diff --git a/examples/iaas-volume-encryption/.terraform.lock.hcl b/examples/iaas-volume-encryption/.terraform.lock.hcl new file mode 100644 index 0000000..7c3993a --- /dev/null +++ b/examples/iaas-volume-encryption/.terraform.lock.hcl @@ -0,0 +1,25 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/stackitcloud/stackit" { + version = "0.80.0" + constraints = "0.80.0" + hashes = [ + "h1:wz7uGwzVoo1NO18CDLcfjLraTSiWQ5EzJnDeCKcFi60=", + "zh:0dde99e7b343fa01f8eefc378171fb8621bedb20f59157d6cc8e3d46c738105f", + "zh:3a0e6cb125ef76a24b2b5ff9c786c57058f385571d283bd68f633225fcca695a", + "zh:4693a29285daea99041d0db7cda867ba407deea96c3bb629b4d91ee16aa2ddab", + "zh:4a4b03f1ddb9c0b98dbdf8d57fa95df8ca262840959bec5d7deb9d50961f2bc2", + "zh:57fa031a9566c0cc75ad39697e4dbdf8808e9a6a13900948a4ccf5346826eba7", + "zh:6096c22ad0726f044c686e1320d5731379d64d5ff8a9df976c48396856888f38", + "zh:69b6985f473c67dafea157d883c36b6a652faea4f935b0e0bd7b6a89634446ab", + "zh:69b69c396eddb9ddb81dde2e0de56ea72fd0961e1037efb80784c61edb2c8f3c", + "zh:76d96a28232850f8125c1118f9b09aa37cc97ede42852bdb4259cfc1d6024e5a", + "zh:9aca727fa7290d83efecfa9f3f47a1c24fb8ced1cae234ed98bccc1b9f26bbeb", + "zh:b06a7d98eb498fa0c478834ed0c08278c80dbe649cd72ddf188b6d3b0fb966ee", + "zh:cd6f56a5c0cc0c6031ae909fad30d9f0a77defd2317312c50b2ac4c475ca8b92", + "zh:de6f56dd204fe7827abe79f3517e2f604ae276d9281cfcaab8a514f7b38efc65", + "zh:f41bfc03ef86021571316103f5843317238ac8e37a645e8e39c29dc5c885772e", + "zh:fc5a42658705a6b7434031d1af5ac1b9f78c78571641997b8afbe1af24183992", + ] +} diff --git a/examples/iaas-volume-encryption/00-provider.tf b/examples/iaas-volume-encryption/00-provider.tf new file mode 100644 index 0000000..5a1b37d --- /dev/null +++ b/examples/iaas-volume-encryption/00-provider.tf @@ -0,0 +1,30 @@ +# Copyright 2026 Schwarz Digits Cloud GmbH & Co. KG +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Define required providers +terraform { + required_version = ">= 0.14.0" + required_providers { + stackit = { + source = "stackitcloud/stackit" + version = "0.80.0" + } + } +} + +provider "stackit" { + default_region = "eu01" + service_account_key_path = "secrets.json" + experiments = ["iam"] +} diff --git a/examples/iaas-volume-encryption/01-config.tf b/examples/iaas-volume-encryption/01-config.tf new file mode 100644 index 0000000..ba124eb --- /dev/null +++ b/examples/iaas-volume-encryption/01-config.tf @@ -0,0 +1,33 @@ +# Copyright 2026 Schwarz Digits Cloud GmbH & Co. KG +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +# +# Custom User Settings +# + +# STACKIT Availability Zone +variable "zone" { + type = string + description = "Availability Zone" + default = "eu01-3" +} + + +# STACKIT ProjectID +variable "STACKIT_PROJECT_ID" { + type = string + description = "STACKIT Project ID" + default = "16ec118f-90d0-466d-8393-99eea504c536" +} diff --git a/examples/iaas-volume-encryption/02-service-account.tf b/examples/iaas-volume-encryption/02-service-account.tf new file mode 100644 index 0000000..2649aa8 --- /dev/null +++ b/examples/iaas-volume-encryption/02-service-account.tf @@ -0,0 +1,27 @@ +# Copyright 2026 Schwarz Digits Cloud GmbH & Co. KG +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +resource "stackit_service_account" "iaas-kms" { + project_id = var.STACKIT_PROJECT_ID + name = "iaas-kms-sa" +} + +resource "stackit_authorization_project_role_assignment" "role-assign" { + resource_id = var.STACKIT_PROJECT_ID + role = "kms.reader" + subject = stackit_service_account.iaas-kms.email + depends_on = [ + stackit_service_account.iaas-kms, + ] +} diff --git a/examples/iaas-volume-encryption/03-kms.tf b/examples/iaas-volume-encryption/03-kms.tf new file mode 100644 index 0000000..749a445 --- /dev/null +++ b/examples/iaas-volume-encryption/03-kms.tf @@ -0,0 +1,28 @@ +# Copyright 2026 Schwarz Digits Cloud GmbH & Co. KG +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +resource "stackit_kms_keyring" "volume" { + project_id = var.STACKIT_PROJECT_ID + display_name = "iaas-volume" + description = "example description" +} + +resource "stackit_kms_key" "volume-key" { + project_id = var.STACKIT_PROJECT_ID + keyring_id = stackit_kms_keyring.volume.keyring_id + display_name = "volume-key-01" + protection = "software" + algorithm = "aes_256_gcm" + purpose = "symmetric_encrypt_decrypt" +} diff --git a/examples/iaas-volume-encryption/04-volume.tf b/examples/iaas-volume-encryption/04-volume.tf new file mode 100644 index 0000000..d8d4dfa --- /dev/null +++ b/examples/iaas-volume-encryption/04-volume.tf @@ -0,0 +1,37 @@ +# Copyright 2026 Schwarz Digits Cloud GmbH & Co. KG +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +resource "stackit_volume" "encrypted" { + project_id = var.STACKIT_PROJECT_ID + name = "encrypted_volume" + availability_zone = var.zone + performance_class = "storage_premium_perf6" + size = 64 + source = { + type = "image" + id = "7b8f0f89-cffd-4838-8530-8e7266d08afe" # W2k25 + } + labels = { + kek_key_id = stackit_kms_key.volume-key.key_id + kek_key_version = 1 + kek_keyring_id = stackit_kms_keyring.volume.keyring_id + service_account = stackit_service_account.iaas-kms.email + } + encryption_parameters = { + kek_key_id = stackit_kms_key.volume-key.key_id + kek_key_version = 1 + kek_keyring_id = stackit_kms_keyring.volume.keyring_id + service_account = stackit_service_account.iaas-kms.email + } +} diff --git a/examples/iaas-volume-encryption/05-server.tf b/examples/iaas-volume-encryption/05-server.tf new file mode 100644 index 0000000..9cbc0d6 --- /dev/null +++ b/examples/iaas-volume-encryption/05-server.tf @@ -0,0 +1,42 @@ +# Copyright 2026 Schwarz Digits Cloud GmbH & Co. KG +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +resource "stackit_server" "encrypted_server" { + project_id = var.STACKIT_PROJECT_ID + name = "encrypted-server" + boot_volume = { + source_type = "volume" + source_id = stackit_volume.encrypted.volume_id + } + availability_zone = var.zone + machine_type = "g2i.4" + user_data = file("cloud-init.yaml") + network_interfaces = [stackit_network_interface.nic.network_interface_id] +} + +resource "stackit_network_interface" "nic" { + project_id = var.STACKIT_PROJECT_ID + network_id = data.stackit_network.default.network_id + security_group_ids = [data.stackit_security_group.default.security_group_id] +} + +data "stackit_security_group" "default" { + project_id = var.STACKIT_PROJECT_ID + security_group_id = "a6b4708e-b8ee-48ba-b084-a4892e9a73af" +} + +data "stackit_network" "default" { + project_id = var.STACKIT_PROJECT_ID + network_id = "a9d59cc6-cc5b-4f9f-a9dc-315b0fc78a35" +} diff --git a/examples/iaas-volume-encryption/MAINTAINERS.md b/examples/iaas-volume-encryption/MAINTAINERS.md new file mode 100644 index 0000000..be2a4c2 --- /dev/null +++ b/examples/iaas-volume-encryption/MAINTAINERS.md @@ -0,0 +1,9 @@ +# Maintainers + +General maintainers: + +- Markus Brunsch (Markus.Brunsch@digits.schwarz) + +This example is actively maintained. The owner is responsible for reviewing and updating dependencies and functionalities on a monthly basis. +For questions, issues, or feature requests, please email general maintainers. +Please include the BP name and version in your request. We will track your request as an issue. diff --git a/examples/iaas-volume-encryption/README.md b/examples/iaas-volume-encryption/README.md new file mode 100644 index 0000000..822fbe0 --- /dev/null +++ b/examples/iaas-volume-encryption/README.md @@ -0,0 +1,55 @@ +# IaaS Volume Encryption (Terraform) + +## Terraform Examples + +KMS & IaaS Resources to deploy a encrypted Block Storage Volume + +### Migrations Steps to move data von non encrypted Volumes to a encrypted Volume + +1. Create Backup of non encrypted Volume + +There are two options to perform a Backup the first one is to reference a volume directly: + +```bash +stackit volume backup create --source-type volume --source-id --name backup01 +``` + +> This does block all operations on the Volume such as extending the Volume until the backup is done. + +Another Option is to first create a Snapshot and make a Backup von this Snapshot: + +```bash +stackit volume backup create --source-type snapshot --source-id --name backup01 +``` + +2. Create new encrypted Volume + Use the provided Terraform to deploy a new encrypted Volume with the same size (or larger) then the original Volume. + +3. Create new encrypted Volume from Backup + Use the Backup as a source for a new encrypted Volume. + +```hcl +resource "stackit_volume" "encrypted" { + project_id = var.STACKIT_PROJECT_ID + name = "encrypted_volume" + availability_zone = var.zone + performance_class = "storage_premium_perf6" + size = 4 + source = { + type = "backup" + id = "" + } + encryption_parameters = { + kek_key_id = stackit_kms_key.volume-key.key_id + kek_key_version = 1 + kek_keyring_id = stackit_kms_keyring.volume.keyring_id + service_account = "@sa.stackit.cloud" + } +} +``` + +4. Recreate VM or attach volume to existing VM + +```bash +stackit server create --availability-zone eu01-3 --machine-type c2i.2 --boot-volume-source-type volume --boot-volume-source-id --network-id -n server1 +``` diff --git a/examples/iaas-volume-encryption/cloud-init.yaml b/examples/iaas-volume-encryption/cloud-init.yaml new file mode 100644 index 0000000..653b5c6 --- /dev/null +++ b/examples/iaas-volume-encryption/cloud-init.yaml @@ -0,0 +1,5 @@ +#cloud-config +users: + - name: Administrator + passwd: "Start1234567890!" + groups: Administrators diff --git a/examples/pfsense-hub-and-spoke/MAINTAINERS.md b/examples/pfsense-hub-and-spoke/MAINTAINERS.md new file mode 100644 index 0000000..904e80e --- /dev/null +++ b/examples/pfsense-hub-and-spoke/MAINTAINERS.md @@ -0,0 +1,9 @@ +# Maintainers + +General maintainers: + +- Sven Schmidt (Sven.Schmidt@digits.schwarz) + +This example is actively maintained. The owner is responsible for reviewing and updating dependencies and functionalities on a monthly basis. +For questions, issues, or feature requests, please email general maintainers. +Please include the BP name and version in your request. We will track your request as an issue. diff --git a/examples/ske-stackit-sfs-integration/.terraform.lock.hcl b/examples/ske-stackit-sfs-integration/.terraform.lock.hcl new file mode 100644 index 0000000..75c9e75 --- /dev/null +++ b/examples/ske-stackit-sfs-integration/.terraform.lock.hcl @@ -0,0 +1,25 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/stackitcloud/stackit" { + version = "0.79.0" + constraints = "0.79.0" + hashes = [ + "h1:l7AeT3WWi/u7QB7E1SaksYc5VjU9JS2LYc4OnavI3kw=", + "zh:0dde99e7b343fa01f8eefc378171fb8621bedb20f59157d6cc8e3d46c738105f", + "zh:1eb8276c0d8a4b5b92534020df0cb270ed7c4d91dfed6db089ee775b50a8f5e3", + "zh:715ad338c71f904272453ec5ae830ee35f920268b5f20e70e6ddf9b0a54aa060", + "zh:8439d1e4b2e2b16532b58ff02dab6fad18c49a3a8e0d84ee445a8375b19209e2", + "zh:85fa5ef7e202f7b49b1acc89d59198b27d198971c12ed307551e036a371ce578", + "zh:9590b7be920486158fd4d5e32c3095e8858c4a998a7aa47f3c85a3c71c779ce6", + "zh:a09911d5bcd25ab03333803e52c54015c8e50eef28a0c55030e72683d91fc337", + "zh:a934b5ec52bbe591c4d78183c762052a8d72f99dfab49e2283246e4e8b81d8c3", + "zh:b32435df41880ea2a688f9e18741f18b6764b0013f04c645bda847e7a24bfff4", + "zh:c1b81817e8e1d019877bdcd572fa59f2ec2c1d132720a89bde8dc8b7e8030b4f", + "zh:d001412f91ca700159c53255a2ecedf43591af30eabf0736ab99be83a7352372", + "zh:d34defd21c214d251327c78ffe40c276d83af7fe9fbcaf04824a87e626251e6e", + "zh:d66f8bf8014513b206b7c1614475d347da55b24e9c5ed251f8f83aa3df4f21ca", + "zh:e1a4b798d204d008025b57833295673b1c57e3115c91a2bae014d64ab1f0eca7", + "zh:efe360c57b49c5adda657765f7d28c09688abcfaf88ff98e21d8b708bc8da80d", + ] +} diff --git a/examples/ske-stackit-sfs-integration/00-provider.tf b/examples/ske-stackit-sfs-integration/00-provider.tf new file mode 100644 index 0000000..f0c618a --- /dev/null +++ b/examples/ske-stackit-sfs-integration/00-provider.tf @@ -0,0 +1,30 @@ +# Copyright 2026 Schwarz Digits Cloud GmbH & Co. KG +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Define required providers +terraform { + required_version = ">= 0.14.0" + required_providers { + stackit = { + source = "stackitcloud/stackit" + version = "0.79.0" + } + } +} + +provider "stackit" { + default_region = "eu01" + service_account_key_path = "secrets.json" + enable_beta_resources = true +} diff --git a/examples/ske-stackit-sfs-integration/01-config.tf b/examples/ske-stackit-sfs-integration/01-config.tf new file mode 100644 index 0000000..10a65ba --- /dev/null +++ b/examples/ske-stackit-sfs-integration/01-config.tf @@ -0,0 +1,51 @@ +# Copyright 2026 Schwarz Digits Cloud GmbH & Co. KG +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# +# Custom User Settings +# + +# STACKIT Availability Zone +variable "zone" { + type = string + description = "Availability Zone" + default = "eu01-3" +} + +# STACKIT VM Flavor +variable "flavor" { + type = string + description = "Flavor ID" + default = "g2i.4" +} + +# Local VPC Subnet to create Network +variable "LOCAL_SUBNET" { + type = string + description = "" + default = "10.10.0.0/24" +} + +# STACKIT ProjectID +variable "STACKIT_PROJECT_ID" { + type = string + description = "STACKIT Project ID" + default = "16ec118f-90d0-466d-8393-99eea504c536" +} + +variable "STACKIT_ORG_ID" { + type = string + description = "STACKIT Org ID" + default = "03a34540-3c1a-4794-b2c6-7111ecf824ef" +} diff --git a/examples/ske-stackit-sfs-integration/03-network.tf b/examples/ske-stackit-sfs-integration/03-network.tf new file mode 100644 index 0000000..1e9802a --- /dev/null +++ b/examples/ske-stackit-sfs-integration/03-network.tf @@ -0,0 +1,35 @@ +# Copyright 2026 Schwarz Digits Cloud GmbH & Co. KG +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Get vNET Networks +resource "stackit_network_area" "sfs" { + organization_id = var.STACKIT_ORG_ID + name = "sfs-network-area" + labels = { + "preview/routingtables" = "true" + } +} + +resource "stackit_network_area_region" "sfs" { + organization_id = var.STACKIT_ORG_ID + network_area_id = stackit_network_area.sfs.network_area_id + ipv4 = { + transfer_network = "10.1.2.0/24" + network_ranges = [ + { + prefix = "10.0.0.0/16" + } + ] + } +} diff --git a/examples/ske-stackit-sfs-integration/04-project.tf b/examples/ske-stackit-sfs-integration/04-project.tf new file mode 100644 index 0000000..4fd3604 --- /dev/null +++ b/examples/ske-stackit-sfs-integration/04-project.tf @@ -0,0 +1,31 @@ +# Copyright 2026 Schwarz Digits Cloud GmbH & Co. KG +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +resource "stackit_resourcemanager_project" "sfs-no-folder" { + parent_container_id = var.STACKIT_ORG_ID + name = "sfs-example" + labels = { + "networkArea" = stackit_network_area.sfs.network_area_id + } + owner_email = "markus.brunsch@stackit.cloud" +} + +resource "stackit_resourcemanager_project" "sfs-folder" { + parent_container_id = "bc229fa8-4be4-42d5-8808-514fe6d39074" #Folder ID Demos + name = "sfs-example-folder" + labels = { + "networkArea" = stackit_network_area.sfs.network_area_id + } + owner_email = "markus.brunsch@stackit.cloud" +} diff --git a/examples/ske-stackit-sfs-integration/05-sfs.tf b/examples/ske-stackit-sfs-integration/05-sfs.tf new file mode 100644 index 0000000..f2119de --- /dev/null +++ b/examples/ske-stackit-sfs-integration/05-sfs.tf @@ -0,0 +1,81 @@ +# Copyright 2026 Schwarz Digits Cloud GmbH & Co. KG +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +resource "stackit_sfs_resource_pool" "no-folder-resourcepool" { + project_id = stackit_resourcemanager_project.sfs-no-folder.project_id + name = "sfs-resourcepool" + availability_zone = "eu01-m" + performance_class = "Standard" + size_gigabytes = 512 + ip_acl = [ + "0.0.0.0/0", + ] + snapshots_are_visible = true +} + +resource "stackit_sfs_export_policy" "no-folder-policy" { + project_id = stackit_resourcemanager_project.sfs-no-folder.project_id + name = "example" + rules = [ + { + ip_acl = ["0.0.0.0/0"] + order = 1 + } + ] +} + +resource "stackit_sfs_share" "no-folder-share" { + project_id = stackit_resourcemanager_project.sfs-no-folder.project_id + resource_pool_id = stackit_sfs_resource_pool.no-folder-resourcepool.resource_pool_id + name = "nfs-share" + export_policy = "example" + space_hard_limit_gigabytes = 128 +} + +############## + +resource "stackit_sfs_resource_pool" "folder-resourcepool" { + project_id = stackit_resourcemanager_project.sfs-folder.project_id + name = "sfs-resourcepool" + availability_zone = "eu01-m" + performance_class = "Standard" + size_gigabytes = 512 + ip_acl = [ + "0.0.0.0/0", + ] + snapshots_are_visible = true +} + +resource "stackit_sfs_export_policy" "folder-policy" { + project_id = stackit_resourcemanager_project.sfs-folder.project_id + name = "example" + rules = [ + { + ip_acl = ["0.0.0.0/0"] + order = 1 + } + ] +} + +resource "stackit_sfs_share" "folder-share" { + project_id = stackit_resourcemanager_project.sfs-folder.project_id + resource_pool_id = stackit_sfs_resource_pool.folder-resourcepool.resource_pool_id + name = "nfs-share" + export_policy = "example" + space_hard_limit_gigabytes = 128 +} + +output "mount" { + value = stackit_sfs_share.no-folder-share.mount_path +} diff --git a/examples/ske-stackit-sfs-integration/06.ske.tf b/examples/ske-stackit-sfs-integration/06.ske.tf new file mode 100644 index 0000000..903e82a --- /dev/null +++ b/examples/ske-stackit-sfs-integration/06.ske.tf @@ -0,0 +1,43 @@ +# Copyright 2026 Schwarz Digits Cloud GmbH & Co. KG +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +resource "stackit_ske_cluster" "sfs" { + project_id = stackit_resourcemanager_project.sfs-no-folder.project_id + name = "sfs" + kubernetes_version_min = "1.34" + node_pools = [ + { + name = "np-example" + machine_type = "c2i.2" + minimum = "1" + maximum = "3" + availability_zones = ["eu01-3"] + } + ] + network = { + id = stackit_network.sfs-example.network_id + } + maintenance = { + enable_kubernetes_version_updates = true + enable_machine_image_version_updates = true + start = "01:00:00Z" + end = "02:00:00Z" + } +} + +resource "stackit_network" "sfs-example" { + project_id = stackit_resourcemanager_project.sfs-no-folder.project_id + name = "ske-example" + ipv4_nameservers = ["9.9.9.9"] +} diff --git a/examples/ske-stackit-sfs-integration/MAINTAINERS.md b/examples/ske-stackit-sfs-integration/MAINTAINERS.md new file mode 100644 index 0000000..be2a4c2 --- /dev/null +++ b/examples/ske-stackit-sfs-integration/MAINTAINERS.md @@ -0,0 +1,9 @@ +# Maintainers + +General maintainers: + +- Markus Brunsch (Markus.Brunsch@digits.schwarz) + +This example is actively maintained. The owner is responsible for reviewing and updating dependencies and functionalities on a monthly basis. +For questions, issues, or feature requests, please email general maintainers. +Please include the BP name and version in your request. We will track your request as an issue. diff --git a/examples/ske-stackit-sfs-integration/PersistentVolumeClaim.yaml b/examples/ske-stackit-sfs-integration/PersistentVolumeClaim.yaml new file mode 100644 index 0000000..9247fb1 --- /dev/null +++ b/examples/ske-stackit-sfs-integration/PersistentVolumeClaim.yaml @@ -0,0 +1,11 @@ +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: test-claim +spec: + storageClassName: nfs-client + accessModes: + - ReadWriteMany + resources: + requests: + storage: 100Mi diff --git a/examples/ske-stackit-sfs-integration/README.md b/examples/ske-stackit-sfs-integration/README.md new file mode 100644 index 0000000..603cf75 --- /dev/null +++ b/examples/ske-stackit-sfs-integration/README.md @@ -0,0 +1,42 @@ +# STACKIT File Storage Example Deployment + +Terraform Example of deploying a STACKIT File Storage NFS Service + +## Deployment Scope + +- Network Area with Routing Tables Enabled +- Projects attached to the Network area +- STACKIT SFS Resources +- SKE Cluster for RWX usage + +## Setup RWX on SKE with STACKIT SFS + +**Install Helmchart** + +```bash +helm repo add nfs-subdir-external-provisioner https://kubernetes-sigs.github.io/nfs-subdir-external-provisioner/ +helm repo update +``` + +```bash +helm install nfs-provisioner nfs-subdir-external-provisioner/nfs-subdir-external-provisioner \ + --set nfs.server=1.2.3.4 \ + --set nfs.path=/srv/nfs/storage \ + --set storageClass.name=nfs-client +``` + +**Create PersistentVolumeClaim from NFS Storage** + +```yaml +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: test-claim +spec: + storageClassName: nfs-client + accessModes: + - ReadWriteMany + resources: + requests: + storage: 1Mi +``` diff --git a/examples/ske-stackit-sfs-integration/example-rwx-deployment.yaml b/examples/ske-stackit-sfs-integration/example-rwx-deployment.yaml new file mode 100644 index 0000000..08fd14d --- /dev/null +++ b/examples/ske-stackit-sfs-integration/example-rwx-deployment.yaml @@ -0,0 +1,73 @@ +apiVersion: v1 +kind: Service +metadata: + name: rwx-test + labels: + app: rwx-test +spec: + ports: + - port: 80 + type: LoadBalancer + selector: + app: rwx-test +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: rwx-test + namespace: default +spec: + accessModes: + - ReadWriteMany + storageClassName: nfs-client + resources: + requests: + storage: 10Gi +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: rwx-test + labels: + app: rwx-test + namespace: default +spec: + replicas: 4 + selector: + matchLabels: + app: rwx-test + strategy: + type: Recreate + template: + metadata: + labels: + app: rwx-test + spec: + containers: + - image: ubuntu:focal + imagePullPolicy: IfNotPresent + command: ["/bin/sh", "-c"] + args: + - sleep 10; touch /data/index.html; while true; do echo "

Hostname $HOSTNAME

Date $(date)


" >> /data/index.html; sleep 1; done; + name: rwx-test + stdin: true + tty: true + resources: {} + volumeMounts: + - mountPath: /data + name: rwx-test + - image: nginx:stable + imagePullPolicy: IfNotPresent + name: nginx + ports: + - containerPort: 80 + name: http + resources: {} + volumeMounts: + - mountPath: /usr/share/nginx/html + name: rwx-test + restartPolicy: Always + volumes: + - name: rwx-test + persistentVolumeClaim: + claimName: rwx-test