-nested-folders/010-provider.tf diff --git a/examples/resourcemanager-nested-folders/01-variables.tf b/examples/resourcemanager-nested-folders/020-variables.tf similarity index 100% rename from examples/resourcemanager-nested-folders/01-variables.tf rename to examples/resourcemanager-nested-folders/020-variables.tf diff --git a/examples/resourcemanager-nested-folders/02-folder.tf b/examples/resourcemanager-nested-folders/030-folder.tf similarity index 100% rename from examples/resourcemanager-nested-folders/02-folder.tf rename to examples/resourcemanager-nested-folders/030-folder.tf diff --git a/examples/s3-aws-terraform-provider/main.tf b/examples/s3-aws-terraform-provider/010-provider.tf similarity index 58% rename from examples/s3-aws-terraform-provider/main.tf rename to examples/s3-aws-terraform-provider/010-provider.tf index 578acd2..ddf7a0a 100644 --- a/examples/s3-aws-terraform-provider/main.tf +++ b/examples/s3-aws-terraform-provider/010-provider.tf @@ -25,53 +25,23 @@ terraform { } } -variable "project_id" { - description = "The STACKIT Project ID where the Object Storage will be created" - type = string -} - provider "stackit" { default_region = "eu01" service_account_key_path = "" } -resource "stackit_objectstorage_bucket" "example" { - project_id = var.project_id - name = "my-stackit-s3-bucket" -} - -resource "stackit_objectstorage_credentials_group" "example" { - project_id = var.project_id - name = "my-credentials-group" -} - -resource "stackit_objectstorage_credential" "example" { - project_id = var.project_id - credentials_group_id = stackit_objectstorage_credentials_group.example.credentials_group_id -} - provider "aws" { region = "eu01" access_key = stackit_objectstorage_credential.example.access_key secret_key = stackit_objectstorage_credential.example.secret_access_key - # These flags are mandatory when connecting to a custom S3-compatible backend skip_credentials_validation = true skip_region_validation = true skip_requesting_account_id = true skip_metadata_api_check = true s3_use_path_style = true - # STACKIT S3 Endpoint endpoints { s3 = "https://object.storage.eu01.onstackit.cloud" } } - -resource "aws_s3_object" "example_file" { - depends_on = [stackit_objectstorage_bucket.example] - - bucket = stackit_objectstorage_bucket.example.name - key = "hello-world.txt" - content = "Hello from STACKIT Object Storage managed via the AWS Terraform Provider!" -} diff --git a/examples/s3-aws-terraform-provider/020-variables.tf b/examples/s3-aws-terraform-provider/020-variables.tf new file mode 100644 index 0000000..6dbbac9 --- /dev/null +++ b/examples/s3-aws-terraform-provider/020-variables.tf @@ -0,0 +1,18 @@ +# Copyright 2026 Schwarz Digits Cloud GmbH & Co. KG +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +variable "project_id" { + description = "The STACKIT Project ID where the Object Storage will be created" + type = string +} diff --git a/examples/s3-aws-terraform-provider/030-object-storage.tf b/examples/s3-aws-terraform-provider/030-object-storage.tf new file mode 100644 index 0000000..b66632a --- /dev/null +++ b/examples/s3-aws-terraform-provider/030-object-storage.tf @@ -0,0 +1,28 @@ +# Copyright 2026 Schwarz Digits Cloud GmbH & Co. KG +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +resource "stackit_objectstorage_bucket" "example" { + project_id = var.project_id + name = "my-stackit-s3-bucket" +} + +resource "stackit_objectstorage_credentials_group" "example" { + project_id = var.project_id + name = "my-credentials-group" +} + +resource "stackit_objectstorage_credential" "example" { + project_id = var.project_id + credentials_group_id = stackit_objectstorage_credentials_group.example.credentials_group_id +} diff --git a/examples/s3-aws-terraform-provider/040-aws-s3-object.tf b/examples/s3-aws-terraform-provider/040-aws-s3-object.tf new file mode 100644 index 0000000..362a91e --- /dev/null +++ b/examples/s3-aws-terraform-provider/040-aws-s3-object.tf @@ -0,0 +1,21 @@ +# Copyright 2026 Schwarz Digits Cloud GmbH & Co. KG +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +resource "aws_s3_object" "example_file" { + depends_on = [stackit_objectstorage_bucket.example] + + bucket = stackit_objectstorage_bucket.example.name + key = "hello-world.txt" + content = "Hello from STACKIT Object Storage managed via the AWS Terraform Provider!" +} diff --git a/examples/secretsmanager-vault-terraform-provider/provider.tf b/examples/secretsmanager-vault-terraform-provider/010-provider.tf similarity index 100% rename from examples/secretsmanager-vault-terraform-provider/provider.tf rename to examples/secretsmanager-vault-terraform-provider/010-provider.tf diff --git a/examples/secretsmanager-vault-terraform-provider/020-secretsmanager.tf b/examples/secretsmanager-vault-terraform-provider/020-secretsmanager.tf new file mode 100644 index 0000000..313d774 --- /dev/null +++ b/examples/secretsmanager-vault-terraform-provider/020-secretsmanager.tf @@ -0,0 +1,25 @@ +# Copyright 2026 Schwarz Digits Cloud GmbH & Co. KG +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +resource "stackit_secretsmanager_instance" "example" { + project_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" + name = "example-instance" +} + +resource "stackit_secretsmanager_user" "example" { + project_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" + instance_id = stackit_secretsmanager_instance.example.instance_id + description = "Example user" + write_enabled = true +} diff --git a/examples/secretsmanager-vault-terraform-provider/030-observability.tf b/examples/secretsmanager-vault-terraform-provider/030-observability.tf new file mode 100644 index 0000000..600b13d --- /dev/null +++ b/examples/secretsmanager-vault-terraform-provider/030-observability.tf @@ -0,0 +1,19 @@ +# Copyright 2026 Schwarz Digits Cloud GmbH & Co. KG +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +resource "stackit_observability_instance" "example" { + project_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" + name = "example-instance" + plan_name = "Observability-Monitoring-Medium-EU01" +} diff --git a/examples/secretsmanager-vault-terraform-provider/main.tf b/examples/secretsmanager-vault-terraform-provider/040-vault-secret.tf similarity index 63% rename from examples/secretsmanager-vault-terraform-provider/main.tf rename to examples/secretsmanager-vault-terraform-provider/040-vault-secret.tf index bea426c..a6bc918 100644 --- a/examples/secretsmanager-vault-terraform-provider/main.tf +++ b/examples/secretsmanager-vault-terraform-provider/040-vault-secret.tf @@ -12,24 +12,6 @@ # See the License for the specific language governing permissions and # limitations under the License. -resource "stackit_secretsmanager_instance" "example" { - project_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" - name = "example-instance" -} - -resource "stackit_secretsmanager_user" "example" { - project_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" - instance_id = stackit_secretsmanager_instance.example.instance_id - description = "Example user" - write_enabled = true -} - -resource "stackit_observability_instance" "example" { - project_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" - name = "example-instance" - plan_name = "Observability-Monitoring-Medium-EU01" -} - resource "vault_kv_secret_v2" "example" { mount = stackit_secretsmanager_instance.example.instance_id name = "my-secret" diff --git a/examples/ske-encrypted-volumes/provider.tf b/examples/ske-encrypted-volumes/010-provider.tf similarity index 100% rename from examples/ske-encrypted-volumes/provider.tf rename to examples/ske-encrypted-volumes/010-provider.tf diff --git a/examples/ske-encrypted-volumes/020-ske-cluster.tf b/examples/ske-encrypted-volumes/020-ske-cluster.tf new file mode 100644 index 0000000..0e4f745 --- /dev/null +++ b/examples/ske-encrypted-volumes/020-ske-cluster.tf @@ -0,0 +1,42 @@ +# Copyright 2026 Schwarz Digits Cloud GmbH & Co. KG +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +resource "stackit_ske_cluster" "default" { + project_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" + name = "ske-enc-vol" + kubernetes_version_min = "1.33" + + node_pools = [{ + name = "standard" + machine_type = "c2i.4" + minimum = 1 + maximum = 3 + availability_zones = ["eu01-1"] + os_name = "flatcar" + volume_size = 32 + }] +} + +resource "stackit_ske_kubeconfig" "default" { + project_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" + cluster_name = stackit_ske_cluster.default.name + refresh = true +} + +data "stackit_service_accounts" "ske_internal" { + project_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" + email_suffix = "@ske.sa.stackit.cloud" + + depends_on = [stackit_ske_cluster.default] +} diff --git a/examples/ske-encrypted-volumes/030-kms.tf b/examples/ske-encrypted-volumes/030-kms.tf new file mode 100644 index 0000000..730d4a8 --- /dev/null +++ b/examples/ske-encrypted-volumes/030-kms.tf @@ -0,0 +1,27 @@ +# Copyright 2026 Schwarz Digits Cloud GmbH & Co. KG +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +resource "stackit_kms_keyring" "encryption" { + project_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" + display_name = "ske-volume-keyring" +} + +resource "stackit_kms_key" "volume_key" { + project_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" + keyring_id = stackit_kms_keyring.encryption.keyring_id + display_name = "volume-encryption-key" + protection = "software" + algorithm = "aes_256_gcm" + purpose = "symmetric_encrypt_decrypt" +} diff --git a/examples/ske-encrypted-volumes/040-authorization.tf b/examples/ske-encrypted-volumes/040-authorization.tf new file mode 100644 index 0000000..ca012df --- /dev/null +++ b/examples/ske-encrypted-volumes/040-authorization.tf @@ -0,0 +1,30 @@ +# Copyright 2026 Schwarz Digits Cloud GmbH & Co. KG +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +resource "stackit_service_account" "kms_manager" { + project_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" + name = "volume-encryptor" +} + +resource "stackit_authorization_project_role_assignment" "kms_user" { + resource_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" + role = "kms.admin" + subject = stackit_service_account.kms_manager.email +} + +resource "stackit_authorization_service_account_role_assignment" "ske_impersonation" { + resource_id = stackit_service_account.kms_manager.service_account_id + role = "user" + subject = data.stackit_service_accounts.ske_internal.items[0].email +} diff --git a/examples/ske-encrypted-volumes/050-k8s-storage.tf b/examples/ske-encrypted-volumes/050-k8s-storage.tf new file mode 100644 index 0000000..6d8340d --- /dev/null +++ b/examples/ske-encrypted-volumes/050-k8s-storage.tf @@ -0,0 +1,82 @@ +# Copyright 2026 Schwarz Digits Cloud GmbH & Co. KG +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +resource "kubernetes_storage_class_v1" "encrypted_premium" { + metadata { + name = "stackit-encrypted-premium" + } + + storage_provisioner = "block-storage.csi.stackit.cloud" + reclaim_policy = "Delete" + allow_volume_expansion = true + volume_binding_mode = "WaitForFirstConsumer" + + parameters = { + type = "storage_premium_perf6" + encrypted = "true" + kmsKeyID = stackit_kms_key.volume_key.key_id + kmsKeyringID = stackit_kms_keyring.encryption.keyring_id + kmsProjectID = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" + kmsKeyVersion = "1" + kmsServiceAccount = stackit_service_account.kms_manager.email + } + + depends_on = [ + stackit_authorization_service_account_role_assignment.ske_impersonation, + stackit_authorization_project_role_assignment.kms_user + ] +} + +resource "kubernetes_persistent_volume_claim_v1" "test_pvc" { + metadata { + name = "test-encryption-pvc" + } + + spec { + access_modes = ["ReadWriteOnce"] + + resources { + requests = { + storage = "10Gi" + } + } + + storage_class_name = kubernetes_storage_class_v1.encrypted_premium.metadata[0].name + } +} + +resource "kubernetes_pod_v1" "test_app" { + metadata { + name = "encrypted-volume-test" + } + + spec { + container { + image = "nginx:latest" + name = "web-server" + + volume_mount { + mount_path = "/usr/share/nginx/html" + name = "data-volume" + } + } + + volume { + name = "data-volume" + persistent_volume_claim { + claim_name = "test-encryption-pvc" + } + } + } +} diff --git a/examples/ske-encrypted-volumes/main.tf b/examples/ske-encrypted-volumes/main.tf deleted file mode 100644 index 55d2826..0000000 --- a/examples/ske-encrypted-volumes/main.tf +++ /dev/null @@ -1,158 +0,0 @@ -# Copyright 2026 Schwarz Digits Cloud GmbH & Co. KG -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -resource "stackit_ske_cluster" "default" { - project_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" - name = "ske-enc-vol" - kubernetes_version_min = "1.33" - - node_pools = [{ - name = "standard" - machine_type = "c2i.4" - minimum = 1 - maximum = 3 - availability_zones = ["eu01-1"] - os_name = "flatcar" - volume_size = 32 - }] -} - -resource "stackit_ske_kubeconfig" "default" { - project_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" - cluster_name = stackit_ske_cluster.default.name - refresh = true -} - -# ------------------------------------------------------------------------ -# 2. Identify the Internal SKE Service Account -# ------------------------------------------------------------------------ -data "stackit_service_accounts" "ske_internal" { - project_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" - email_suffix = "@ske.sa.stackit.cloud" - - depends_on = [stackit_ske_cluster.default] -} - -# ------------------------------------------------------------------------ -# 3. Setup KMS Infrastructure -# ------------------------------------------------------------------------ -resource "stackit_kms_keyring" "encryption" { - project_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" - display_name = "ske-volume-keyring" -} - -resource "stackit_kms_key" "volume_key" { - project_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" - keyring_id = stackit_kms_keyring.encryption.keyring_id - display_name = "volume-encryption-key" - protection = "software" - algorithm = "aes_256_gcm" - purpose = "symmetric_encrypt_decrypt" -} - -# ------------------------------------------------------------------------ -# 4. Configure Identity and Permissions (Act-As) -# ------------------------------------------------------------------------ -# Create the service account that 'owns' the KMS access -resource "stackit_service_account" "kms_manager" { - project_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" - name = "volume-encryptor" -} - -# Grant the 'kms.admin' role to the manager service-account -resource "stackit_authorization_project_role_assignment" "kms_user" { - // in this case the STACKIT project_id - resource_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" - role = "kms.admin" - subject = stackit_service_account.kms_manager.email -} - -# Authorize the internal SKE account to impersonate the kms manager service-account (Act-As) -resource "stackit_authorization_service_account_role_assignment" "ske_impersonation" { - resource_id = stackit_service_account.kms_manager.service_account_id - role = "user" - subject = data.stackit_service_accounts.ske_internal.items[0].email -} - -resource "kubernetes_storage_class_v1" "encrypted_premium" { - metadata { - name = "stackit-encrypted-premium" - } - - storage_provisioner = "block-storage.csi.stackit.cloud" - reclaim_policy = "Delete" - allow_volume_expansion = true - volume_binding_mode = "WaitForFirstConsumer" - - parameters = { - type = "storage_premium_perf6" - encrypted = "true" - kmsKeyID = stackit_kms_key.volume_key.key_id - kmsKeyringID = stackit_kms_keyring.encryption.keyring_id - kmsProjectID = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" - kmsKeyVersion = "1" - kmsServiceAccount = stackit_service_account.kms_manager.email - } - - depends_on = [ - stackit_authorization_service_account_role_assignment.ske_impersonation, - stackit_authorization_project_role_assignment.kms_user - ] -} - -resource "kubernetes_persistent_volume_claim_v1" "test_pvc" { - metadata { - name = "test-encryption-pvc" - } - - spec { - access_modes = ["ReadWriteOnce"] - - resources { - requests = { - storage = "10Gi" - } - } - - storage_class_name = kubernetes_storage_class_v1.encrypted_premium.metadata[0].name - } -} - -# ------------------------------------------------------------------------ -# 7. Create a Pod to Consume the Volume -# ------------------------------------------------------------------------ -resource "kubernetes_pod_v1" "test_app" { - metadata { - name = "encrypted-volume-test" - } - - spec { - container { - image = "nginx:latest" - name = "web-server" - - volume_mount { - mount_path = "/usr/share/nginx/html" - name = "data-volume" - } - } - - volume { - name = "data-volume" - persistent_volume_claim { - claim_name = "test-encryption-pvc" - } - } - } -} diff --git a/examples/ske-gpu-operator/010-provider.tf b/examples/ske-gpu-operator/010-provider.tf new file mode 100644 index 0000000..f6a116a --- /dev/null +++ b/examples/ske-gpu-operator/010-provider.tf @@ -0,0 +1,51 @@ +# Copyright 2026 Schwarz Digits Cloud GmbH & Co. KG +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +terraform { + required_providers { + stackit = { + source = "stackitcloud/stackit" + version = ">=0.60.0" + } + kubernetes = { + source = "hashicorp/kubernetes" + version = ">=2.14.0" + } + helm = { + source = "hashicorp/helm" + version = ">= 2.14.0" + } + } +} + +provider "stackit" { + default_region = "eu01" + service_account_key_path = var.stackit_service_account_key_path +} + +provider "kubernetes" { + host = yamldecode(stackit_ske_kubeconfig.this.kube_config).clusters.0.cluster.server + client_certificate = base64decode(yamldecode(stackit_ske_kubeconfig.this.kube_config).users.0.user.client-certificate-data) + client_key = base64decode(yamldecode(stackit_ske_kubeconfig.this.kube_config).users.0.user.client-key-data) + cluster_ca_certificate = base64decode(yamldecode(stackit_ske_kubeconfig.this.kube_config).clusters.0.cluster.certificate-authority-data) +} + +provider "helm" { + kubernetes = { + host = yamldecode(stackit_ske_kubeconfig.this.kube_config).clusters.0.cluster.server + client_certificate = base64decode(yamldecode(stackit_ske_kubeconfig.this.kube_config).users.0.user.client-certificate-data) + client_key = base64decode(yamldecode(stackit_ske_kubeconfig.this.kube_config).users.0.user.client-key-data) + cluster_ca_certificate = base64decode(yamldecode(stackit_ske_kubeconfig.this.kube_config).clusters.0.cluster.certificate-authority-data) + } +} diff --git a/examples/ske-gpu-operator/020-variables.tf b/examples/ske-gpu-operator/020-variables.tf new file mode 100644 index 0000000..8bd7786 --- /dev/null +++ b/examples/ske-gpu-operator/020-variables.tf @@ -0,0 +1,21 @@ +# Copyright 2026 Schwarz Digits Cloud GmbH & Co. KG +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +variable "project_id" { + default = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" +} + +variable "stackit_service_account_key_path" { + default = "" +} diff --git a/examples/ske-gpu-operator/main.tf b/examples/ske-gpu-operator/030-ske-cluster.tf similarity index 58% rename from examples/ske-gpu-operator/main.tf rename to examples/ske-gpu-operator/030-ske-cluster.tf index b0b8c98..9be3d98 100644 --- a/examples/ske-gpu-operator/main.tf +++ b/examples/ske-gpu-operator/030-ske-cluster.tf @@ -12,56 +12,6 @@ # See the License for the specific language governing permissions and # limitations under the License. -terraform { - required_providers { - stackit = { - source = "stackitcloud/stackit" - version = ">=0.60.0" - } - kubernetes = { - source = "hashicorp/kubernetes" - version = ">=2.14.0" - } - } -} - -variable "project_id" { - default = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" -} - -variable "stackit_service_account_key_path" { - default = "" -} - -provider "kubernetes" { - host = yamldecode(stackit_ske_kubeconfig.this.kube_config).clusters.0.cluster.server - client_certificate = base64decode(yamldecode(stackit_ske_kubeconfig.this.kube_config).users.0.user.client-certificate-data) - client_key = base64decode(yamldecode(stackit_ske_kubeconfig.this.kube_config).users.0.user.client-key-data) - cluster_ca_certificate = base64decode(yamldecode(stackit_ske_kubeconfig.this.kube_config).clusters.0.cluster.certificate-authority-data) -} - -provider "helm" { - kubernetes = { - host = yamldecode(stackit_ske_kubeconfig.this.kube_config).clusters.0.cluster.server - client_certificate = base64decode(yamldecode(stackit_ske_kubeconfig.this.kube_config).users.0.user.client-certificate-data) - client_key = base64decode(yamldecode(stackit_ske_kubeconfig.this.kube_config).users.0.user.client-key-data) - cluster_ca_certificate = base64decode(yamldecode(stackit_ske_kubeconfig.this.kube_config).clusters.0.cluster.certificate-authority-data) - } -} - -provider "stackit" { - default_region = "eu01" - service_account_key_path = var.stackit_service_account_key_path -} - -resource "stackit_ske_kubeconfig" "this" { - project_id = var.project_id - cluster_name = stackit_ske_cluster.this.name - refresh = true - - depends_on = [stackit_ske_cluster.this] -} - data "stackit_ske_kubernetes_versions" "this" { version_state = "SUPPORTED" } @@ -85,7 +35,6 @@ locals { if mi.name == "ubuntu" ] ])) - gpu_operator_helm_values = templatefile("${path.module}/gpu-operator-values.yaml.tftpl", {}) } resource "stackit_ske_cluster" "this" { @@ -138,20 +87,10 @@ resource "stackit_ske_cluster" "this" { ] } -resource "kubernetes_namespace_v1" "gpu_operator" { - metadata { - name = "gpu-operator" - } -} +resource "stackit_ske_kubeconfig" "this" { + project_id = var.project_id + cluster_name = stackit_ske_cluster.this.name + refresh = true -resource "helm_release" "gpu_operator" { - name = "gpu-operator" - namespace = kubernetes_namespace_v1.gpu_operator.metadata[0].name - repository = "https://helm.ngc.nvidia.com/nvidia" - chart = "gpu-operator" - version = "25.3.1" - - values = [ - local.gpu_operator_helm_values - ] + depends_on = [stackit_ske_cluster.this] } diff --git a/examples/ske-gpu-operator/040-gpu-operator.tf b/examples/ske-gpu-operator/040-gpu-operator.tf new file mode 100644 index 0000000..64ba57a --- /dev/null +++ b/examples/ske-gpu-operator/040-gpu-operator.tf @@ -0,0 +1,35 @@ +# Copyright 2026 Schwarz Digits Cloud GmbH & Co. KG +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +locals { + gpu_operator_helm_values = templatefile("${path.module}/gpu-operator-values.yaml.tftpl", {}) +} + +resource "kubernetes_namespace_v1" "gpu_operator" { + metadata { + name = "gpu-operator" + } +} + +resource "helm_release" "gpu_operator" { + name = "gpu-operator" + namespace = kubernetes_namespace_v1.gpu_operator.metadata[0].name + repository = "https://helm.ngc.nvidia.com/nvidia" + chart = "gpu-operator" + version = "25.3.1" + + values = [ + local.gpu_operator_helm_values + ] +} diff --git a/examples/ske-kubernetes-terraform-provider/main.tf b/examples/ske-kubernetes-terraform-provider/010-provider.tf similarity index 62% rename from examples/ske-kubernetes-terraform-provider/main.tf rename to examples/ske-kubernetes-terraform-provider/010-provider.tf index 8af061b..ba3117a 100644 --- a/examples/ske-kubernetes-terraform-provider/main.tf +++ b/examples/ske-kubernetes-terraform-provider/010-provider.tf @@ -25,52 +25,14 @@ terraform { } } -variable "project_id" { - description = "The STACKIT Project ID" - type = string -} - provider "stackit" { default_region = "eu01" service_account_key_path = "" } -resource "stackit_ske_cluster" "example" { - project_id = var.project_id - name = "example" - kubernetes_version_min = "1.33" - - node_pools = [ - { - name = "example-node-pool" - machine_type = "g2i.4" - minimum = 1 - maximum = 2 - availability_zones = ["eu01-1"] - os_version_min = "3815.2.5" - os_name = "flatcar" - volume_size = 32 - volume_type = "storage_premium_perf6" - } - ] -} - - -resource "stackit_ske_kubeconfig" "example" { - project_id = var.project_id - cluster_name = stackit_ske_cluster.example.name - expiration = 3600 -} - provider "kubernetes" { host = yamldecode(stackit_ske_kubeconfig.example.kube_config).clusters[0].cluster.server client_certificate = base64decode(yamldecode(stackit_ske_kubeconfig.example.kube_config).users[0].user["client-certificate-data"]) client_key = base64decode(yamldecode(stackit_ske_kubeconfig.example.kube_config).users[0].user["client-key-data"]) cluster_ca_certificate = base64decode(yamldecode(stackit_ske_kubeconfig.example.kube_config).clusters[0].cluster["certificate-authority-data"]) } - -resource "kubernetes_namespace" "example" { - metadata { - name = "stackit-demo-namespace" - } -} diff --git a/examples/ske-kubernetes-terraform-provider/020-variables.tf b/examples/ske-kubernetes-terraform-provider/020-variables.tf new file mode 100644 index 0000000..cd8c78a --- /dev/null +++ b/examples/ske-kubernetes-terraform-provider/020-variables.tf @@ -0,0 +1,18 @@ +# Copyright 2026 Schwarz Digits Cloud GmbH & Co. KG +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +variable "project_id" { + description = "The STACKIT Project ID" + type = string +} diff --git a/examples/ske-kubernetes-terraform-provider/030-ske-cluster.tf b/examples/ske-kubernetes-terraform-provider/030-ske-cluster.tf new file mode 100644 index 0000000..5e5c6ea --- /dev/null +++ b/examples/ske-kubernetes-terraform-provider/030-ske-cluster.tf @@ -0,0 +1,39 @@ +# Copyright 2026 Schwarz Digits Cloud GmbH & Co. KG +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +resource "stackit_ske_cluster" "example" { + project_id = var.project_id + name = "example" + kubernetes_version_min = "1.33" + + node_pools = [ + { + name = "example-node-pool" + machine_type = "g2i.4" + minimum = 1 + maximum = 2 + availability_zones = ["eu01-1"] + os_version_min = "3815.2.5" + os_name = "flatcar" + volume_size = 32 + volume_type = "storage_premium_perf6" + } + ] +} + +resource "stackit_ske_kubeconfig" "example" { + project_id = var.project_id + cluster_name = stackit_ske_cluster.example.name + expiration = 3600 +} diff --git a/examples/ske-kubernetes-terraform-provider/040-namespace.tf b/examples/ske-kubernetes-terraform-provider/040-namespace.tf new file mode 100644 index 0000000..6a24e3b --- /dev/null +++ b/examples/ske-kubernetes-terraform-provider/040-namespace.tf @@ -0,0 +1,19 @@ +# Copyright 2026 Schwarz Digits Cloud GmbH & Co. KG +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +resource "kubernetes_namespace" "example" { + metadata { + name = "stackit-demo-namespace" + } +} diff --git a/examples/ske-nginx-rate-limit/01-variables.tf b/examples/ske-nginx-rate-limit/010-variables.tf similarity index 100% rename from examples/ske-nginx-rate-limit/01-variables.tf rename to examples/ske-nginx-rate-limit/010-variables.tf diff --git a/examples/ske-nginx-rate-limit/02-provider.tf b/examples/ske-nginx-rate-limit/020-provider.tf similarity index 100% rename from examples/ske-nginx-rate-limit/02-provider.tf rename to examples/ske-nginx-rate-limit/020-provider.tf diff --git a/examples/ske-nginx-rate-limit/03-ske.tf b/examples/ske-nginx-rate-limit/030-ske.tf similarity index 100% rename from examples/ske-nginx-rate-limit/03-ske.tf rename to examples/ske-nginx-rate-limit/030-ske.tf diff --git a/examples/ske-nginx-rate-limit/04-k8s-ns.tf b/examples/ske-nginx-rate-limit/040-k8s-ns.tf similarity index 100% rename from examples/ske-nginx-rate-limit/04-k8s-ns.tf rename to examples/ske-nginx-rate-limit/040-k8s-ns.tf diff --git a/examples/ske-nginx-rate-limit/05-dns.tf b/examples/ske-nginx-rate-limit/050-dns.tf similarity index 100% rename from examples/ske-nginx-rate-limit/05-dns.tf rename to examples/ske-nginx-rate-limit/050-dns.tf diff --git a/examples/ske-nginx-rate-limit/06-public-ip.tf b/examples/ske-nginx-rate-limit/060-public-ip.tf similarity index 100% rename from examples/ske-nginx-rate-limit/06-public-ip.tf rename to examples/ske-nginx-rate-limit/060-public-ip.tf diff --git a/examples/ske-nginx-rate-limit/07-helm.tf b/examples/ske-nginx-rate-limit/070-helm.tf similarity index 100% rename from examples/ske-nginx-rate-limit/07-helm.tf rename to examples/ske-nginx-rate-limit/070-helm.tf diff --git a/examples/ske-nginx-rate-limit/08-rand-service.tf b/examples/ske-nginx-rate-limit/080-rand-service.tf similarity index 100% rename from examples/ske-nginx-rate-limit/08-rand-service.tf rename to examples/ske-nginx-rate-limit/080-rand-service.tf diff --git a/examples/ske-nginx-rate-limit/09-outputs.tf b/examples/ske-nginx-rate-limit/090-outputs.tf similarity index 100% rename from examples/ske-nginx-rate-limit/09-outputs.tf rename to examples/ske-nginx-rate-limit/090-outputs.tf diff --git a/examples/ske-observability-alerting-kube-state-metrics/provider.tf b/examples/ske-observability-alerting-kube-state-metrics/010-provider.tf similarity index 100% rename from examples/ske-observability-alerting-kube-state-metrics/provider.tf rename to examples/ske-observability-alerting-kube-state-metrics/010-provider.tf diff --git a/examples/ske-observability-alerting-kube-state-metrics/020-ske-cluster.tf b/examples/ske-observability-alerting-kube-state-metrics/020-ske-cluster.tf new file mode 100644 index 0000000..0e9d3ef --- /dev/null +++ b/examples/ske-observability-alerting-kube-state-metrics/020-ske-cluster.tf @@ -0,0 +1,45 @@ +# Copyright 2026 Schwarz Digits Cloud GmbH & Co. KG +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +resource "stackit_ske_cluster" "example" { + project_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" + name = "example" + kubernetes_version_min = "1.31" + node_pools = [ + { + name = "standard" + machine_type = "c2i.4" + minimum = "3" + maximum = "9" + max_surge = "3" + availability_zones = ["eu01-1", "eu01-2", "eu01-3"] + os_version_min = "4081.2.1" + os_name = "flatcar" + volume_size = 32 + volume_type = "storage_premium_perf6" + } + ] + maintenance = { + enable_kubernetes_version_updates = true + enable_machine_image_version_updates = true + start = "01:00:00Z" + end = "02:00:00Z" + } +} + +resource "stackit_ske_kubeconfig" "example" { + project_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" + cluster_name = stackit_ske_cluster.example.name + refresh = true +} diff --git a/examples/ske-observability-alerting-kube-state-metrics/030-observability.tf b/examples/ske-observability-alerting-kube-state-metrics/030-observability.tf new file mode 100644 index 0000000..00b8787 --- /dev/null +++ b/examples/ske-observability-alerting-kube-state-metrics/030-observability.tf @@ -0,0 +1,44 @@ +# Copyright 2026 Schwarz Digits Cloud GmbH & Co. KG +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +locals { + alert_config = { + route = { + receiver = "EmailStackit", + repeat_interval = "1m" + } + receivers = [ + { + name = "EmailStackit", + email_configs = [ + { + to = "" + } + ] + } + ] + } +} + +resource "stackit_observability_instance" "example" { + project_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" + name = "example" + plan_name = "Observability-Large-EU01" + alert_config = local.alert_config +} + +resource "stackit_observability_credential" "example" { + project_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" + instance_id = stackit_observability_instance.example.instance_id +} diff --git a/examples/ske-observability-alerting-kube-state-metrics/040-prometheus.tf b/examples/ske-observability-alerting-kube-state-metrics/040-prometheus.tf new file mode 100644 index 0000000..0f9c5aa --- /dev/null +++ b/examples/ske-observability-alerting-kube-state-metrics/040-prometheus.tf @@ -0,0 +1,46 @@ +# Copyright 2026 Schwarz Digits Cloud GmbH & Co. KG +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +resource "kubernetes_namespace" "monitoring" { + metadata { + name = "monitoring" + } +} + +resource "kubernetes_secret" "argus_prometheus_authorization" { + metadata { + name = "argus-prometheus-credentials" + namespace = kubernetes_namespace.monitoring.metadata[0].name + } + + data = { + username = stackit_observability_credential.example.username + password = stackit_observability_credential.example.password + } +} + +resource "helm_release" "prometheus_operator" { + name = "prometheus-operator" + repository = "https://prometheus-community.github.io/helm-charts" + chart = "kube-prometheus-stack" + version = "60.1.0" + namespace = kubernetes_namespace.monitoring.metadata[0].name + + values = [ + templatefile("prom-values.tftpl", { + metrics_push_url = stackit_observability_instance.example.metrics_push_url + secret_name = kubernetes_secret.argus_prometheus_authorization.metadata[0].name + }) + ] +} diff --git a/examples/ske-observability-alerting-kube-state-metrics/050-alertgroup.tf b/examples/ske-observability-alerting-kube-state-metrics/050-alertgroup.tf new file mode 100644 index 0000000..d41a4a4 --- /dev/null +++ b/examples/ske-observability-alerting-kube-state-metrics/050-alertgroup.tf @@ -0,0 +1,34 @@ +# Copyright 2026 Schwarz Digits Cloud GmbH & Co. KG +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +resource "stackit_observability_alertgroup" "example" { + project_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" + instance_id = stackit_observability_instance.example.instance_id + name = "TestAlertGroup" + interval = "2h" + rules = [ + { + alert = "SimplePodCheck" + expression = "sum(kube_pod_status_phase{phase=\"Running\", namespace=\"example\"}) > 0" + for = "60s" + labels = { + severity = "critical" + }, + annotations = { + summary = "Test Alert is working" + description = "Test Alert" + } + }, + ] +} diff --git a/examples/ske-observability-alerting-kube-state-metrics/060-example-workload.tf b/examples/ske-observability-alerting-kube-state-metrics/060-example-workload.tf new file mode 100644 index 0000000..21897a8 --- /dev/null +++ b/examples/ske-observability-alerting-kube-state-metrics/060-example-workload.tf @@ -0,0 +1,36 @@ +# Copyright 2026 Schwarz Digits Cloud GmbH & Co. KG +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +resource "kubernetes_namespace" "example" { + metadata { + name = "example" + } +} + +resource "kubernetes_pod" "example" { + metadata { + name = "nginx" + namespace = kubernetes_namespace.example.metadata[0].name + labels = { + app = "nginx" + } + } + + spec { + container { + image = "nginx:latest" + name = "nginx" + } + } +} diff --git a/examples/ske-observability-alerting-kube-state-metrics/main.tf b/examples/ske-observability-alerting-kube-state-metrics/main.tf deleted file mode 100644 index 5d38a5b..0000000 --- a/examples/ske-observability-alerting-kube-state-metrics/main.tf +++ /dev/null @@ -1,153 +0,0 @@ -# Copyright 2026 Schwarz Digits Cloud GmbH & Co. KG -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -resource "stackit_ske_cluster" "example" { - project_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" - name = "example" - kubernetes_version_min = "1.31" - node_pools = [ - { - name = "standard" - machine_type = "c2i.4" - minimum = "3" - maximum = "9" - max_surge = "3" - availability_zones = ["eu01-1", "eu01-2", "eu01-3"] - os_version_min = "4081.2.1" - os_name = "flatcar" - volume_size = 32 - volume_type = "storage_premium_perf6" - } - ] - maintenance = { - enable_kubernetes_version_updates = true - enable_machine_image_version_updates = true - start = "01:00:00Z" - end = "02:00:00Z" - } -} - -resource "stackit_ske_kubeconfig" "example" { - project_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" - cluster_name = stackit_ske_cluster.example.name - refresh = true -} - -locals { - alert_config = { - route = { - receiver = "EmailStackit", - repeat_interval = "1m" - } - receivers = [ - { - name = "EmailStackit", - email_configs = [ - { - to = "" # Replace with your actual email - } - ] - } - ] - } -} - -resource "stackit_observability_instance" "example" { - project_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" - name = "example" - plan_name = "Observability-Large-EU01" - alert_config = local.alert_config -} - -resource "stackit_observability_credential" "example" { - project_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" - instance_id = stackit_observability_instance.example.instance_id -} - -resource "kubernetes_namespace" "monitoring" { - metadata { - name = "monitoring" - } -} - -resource "kubernetes_secret" "argus_prometheus_authorization" { - metadata { - name = "argus-prometheus-credentials" - namespace = kubernetes_namespace.monitoring.metadata[0].name - } - - data = { - username = stackit_observability_credential.example.username - password = stackit_observability_credential.example.password - } -} - -resource "helm_release" "prometheus_operator" { - name = "prometheus-operator" - repository = "https://prometheus-community.github.io/helm-charts" - chart = "kube-prometheus-stack" - version = "60.1.0" - namespace = kubernetes_namespace.monitoring.metadata[0].name - - values = [ - templatefile("prom-values.tftpl", { - metrics_push_url = stackit_observability_instance.example.metrics_push_url - secret_name = kubernetes_secret.argus_prometheus_authorization.metadata[0].name - }) - ] -} - -resource "stackit_observability_alertgroup" "example" { - project_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" - instance_id = stackit_observability_instance.example.instance_id - name = "TestAlertGroup" - interval = "2h" - rules = [ - { - alert = "SimplePodCheck" - expression = "sum(kube_pod_status_phase{phase=\"Running\", namespace=\"example\"}) > 0" - for = "60s" - labels = { - severity = "critical" - }, - annotations = { - summary = "Test Alert is working" - description = "Test Alert" - } - }, - ] -} - -resource "kubernetes_namespace" "example" { - metadata { - name = "example" - } -} - -resource "kubernetes_pod" "example" { - metadata { - name = "nginx" - namespace = kubernetes_namespace.example.metadata[0].name - labels = { - app = "nginx" - } - } - - spec { - container { - image = "nginx:latest" - name = "nginx" - } - } -} diff --git a/examples/ske-observability-log-alerts/provider.tf b/examples/ske-observability-log-alerts/010-provider.tf similarity index 100% rename from examples/ske-observability-log-alerts/provider.tf rename to examples/ske-observability-log-alerts/010-provider.tf diff --git a/examples/ske-observability-log-alerts/020-ske-cluster.tf b/examples/ske-observability-log-alerts/020-ske-cluster.tf new file mode 100644 index 0000000..0e9d3ef --- /dev/null +++ b/examples/ske-observability-log-alerts/020-ske-cluster.tf @@ -0,0 +1,45 @@ +# Copyright 2026 Schwarz Digits Cloud GmbH & Co. KG +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +resource "stackit_ske_cluster" "example" { + project_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" + name = "example" + kubernetes_version_min = "1.31" + node_pools = [ + { + name = "standard" + machine_type = "c2i.4" + minimum = "3" + maximum = "9" + max_surge = "3" + availability_zones = ["eu01-1", "eu01-2", "eu01-3"] + os_version_min = "4081.2.1" + os_name = "flatcar" + volume_size = 32 + volume_type = "storage_premium_perf6" + } + ] + maintenance = { + enable_kubernetes_version_updates = true + enable_machine_image_version_updates = true + start = "01:00:00Z" + end = "02:00:00Z" + } +} + +resource "stackit_ske_kubeconfig" "example" { + project_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" + cluster_name = stackit_ske_cluster.example.name + refresh = true +} diff --git a/examples/ske-observability-log-alerts/030-observability.tf b/examples/ske-observability-log-alerts/030-observability.tf new file mode 100644 index 0000000..00b8787 --- /dev/null +++ b/examples/ske-observability-log-alerts/030-observability.tf @@ -0,0 +1,44 @@ +# Copyright 2026 Schwarz Digits Cloud GmbH & Co. KG +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +locals { + alert_config = { + route = { + receiver = "EmailStackit", + repeat_interval = "1m" + } + receivers = [ + { + name = "EmailStackit", + email_configs = [ + { + to = "" + } + ] + } + ] + } +} + +resource "stackit_observability_instance" "example" { + project_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" + name = "example" + plan_name = "Observability-Large-EU01" + alert_config = local.alert_config +} + +resource "stackit_observability_credential" "example" { + project_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" + instance_id = stackit_observability_instance.example.instance_id +} diff --git a/examples/ske-observability-log-alerts/040-promtail.tf b/examples/ske-observability-log-alerts/040-promtail.tf new file mode 100644 index 0000000..0d1650a --- /dev/null +++ b/examples/ske-observability-log-alerts/040-promtail.tf @@ -0,0 +1,35 @@ +# Copyright 2026 Schwarz Digits Cloud GmbH & Co. KG +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +resource "kubernetes_namespace" "monitoring" { + metadata { + name = "monitoring" + } +} + +resource "helm_release" "promtail" { + name = "promtail" + repository = "https://grafana.github.io/helm-charts" + chart = "promtail" + namespace = kubernetes_namespace.monitoring.metadata.0.name + version = "6.16.4" + + values = [ + <<-EOF + config: + clients: + - url: "https://${stackit_observability_credential.example.username}:${stackit_observability_credential.example.password}@/instances/${stackit_observability_instance.example.instance_id}/loki/api/v1/push" + EOF + ] +} diff --git a/examples/ske-observability-log-alerts/050-log-alertgroup.tf b/examples/ske-observability-log-alerts/050-log-alertgroup.tf new file mode 100644 index 0000000..92eb76b --- /dev/null +++ b/examples/ske-observability-log-alerts/050-log-alertgroup.tf @@ -0,0 +1,34 @@ +# Copyright 2026 Schwarz Digits Cloud GmbH & Co. KG +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +resource "stackit_observability_logalertgroup" "example" { + project_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" + instance_id = stackit_observability_instance.example.instance_id + name = "TestLogAlertGroup" + interval = "1m" + rules = [ + { + alert = "SimplePodLogAlertCheck" + expression = "sum(rate({namespace=\"example\", pod=\"logger\"} |= \"Simulated error message\" [1m])) > 0" + for = "60s" + labels = { + severity = "critical" + }, + annotations = { + summary : "Test Log Alert is working" + description : "Test Log Alert" + }, + }, + ] +} diff --git a/examples/ske-observability-log-alerts/060-example-workload.tf b/examples/ske-observability-log-alerts/060-example-workload.tf new file mode 100644 index 0000000..5dc2c71 --- /dev/null +++ b/examples/ske-observability-log-alerts/060-example-workload.tf @@ -0,0 +1,46 @@ +# Copyright 2026 Schwarz Digits Cloud GmbH & Co. KG +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +resource "kubernetes_namespace" "example" { + metadata { + name = "example" + } +} + +resource "kubernetes_pod" "logger" { + metadata { + name = "logger" + namespace = kubernetes_namespace.example.metadata[0].name + labels = { + app = "logger" + } + } + + spec { + container { + name = "logger" + image = "bash" + command = [ + "bash", + "-c", + <&2 + done + EOF + ] + } + } +} diff --git a/examples/ske-observability-log-alerts/main.tf b/examples/ske-observability-log-alerts/main.tf deleted file mode 100644 index f1761fc..0000000 --- a/examples/ske-observability-log-alerts/main.tf +++ /dev/null @@ -1,153 +0,0 @@ -# Copyright 2026 Schwarz Digits Cloud GmbH & Co. KG -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -resource "stackit_ske_cluster" "example" { - project_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" - name = "example" - kubernetes_version_min = "1.31" - node_pools = [ - { - name = "standard" - machine_type = "c2i.4" - minimum = "3" - maximum = "9" - max_surge = "3" - availability_zones = ["eu01-1", "eu01-2", "eu01-3"] - os_version_min = "4081.2.1" - os_name = "flatcar" - volume_size = 32 - volume_type = "storage_premium_perf6" - } - ] - maintenance = { - enable_kubernetes_version_updates = true - enable_machine_image_version_updates = true - start = "01:00:00Z" - end = "02:00:00Z" - } -} - -resource "stackit_ske_kubeconfig" "example" { - project_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" - cluster_name = stackit_ske_cluster.example.name - refresh = true -} - -locals { - alert_config = { - route = { - receiver = "EmailStackit", - repeat_interval = "1m" - } - receivers = [ - { - name = "EmailStackit", - email_configs = [ - { - to = "" # Replace with your actual email - } - ] - } - ] - } -} - -resource "stackit_observability_instance" "example" { - project_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" - name = "example" - plan_name = "Observability-Large-EU01" - alert_config = local.alert_config -} - -resource "stackit_observability_credential" "example" { - project_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" - instance_id = stackit_observability_instance.example.instance_id -} - -resource "kubernetes_namespace" "monitoring" { - metadata { - name = "monitoring" - } -} - -resource "helm_release" "promtail" { - name = "promtail" - repository = "https://grafana.github.io/helm-charts" - chart = "promtail" - namespace = kubernetes_namespace.monitoring.metadata.0.name - version = "6.16.4" - - values = [ - <<-EOF - config: - clients: - # To find the Loki push URL, navigate to the observability instance in the portal and select the API tab. - - url: "https://${stackit_observability_credential.example.username}:${stackit_observability_credential.example.password}@/instances/${stackit_observability_instance.example.instance_id}/loki/api/v1/push" - EOF - ] -} - -resource "stackit_observability_logalertgroup" "example" { - project_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" - instance_id = stackit_observability_instance.example.instance_id - name = "TestLogAlertGroup" - interval = "1m" - rules = [ - { - alert = "SimplePodLogAlertCheck" - expression = "sum(rate({namespace=\"example\", pod=\"logger\"} |= \"Simulated error message\" [1m])) > 0" - for = "60s" - labels = { - severity = "critical" - }, - annotations = { - summary : "Test Log Alert is working" - description : "Test Log Alert" - }, - }, - ] -} - -resource "kubernetes_namespace" "example" { - metadata { - name = "example" - } -} - -resource "kubernetes_pod" "logger" { - metadata { - name = "logger" - namespace = kubernetes_namespace.example.metadata[0].name - labels = { - app = "logger" - } - } - - spec { - container { - name = "logger" - image = "bash" - command = [ - "bash", - "-c", - <&2 - done - EOF - ] - } - } -} diff --git a/examples/ske-stackit-sfs-integration/00-provider.tf b/examples/ske-stackit-sfs-integration/010-provider.tf similarity index 100% rename from examples/ske-stackit-sfs-integration/00-provider.tf rename to examples/ske-stackit-sfs-integration/010-provider.tf diff --git a/examples/ske-stackit-sfs-integration/01-config.tf b/examples/ske-stackit-sfs-integration/020-config.tf similarity index 100% rename from examples/ske-stackit-sfs-integration/01-config.tf rename to examples/ske-stackit-sfs-integration/020-config.tf diff --git a/examples/ske-stackit-sfs-integration/03-network.tf b/examples/ske-stackit-sfs-integration/040-network.tf similarity index 100% rename from examples/ske-stackit-sfs-integration/03-network.tf rename to examples/ske-stackit-sfs-integration/040-network.tf diff --git a/examples/ske-stackit-sfs-integration/04-project.tf b/examples/ske-stackit-sfs-integration/050-project.tf similarity index 100% rename from examples/ske-stackit-sfs-integration/04-project.tf rename to examples/ske-stackit-sfs-integration/050-project.tf diff --git a/examples/ske-stackit-sfs-integration/05-sfs.tf b/examples/ske-stackit-sfs-integration/060-sfs.tf similarity index 100% rename from examples/ske-stackit-sfs-integration/05-sfs.tf rename to examples/ske-stackit-sfs-integration/060-sfs.tf diff --git a/examples/ske-stackit-sfs-integration/06.ske.tf b/examples/ske-stackit-sfs-integration/070-ske.tf similarity index 100% rename from examples/ske-stackit-sfs-integration/06.ske.tf rename to examples/ske-stackit-sfs-integration/070-ske.tf diff --git a/examples/vpn-usecases/module/stackit-sna-with-debug-machine/README.md b/examples/vpn-usecases/modules/stackit-sna-with-debug-machine/README.md similarity index 100% rename from examples/vpn-usecases/module/stackit-sna-with-debug-machine/README.md rename to examples/vpn-usecases/modules/stackit-sna-with-debug-machine/README.md diff --git a/examples/vpn-usecases/module/stackit-sna-with-debug-machine/debug-user.yml b/examples/vpn-usecases/modules/stackit-sna-with-debug-machine/debug-user.yml similarity index 100% rename from examples/vpn-usecases/module/stackit-sna-with-debug-machine/debug-user.yml rename to examples/vpn-usecases/modules/stackit-sna-with-debug-machine/debug-user.yml diff --git a/examples/vpn-usecases/module/stackit-sna-with-debug-machine/main.tf b/examples/vpn-usecases/modules/stackit-sna-with-debug-machine/main.tf similarity index 100% rename from examples/vpn-usecases/module/stackit-sna-with-debug-machine/main.tf rename to examples/vpn-usecases/modules/stackit-sna-with-debug-machine/main.tf diff --git a/examples/vpn-usecases/module/stackit-sna-with-debug-machine/outputs.tf b/examples/vpn-usecases/modules/stackit-sna-with-debug-machine/outputs.tf similarity index 100% rename from examples/vpn-usecases/module/stackit-sna-with-debug-machine/outputs.tf rename to examples/vpn-usecases/modules/stackit-sna-with-debug-machine/outputs.tf diff --git a/examples/vpn-usecases/module/stackit-sna-with-debug-machine/provider.tf b/examples/vpn-usecases/modules/stackit-sna-with-debug-machine/provider.tf similarity index 100% rename from examples/vpn-usecases/module/stackit-sna-with-debug-machine/provider.tf rename to examples/vpn-usecases/modules/stackit-sna-with-debug-machine/provider.tf diff --git a/examples/vpn-usecases/module/stackit-sna-with-debug-machine/variables.tf b/examples/vpn-usecases/modules/stackit-sna-with-debug-machine/variables.tf similarity index 100% rename from examples/vpn-usecases/module/stackit-sna-with-debug-machine/variables.tf rename to examples/vpn-usecases/modules/stackit-sna-with-debug-machine/variables.tf diff --git a/scripts/check-terraform-numbered-files.sh b/scripts/check-terraform-numbered-files.sh new file mode 100755 index 0000000..acdd4eb --- /dev/null +++ b/scripts/check-terraform-numbered-files.sh @@ -0,0 +1,27 @@ +#!/usr/bin/env bash +# Copyright 2026 Schwarz Digits Cloud GmbH & Co. KG +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +fail=0 +for f; do + case "$f" in + modules/*|*/modules/*) continue ;; + esac + b="$(basename "$f")" + if ! echo "$b" | grep -qE '^[0-9]{3}-'; then + echo "ERROR: ${b} does not follow the 3-digit naming convention (e.g., 010-provider.tf, 020-variables.tf, 100-outputs.tf)" + fail=1 + fi +done +exit "$fail"