examples: fmt examples #35

Merged
mauritz.uphoff merged 1 commit from examples/fmt-examples into main 2026-06-23 11:19:41 +00:00
124 changed files with 927 additions and 619 deletions

View file

@ -60,11 +60,19 @@ repos:
- repo: local
hooks:
# Requires `addlicense` to be installed locally (go install github.com/google/addlicense@latest)
- id: addlicense
name: Add License Headers
description: Ensures all files have the Apache 2.0 license header
# Requires `addlicense` to be installed locally (go install github.com/google/addlicense@latest)
entry: addlicense -c "Schwarz Digits Cloud GmbH & Co. KG" -l apache
language: system
types_or: [terraform, python, go, javascript, yaml, json]
pass_filenames: true
- id: terraform-numbered-files
name: Terraform Files Must Have Number Prefix
description: Ensures all committed .tf files start with a number (e.g., 01-, 010-, 100-)
entry: scripts/check-terraform-numbered-files.sh
language: script
types: [terraform]
pass_filenames: true

View file

@ -58,6 +58,7 @@ To maintain a clean and secure codebase, we enforce a strict CI pipeline on all
// limitations under the License.
```
- **Terraform file naming:** All `.tf` files in examples **must** be prefixed with exactly 3 digits to enforce consistent ordering (e.g., `010-provider.tf`, `020-variables.tf`, `030-resources.tf`, `100-outputs.tf`). Files inside `modules/` directories are exempt from this rule. This check is enforced automatically by pre-commit.
- **Scan for Secrets:** Never commit credentials. We use `trufflehog` in the CI pipeline. Ensure you have no hardcoded tokens or passwords in your code.
### Repository structure
@ -78,8 +79,7 @@ If you built a great module for a customer project and want to share it, follow
- `variables.tf` (Inputs with clear descriptions and types)
- `outputs.tf` (Values to return to the caller)
- `README.md` (Documentation on what the module does and its inputs/outputs. We recommend using `terraform-docs` to generate this automatically).
3. **Provide an example:** A module is only as good as its documentation. Create a working example in the `examples/` folder showing how to instantiate your module.
4. **Test it locally:** Run `terraform init`, `terraform plan`, and ideally `terraform apply` in a sandbox environment to ensure your code works before opening a PR.
3. **Test it locally:** Run `terraform init`, `terraform plan`, and ideally `terraform apply` in a sandbox environment to ensure your code works before opening a PR.
### Adding a new Script

View file

@ -25,53 +25,23 @@ terraform {
}
}
variable "project_id" {
description = "The STACKIT Project ID where the Object Storage will be created"
type = string
}
provider "stackit" {
default_region = "eu01"
service_account_key_path = ""
}
resource "stackit_objectstorage_bucket" "example" {
project_id = var.project_id
name = "my-stackit-s3-bucket"
}
resource "stackit_objectstorage_credentials_group" "example" {
project_id = var.project_id
name = "my-credentials-group"
}
resource "stackit_objectstorage_credential" "example" {
project_id = var.project_id
credentials_group_id = stackit_objectstorage_credentials_group.example.credentials_group_id
}
provider "aws" {
region = "eu01"
access_key = stackit_objectstorage_credential.example.access_key
secret_key = stackit_objectstorage_credential.example.secret_access_key
# These flags are mandatory when connecting to a custom S3-compatible backend
skip_credentials_validation = true
skip_region_validation = true
skip_requesting_account_id = true
skip_metadata_api_check = true
s3_use_path_style = true
# STACKIT S3 Endpoint
endpoints {
s3 = "https://object.storage.eu01.onstackit.cloud"
}
}
resource "aws_s3_object" "example_file" {
depends_on = [stackit_objectstorage_bucket.example]
bucket = stackit_objectstorage_bucket.example.name
key = "hello-world.txt"
content = "Hello from STACKIT Object Storage managed via the AWS Terraform Provider!"
}

View file

@ -0,0 +1,18 @@
# Copyright 2026 Schwarz Digits Cloud GmbH & Co. KG
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
variable "project_id" {
description = "The STACKIT Project ID where the Object Storage will be created"
type = string
}

View file

@ -0,0 +1,28 @@
# Copyright 2026 Schwarz Digits Cloud GmbH & Co. KG
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
resource "stackit_objectstorage_bucket" "example" {
project_id = var.project_id
name = "my-stackit-s3-bucket"
}
resource "stackit_objectstorage_credentials_group" "example" {
project_id = var.project_id
name = "my-credentials-group"
}
resource "stackit_objectstorage_credential" "example" {
project_id = var.project_id
credentials_group_id = stackit_objectstorage_credentials_group.example.credentials_group_id
}

View file

@ -0,0 +1,21 @@
# Copyright 2026 Schwarz Digits Cloud GmbH & Co. KG
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
resource "aws_s3_object" "example_file" {
depends_on = [stackit_objectstorage_bucket.example]
bucket = stackit_objectstorage_bucket.example.name
key = "hello-world.txt"
content = "Hello from STACKIT Object Storage managed via the AWS Terraform Provider!"
}

View file

@ -0,0 +1,25 @@
# Copyright 2026 Schwarz Digits Cloud GmbH & Co. KG
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
resource "stackit_secretsmanager_instance" "example" {
project_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
name = "example-instance"
}
resource "stackit_secretsmanager_user" "example" {
project_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
instance_id = stackit_secretsmanager_instance.example.instance_id
description = "Example user"
write_enabled = true
}

View file

@ -0,0 +1,19 @@
# Copyright 2026 Schwarz Digits Cloud GmbH & Co. KG
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
resource "stackit_observability_instance" "example" {
project_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
name = "example-instance"
plan_name = "Observability-Monitoring-Medium-EU01"
}

View file

@ -12,24 +12,6 @@
# See the License for the specific language governing permissions and
# limitations under the License.
resource "stackit_secretsmanager_instance" "example" {
project_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
name = "example-instance"
}
resource "stackit_secretsmanager_user" "example" {
project_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
instance_id = stackit_secretsmanager_instance.example.instance_id
description = "Example user"
write_enabled = true
}
resource "stackit_observability_instance" "example" {
project_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
name = "example-instance"
plan_name = "Observability-Monitoring-Medium-EU01"
}
resource "vault_kv_secret_v2" "example" {
mount = stackit_secretsmanager_instance.example.instance_id
name = "my-secret"

View file

@ -0,0 +1,42 @@
# Copyright 2026 Schwarz Digits Cloud GmbH & Co. KG
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
resource "stackit_ske_cluster" "default" {
project_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
name = "ske-enc-vol"
kubernetes_version_min = "1.33"
node_pools = [{
name = "standard"
machine_type = "c2i.4"
minimum = 1
maximum = 3
availability_zones = ["eu01-1"]
os_name = "flatcar"
volume_size = 32
}]
}
resource "stackit_ske_kubeconfig" "default" {
project_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
cluster_name = stackit_ske_cluster.default.name
refresh = true
}
data "stackit_service_accounts" "ske_internal" {
project_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
email_suffix = "@ske.sa.stackit.cloud"
depends_on = [stackit_ske_cluster.default]
}

View file

@ -0,0 +1,27 @@
# Copyright 2026 Schwarz Digits Cloud GmbH & Co. KG
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
resource "stackit_kms_keyring" "encryption" {
project_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
display_name = "ske-volume-keyring"
}
resource "stackit_kms_key" "volume_key" {
project_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
keyring_id = stackit_kms_keyring.encryption.keyring_id
display_name = "volume-encryption-key"
protection = "software"
algorithm = "aes_256_gcm"
purpose = "symmetric_encrypt_decrypt"
}

View file

@ -0,0 +1,30 @@
# Copyright 2026 Schwarz Digits Cloud GmbH & Co. KG
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
resource "stackit_service_account" "kms_manager" {
project_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
name = "volume-encryptor"
}
resource "stackit_authorization_project_role_assignment" "kms_user" {
resource_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
role = "kms.admin"
subject = stackit_service_account.kms_manager.email
}
resource "stackit_authorization_service_account_role_assignment" "ske_impersonation" {
resource_id = stackit_service_account.kms_manager.service_account_id
role = "user"
subject = data.stackit_service_accounts.ske_internal.items[0].email
}

View file

@ -0,0 +1,82 @@
# Copyright 2026 Schwarz Digits Cloud GmbH & Co. KG
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
resource "kubernetes_storage_class_v1" "encrypted_premium" {
metadata {
name = "stackit-encrypted-premium"
}
storage_provisioner = "block-storage.csi.stackit.cloud"
reclaim_policy = "Delete"
allow_volume_expansion = true
volume_binding_mode = "WaitForFirstConsumer"
parameters = {
type = "storage_premium_perf6"
encrypted = "true"
kmsKeyID = stackit_kms_key.volume_key.key_id
kmsKeyringID = stackit_kms_keyring.encryption.keyring_id
kmsProjectID = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
kmsKeyVersion = "1"
kmsServiceAccount = stackit_service_account.kms_manager.email
}
depends_on = [
stackit_authorization_service_account_role_assignment.ske_impersonation,
stackit_authorization_project_role_assignment.kms_user
]
}
resource "kubernetes_persistent_volume_claim_v1" "test_pvc" {
metadata {
name = "test-encryption-pvc"
}
spec {
access_modes = ["ReadWriteOnce"]
resources {
requests = {
storage = "10Gi"
}
}
storage_class_name = kubernetes_storage_class_v1.encrypted_premium.metadata[0].name
}
}
resource "kubernetes_pod_v1" "test_app" {
metadata {
name = "encrypted-volume-test"
}
spec {
container {
image = "nginx:latest"
name = "web-server"
volume_mount {
mount_path = "/usr/share/nginx/html"
name = "data-volume"
}
}
volume {
name = "data-volume"
persistent_volume_claim {
claim_name = "test-encryption-pvc"
}
}
}
}

View file

@ -1,158 +0,0 @@
# Copyright 2026 Schwarz Digits Cloud GmbH & Co. KG
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
resource "stackit_ske_cluster" "default" {
project_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
name = "ske-enc-vol"
kubernetes_version_min = "1.33"
node_pools = [{
name = "standard"
machine_type = "c2i.4"
minimum = 1
maximum = 3
availability_zones = ["eu01-1"]
os_name = "flatcar"
volume_size = 32
}]
}
resource "stackit_ske_kubeconfig" "default" {
project_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
cluster_name = stackit_ske_cluster.default.name
refresh = true
}
# ------------------------------------------------------------------------
# 2. Identify the Internal SKE Service Account
# ------------------------------------------------------------------------
data "stackit_service_accounts" "ske_internal" {
project_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
email_suffix = "@ske.sa.stackit.cloud"
depends_on = [stackit_ske_cluster.default]
}
# ------------------------------------------------------------------------
# 3. Setup KMS Infrastructure
# ------------------------------------------------------------------------
resource "stackit_kms_keyring" "encryption" {
project_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
display_name = "ske-volume-keyring"
}
resource "stackit_kms_key" "volume_key" {
project_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
keyring_id = stackit_kms_keyring.encryption.keyring_id
display_name = "volume-encryption-key"
protection = "software"
algorithm = "aes_256_gcm"
purpose = "symmetric_encrypt_decrypt"
}
# ------------------------------------------------------------------------
# 4. Configure Identity and Permissions (Act-As)
# ------------------------------------------------------------------------
# Create the service account that 'owns' the KMS access
resource "stackit_service_account" "kms_manager" {
project_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
name = "volume-encryptor"
}
# Grant the 'kms.admin' role to the manager service-account
resource "stackit_authorization_project_role_assignment" "kms_user" {
// in this case the STACKIT project_id
resource_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
role = "kms.admin"
subject = stackit_service_account.kms_manager.email
}
# Authorize the internal SKE account to impersonate the kms manager service-account (Act-As)
resource "stackit_authorization_service_account_role_assignment" "ske_impersonation" {
resource_id = stackit_service_account.kms_manager.service_account_id
role = "user"
subject = data.stackit_service_accounts.ske_internal.items[0].email
}
resource "kubernetes_storage_class_v1" "encrypted_premium" {
metadata {
name = "stackit-encrypted-premium"
}
storage_provisioner = "block-storage.csi.stackit.cloud"
reclaim_policy = "Delete"
allow_volume_expansion = true
volume_binding_mode = "WaitForFirstConsumer"
parameters = {
type = "storage_premium_perf6"
encrypted = "true"
kmsKeyID = stackit_kms_key.volume_key.key_id
kmsKeyringID = stackit_kms_keyring.encryption.keyring_id
kmsProjectID = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
kmsKeyVersion = "1"
kmsServiceAccount = stackit_service_account.kms_manager.email
}
depends_on = [
stackit_authorization_service_account_role_assignment.ske_impersonation,
stackit_authorization_project_role_assignment.kms_user
]
}
resource "kubernetes_persistent_volume_claim_v1" "test_pvc" {
metadata {
name = "test-encryption-pvc"
}
spec {
access_modes = ["ReadWriteOnce"]
resources {
requests = {
storage = "10Gi"
}
}
storage_class_name = kubernetes_storage_class_v1.encrypted_premium.metadata[0].name
}
}
# ------------------------------------------------------------------------
# 7. Create a Pod to Consume the Volume
# ------------------------------------------------------------------------
resource "kubernetes_pod_v1" "test_app" {
metadata {
name = "encrypted-volume-test"
}
spec {
container {
image = "nginx:latest"
name = "web-server"
volume_mount {
mount_path = "/usr/share/nginx/html"
name = "data-volume"
}
}
volume {
name = "data-volume"
persistent_volume_claim {
claim_name = "test-encryption-pvc"
}
}
}
}

View file

@ -0,0 +1,51 @@
# Copyright 2026 Schwarz Digits Cloud GmbH & Co. KG
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
terraform {
required_providers {
stackit = {
source = "stackitcloud/stackit"
version = ">=0.60.0"
}
kubernetes = {
source = "hashicorp/kubernetes"
version = ">=2.14.0"
}
helm = {
source = "hashicorp/helm"
version = ">= 2.14.0"
}
}
}
provider "stackit" {
default_region = "eu01"
service_account_key_path = var.stackit_service_account_key_path
}
provider "kubernetes" {
host = yamldecode(stackit_ske_kubeconfig.this.kube_config).clusters.0.cluster.server
client_certificate = base64decode(yamldecode(stackit_ske_kubeconfig.this.kube_config).users.0.user.client-certificate-data)
client_key = base64decode(yamldecode(stackit_ske_kubeconfig.this.kube_config).users.0.user.client-key-data)
cluster_ca_certificate = base64decode(yamldecode(stackit_ske_kubeconfig.this.kube_config).clusters.0.cluster.certificate-authority-data)
}
provider "helm" {
kubernetes = {
host = yamldecode(stackit_ske_kubeconfig.this.kube_config).clusters.0.cluster.server
client_certificate = base64decode(yamldecode(stackit_ske_kubeconfig.this.kube_config).users.0.user.client-certificate-data)
client_key = base64decode(yamldecode(stackit_ske_kubeconfig.this.kube_config).users.0.user.client-key-data)
cluster_ca_certificate = base64decode(yamldecode(stackit_ske_kubeconfig.this.kube_config).clusters.0.cluster.certificate-authority-data)
}
}

View file

@ -0,0 +1,21 @@
# Copyright 2026 Schwarz Digits Cloud GmbH & Co. KG
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
variable "project_id" {
default = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
}
variable "stackit_service_account_key_path" {
default = ""
}

View file

@ -12,56 +12,6 @@
# See the License for the specific language governing permissions and
# limitations under the License.
terraform {
required_providers {
stackit = {
source = "stackitcloud/stackit"
version = ">=0.60.0"
}
kubernetes = {
source = "hashicorp/kubernetes"
version = ">=2.14.0"
}
}
}
variable "project_id" {
default = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
}
variable "stackit_service_account_key_path" {
default = ""
}
provider "kubernetes" {
host = yamldecode(stackit_ske_kubeconfig.this.kube_config).clusters.0.cluster.server
client_certificate = base64decode(yamldecode(stackit_ske_kubeconfig.this.kube_config).users.0.user.client-certificate-data)
client_key = base64decode(yamldecode(stackit_ske_kubeconfig.this.kube_config).users.0.user.client-key-data)
cluster_ca_certificate = base64decode(yamldecode(stackit_ske_kubeconfig.this.kube_config).clusters.0.cluster.certificate-authority-data)
}
provider "helm" {
kubernetes = {
host = yamldecode(stackit_ske_kubeconfig.this.kube_config).clusters.0.cluster.server
client_certificate = base64decode(yamldecode(stackit_ske_kubeconfig.this.kube_config).users.0.user.client-certificate-data)
client_key = base64decode(yamldecode(stackit_ske_kubeconfig.this.kube_config).users.0.user.client-key-data)
cluster_ca_certificate = base64decode(yamldecode(stackit_ske_kubeconfig.this.kube_config).clusters.0.cluster.certificate-authority-data)
}
}
provider "stackit" {
default_region = "eu01"
service_account_key_path = var.stackit_service_account_key_path
}
resource "stackit_ske_kubeconfig" "this" {
project_id = var.project_id
cluster_name = stackit_ske_cluster.this.name
refresh = true
depends_on = [stackit_ske_cluster.this]
}
data "stackit_ske_kubernetes_versions" "this" {
version_state = "SUPPORTED"
}
@ -85,7 +35,6 @@ locals {
if mi.name == "ubuntu"
]
]))
gpu_operator_helm_values = templatefile("${path.module}/gpu-operator-values.yaml.tftpl", {})
}
resource "stackit_ske_cluster" "this" {
@ -138,20 +87,10 @@ resource "stackit_ske_cluster" "this" {
]
}
resource "kubernetes_namespace_v1" "gpu_operator" {
metadata {
name = "gpu-operator"
}
}
resource "stackit_ske_kubeconfig" "this" {
project_id = var.project_id
cluster_name = stackit_ske_cluster.this.name
refresh = true
resource "helm_release" "gpu_operator" {
name = "gpu-operator"
namespace = kubernetes_namespace_v1.gpu_operator.metadata[0].name
repository = "https://helm.ngc.nvidia.com/nvidia"
chart = "gpu-operator"
version = "25.3.1"
values = [
local.gpu_operator_helm_values
]
depends_on = [stackit_ske_cluster.this]
}

View file

@ -0,0 +1,35 @@
# Copyright 2026 Schwarz Digits Cloud GmbH & Co. KG
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
locals {
gpu_operator_helm_values = templatefile("${path.module}/gpu-operator-values.yaml.tftpl", {})
}
resource "kubernetes_namespace_v1" "gpu_operator" {
metadata {
name = "gpu-operator"
}
}
resource "helm_release" "gpu_operator" {
name = "gpu-operator"
namespace = kubernetes_namespace_v1.gpu_operator.metadata[0].name
repository = "https://helm.ngc.nvidia.com/nvidia"
chart = "gpu-operator"
version = "25.3.1"
values = [
local.gpu_operator_helm_values
]
}

View file

@ -25,52 +25,14 @@ terraform {
}
}
variable "project_id" {
description = "The STACKIT Project ID"
type = string
}
provider "stackit" {
default_region = "eu01"
service_account_key_path = ""
}
resource "stackit_ske_cluster" "example" {
project_id = var.project_id
name = "example"
kubernetes_version_min = "1.33"
node_pools = [
{
name = "example-node-pool"
machine_type = "g2i.4"
minimum = 1
maximum = 2
availability_zones = ["eu01-1"]
os_version_min = "3815.2.5"
os_name = "flatcar"
volume_size = 32
volume_type = "storage_premium_perf6"
}
]
}
resource "stackit_ske_kubeconfig" "example" {
project_id = var.project_id
cluster_name = stackit_ske_cluster.example.name
expiration = 3600
}
provider "kubernetes" {
host = yamldecode(stackit_ske_kubeconfig.example.kube_config).clusters[0].cluster.server
client_certificate = base64decode(yamldecode(stackit_ske_kubeconfig.example.kube_config).users[0].user["client-certificate-data"])
client_key = base64decode(yamldecode(stackit_ske_kubeconfig.example.kube_config).users[0].user["client-key-data"])
cluster_ca_certificate = base64decode(yamldecode(stackit_ske_kubeconfig.example.kube_config).clusters[0].cluster["certificate-authority-data"])
}
resource "kubernetes_namespace" "example" {
metadata {
name = "stackit-demo-namespace"
}
}

View file

@ -0,0 +1,18 @@
# Copyright 2026 Schwarz Digits Cloud GmbH & Co. KG
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
variable "project_id" {
description = "The STACKIT Project ID"
type = string
}

View file

@ -0,0 +1,39 @@
# Copyright 2026 Schwarz Digits Cloud GmbH & Co. KG
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
resource "stackit_ske_cluster" "example" {
project_id = var.project_id
name = "example"
kubernetes_version_min = "1.33"
node_pools = [
{
name = "example-node-pool"
machine_type = "g2i.4"
minimum = 1
maximum = 2
availability_zones = ["eu01-1"]
os_version_min = "3815.2.5"
os_name = "flatcar"
volume_size = 32
volume_type = "storage_premium_perf6"
}
]
}
resource "stackit_ske_kubeconfig" "example" {
project_id = var.project_id
cluster_name = stackit_ske_cluster.example.name
expiration = 3600
}

View file

@ -0,0 +1,19 @@
# Copyright 2026 Schwarz Digits Cloud GmbH & Co. KG
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
resource "kubernetes_namespace" "example" {
metadata {
name = "stackit-demo-namespace"
}
}

View file

@ -0,0 +1,45 @@
# Copyright 2026 Schwarz Digits Cloud GmbH & Co. KG
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
resource "stackit_ske_cluster" "example" {
project_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
name = "example"
kubernetes_version_min = "1.31"
node_pools = [
{
name = "standard"
machine_type = "c2i.4"
minimum = "3"
maximum = "9"
max_surge = "3"
availability_zones = ["eu01-1", "eu01-2", "eu01-3"]
os_version_min = "4081.2.1"
os_name = "flatcar"
volume_size = 32
volume_type = "storage_premium_perf6"
}
]
maintenance = {
enable_kubernetes_version_updates = true
enable_machine_image_version_updates = true
start = "01:00:00Z"
end = "02:00:00Z"
}
}
resource "stackit_ske_kubeconfig" "example" {
project_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
cluster_name = stackit_ske_cluster.example.name
refresh = true
}

View file

@ -0,0 +1,44 @@
# Copyright 2026 Schwarz Digits Cloud GmbH & Co. KG
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
locals {
alert_config = {
route = {
receiver = "EmailStackit",
repeat_interval = "1m"
}
receivers = [
{
name = "EmailStackit",
email_configs = [
{
to = "<email>"
}
]
}
]
}
}
resource "stackit_observability_instance" "example" {
project_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
name = "example"
plan_name = "Observability-Large-EU01"
alert_config = local.alert_config
}
resource "stackit_observability_credential" "example" {
project_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
instance_id = stackit_observability_instance.example.instance_id
}

Some files were not shown because too many files have changed in this diff Show more