examples/iaas-volume-encryption/.terraform.lock.hcl

@@ -0,0 +1,25 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/stackitcloud/stackit" {
+  version     = "0.80.0"
+  constraints = "0.80.0"
+  hashes = [
+    "h1:wz7uGwzVoo1NO18CDLcfjLraTSiWQ5EzJnDeCKcFi60=",
+    "zh:0dde99e7b343fa01f8eefc378171fb8621bedb20f59157d6cc8e3d46c738105f",
+    "zh:3a0e6cb125ef76a24b2b5ff9c786c57058f385571d283bd68f633225fcca695a",
+    "zh:4693a29285daea99041d0db7cda867ba407deea96c3bb629b4d91ee16aa2ddab",
+    "zh:4a4b03f1ddb9c0b98dbdf8d57fa95df8ca262840959bec5d7deb9d50961f2bc2",
+    "zh:57fa031a9566c0cc75ad39697e4dbdf8808e9a6a13900948a4ccf5346826eba7",
+    "zh:6096c22ad0726f044c686e1320d5731379d64d5ff8a9df976c48396856888f38",
+    "zh:69b6985f473c67dafea157d883c36b6a652faea4f935b0e0bd7b6a89634446ab",
+    "zh:69b69c396eddb9ddb81dde2e0de56ea72fd0961e1037efb80784c61edb2c8f3c",
+    "zh:76d96a28232850f8125c1118f9b09aa37cc97ede42852bdb4259cfc1d6024e5a",
+    "zh:9aca727fa7290d83efecfa9f3f47a1c24fb8ced1cae234ed98bccc1b9f26bbeb",
+    "zh:b06a7d98eb498fa0c478834ed0c08278c80dbe649cd72ddf188b6d3b0fb966ee",
+    "zh:cd6f56a5c0cc0c6031ae909fad30d9f0a77defd2317312c50b2ac4c475ca8b92",
+    "zh:de6f56dd204fe7827abe79f3517e2f604ae276d9281cfcaab8a514f7b38efc65",
+    "zh:f41bfc03ef86021571316103f5843317238ac8e37a645e8e39c29dc5c885772e",
+    "zh:fc5a42658705a6b7434031d1af5ac1b9f78c78571641997b8afbe1af24183992",
+  ]
+}

examples/iaas-volume-encryption/00-provider.tf

@@ -0,0 +1,30 @@
+# Copyright 2026 Schwarz Digits Cloud GmbH & Co. KG
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Define required providers
+terraform {
+  required_version = ">= 0.14.0"
+  required_providers {
+    stackit = {
+      source  = "stackitcloud/stackit"
+      version = "0.80.0"
+    }
+  }
+}
+
+provider "stackit" {
+  default_region           = "eu01"
+  service_account_key_path = "secrets.json"
+  experiments              = ["iam"]
+}

examples/iaas-volume-encryption/01-config.tf

@@ -0,0 +1,33 @@
+# Copyright 2026 Schwarz Digits Cloud GmbH & Co. KG
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+#
+# Custom User Settings
+#
+
+# STACKIT Availability Zone
+variable "zone" {
+  type        = string
+  description = "Availability Zone"
+  default     = "eu01-3"
+}
+
+
+# STACKIT ProjectID
+variable "STACKIT_PROJECT_ID" {
+  type        = string
+  description = "STACKIT Project ID"
+  default     = "16ec118f-90d0-466d-8393-99eea504c536"
+}

examples/iaas-volume-encryption/02-service-account.tf

@@ -0,0 +1,27 @@
+# Copyright 2026 Schwarz Digits Cloud GmbH & Co. KG
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+resource "stackit_service_account" "iaas-kms" {
+  project_id = var.STACKIT_PROJECT_ID
+  name       = "iaas-kms-sa"
+}
+
+resource "stackit_authorization_project_role_assignment" "role-assign" {
+  resource_id = var.STACKIT_PROJECT_ID
+  role        = "kms.reader"
+  subject     = stackit_service_account.iaas-kms.email
+  depends_on = [
+    stackit_service_account.iaas-kms,
+  ]
+}

examples/iaas-volume-encryption/03-kms.tf

@@ -0,0 +1,28 @@
+# Copyright 2026 Schwarz Digits Cloud GmbH & Co. KG
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+resource "stackit_kms_keyring" "volume" {
+  project_id   = var.STACKIT_PROJECT_ID
+  display_name = "iaas-volume"
+  description  = "example description"
+}
+
+resource "stackit_kms_key" "volume-key" {
+  project_id   = var.STACKIT_PROJECT_ID
+  keyring_id   = stackit_kms_keyring.volume.keyring_id
+  display_name = "volume-key-01"
+  protection   = "software"
+  algorithm    = "aes_256_gcm"
+  purpose      = "symmetric_encrypt_decrypt"
+}

examples/iaas-volume-encryption/04-volume.tf

@@ -0,0 +1,37 @@
+# Copyright 2026 Schwarz Digits Cloud GmbH & Co. KG
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+resource "stackit_volume" "encrypted" {
+  project_id        = var.STACKIT_PROJECT_ID
+  name              = "encrypted_volume"
+  availability_zone = var.zone
+  performance_class = "storage_premium_perf6"
+  size              = 64
+  source = {
+    type = "image"
+    id   = "7b8f0f89-cffd-4838-8530-8e7266d08afe" # W2k25
+  }
+  labels = {
+    kek_key_id      = stackit_kms_key.volume-key.key_id
+    kek_key_version = 1
+    kek_keyring_id  = stackit_kms_keyring.volume.keyring_id
+    service_account = stackit_service_account.iaas-kms.email
+  }
+  encryption_parameters = {
+    kek_key_id      = stackit_kms_key.volume-key.key_id
+    kek_key_version = 1
+    kek_keyring_id  = stackit_kms_keyring.volume.keyring_id
+    service_account = stackit_service_account.iaas-kms.email
+  }
+}

examples/iaas-volume-encryption/05-server.tf

@@ -0,0 +1,42 @@
+# Copyright 2026 Schwarz Digits Cloud GmbH & Co. KG
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+resource "stackit_server" "encrypted_server" {
+  project_id = var.STACKIT_PROJECT_ID
+  name       = "encrypted-server"
+  boot_volume = {
+    source_type = "volume"
+    source_id   = stackit_volume.encrypted.volume_id
+  }
+  availability_zone  = var.zone
+  machine_type       = "g2i.4"
+  user_data          = file("cloud-init.yaml")
+  network_interfaces = [stackit_network_interface.nic.network_interface_id]
+}
+
+resource "stackit_network_interface" "nic" {
+  project_id         = var.STACKIT_PROJECT_ID
+  network_id         = data.stackit_network.default.network_id
+  security_group_ids = [data.stackit_security_group.default.security_group_id]
+}
+
+data "stackit_security_group" "default" {
+  project_id        = var.STACKIT_PROJECT_ID
+  security_group_id = "a6b4708e-b8ee-48ba-b084-a4892e9a73af"
+}
+
+data "stackit_network" "default" {
+  project_id = var.STACKIT_PROJECT_ID
+  network_id = "a9d59cc6-cc5b-4f9f-a9dc-315b0fc78a35"
+}

examples/iaas-volume-encryption/MAINTAINERS.md

@@ -0,0 +1,9 @@
+# Maintainers
+
+General maintainers:
+
+- Markus Brunsch (Markus.Brunsch@digits.schwarz)
+
+This example is actively maintained. The owner is responsible for reviewing and updating dependencies and functionalities on a monthly basis.
+For questions, issues, or feature requests, please email general maintainers.
+Please include the BP name and version in your request. We will track your request as an issue.

examples/iaas-volume-encryption/README.md

@@ -0,0 +1,55 @@
+# IaaS Volume Encryption (Terraform)
+
+## Terraform Examples
+
+KMS & IaaS Resources to deploy a encrypted Block Storage Volume
+
+### Migrations Steps to move data von non encrypted Volumes to a encrypted Volume
+
+1. Create Backup of non encrypted Volume
+
+There are two options to perform a Backup the first one is to reference a volume directly:
+
+```bash
+stackit volume backup create --source-type volume --source-id <volumeId> --name backup01
+```
+
+> This does block all operations on the Volume such as extending the Volume until the backup is done.
+
+Another Option is to first create a Snapshot and make a Backup von this Snapshot:
+
+```bash
+stackit volume backup create --source-type snapshot --source-id <snapshotId> --name backup01
+```
+
+2. Create new encrypted Volume
+   Use the provided Terraform to deploy a new encrypted Volume with the same size (or larger) then the original Volume.
+
+3. Create new encrypted Volume from Backup
+   Use the Backup as a source for a new encrypted Volume.
+
+```hcl
+resource "stackit_volume" "encrypted" {
+  project_id        = var.STACKIT_PROJECT_ID
+  name              = "encrypted_volume"
+  availability_zone = var.zone
+  performance_class = "storage_premium_perf6"
+  size              = 4
+  source = {
+    type = "backup"
+    id = "<backupId>"
+  }
+  encryption_parameters = {
+    kek_key_id = stackit_kms_key.volume-key.key_id
+    kek_key_version = 1
+    kek_keyring_id = stackit_kms_keyring.volume.keyring_id
+    service_account = "<serviceAccount>@sa.stackit.cloud"
+  }
+}
+```
+
+4. Recreate VM or attach volume to existing VM
+
+```bash
+stackit server create --availability-zone eu01-3 --machine-type c2i.2 --boot-volume-source-type volume --boot-volume-source-id <volumeId> --network-id <networkId> -n server1
+```

examples/iaas-volume-encryption/cloud-init.yaml

@@ -0,0 +1,5 @@
+#cloud-config
+users:
+  - name: Administrator
+    passwd: "Start1234567890!"
+    groups: Administrators

examples/pfsense-hub-and-spoke/MAINTAINERS.md

@@ -0,0 +1,9 @@
+# Maintainers
+
+General maintainers:
+
+- Sven Schmidt (Sven.Schmidt@digits.schwarz)
+
+This example is actively maintained. The owner is responsible for reviewing and updating dependencies and functionalities on a monthly basis.
+For questions, issues, or feature requests, please email general maintainers.
+Please include the BP name and version in your request. We will track your request as an issue.

examples/ske-stackit-sfs-integration/.terraform.lock.hcl

@@ -0,0 +1,25 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/stackitcloud/stackit" {
+  version     = "0.79.0"
+  constraints = "0.79.0"
+  hashes = [
+    "h1:l7AeT3WWi/u7QB7E1SaksYc5VjU9JS2LYc4OnavI3kw=",
+    "zh:0dde99e7b343fa01f8eefc378171fb8621bedb20f59157d6cc8e3d46c738105f",
+    "zh:1eb8276c0d8a4b5b92534020df0cb270ed7c4d91dfed6db089ee775b50a8f5e3",
+    "zh:715ad338c71f904272453ec5ae830ee35f920268b5f20e70e6ddf9b0a54aa060",
+    "zh:8439d1e4b2e2b16532b58ff02dab6fad18c49a3a8e0d84ee445a8375b19209e2",
+    "zh:85fa5ef7e202f7b49b1acc89d59198b27d198971c12ed307551e036a371ce578",
+    "zh:9590b7be920486158fd4d5e32c3095e8858c4a998a7aa47f3c85a3c71c779ce6",
+    "zh:a09911d5bcd25ab03333803e52c54015c8e50eef28a0c55030e72683d91fc337",
+    "zh:a934b5ec52bbe591c4d78183c762052a8d72f99dfab49e2283246e4e8b81d8c3",
+    "zh:b32435df41880ea2a688f9e18741f18b6764b0013f04c645bda847e7a24bfff4",
+    "zh:c1b81817e8e1d019877bdcd572fa59f2ec2c1d132720a89bde8dc8b7e8030b4f",
+    "zh:d001412f91ca700159c53255a2ecedf43591af30eabf0736ab99be83a7352372",
+    "zh:d34defd21c214d251327c78ffe40c276d83af7fe9fbcaf04824a87e626251e6e",
+    "zh:d66f8bf8014513b206b7c1614475d347da55b24e9c5ed251f8f83aa3df4f21ca",
+    "zh:e1a4b798d204d008025b57833295673b1c57e3115c91a2bae014d64ab1f0eca7",
+    "zh:efe360c57b49c5adda657765f7d28c09688abcfaf88ff98e21d8b708bc8da80d",
+  ]
+}

examples/ske-stackit-sfs-integration/00-provider.tf

@@ -0,0 +1,30 @@
+# Copyright 2026 Schwarz Digits Cloud GmbH & Co. KG
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Define required providers
+terraform {
+  required_version = ">= 0.14.0"
+  required_providers {
+    stackit = {
+      source  = "stackitcloud/stackit"
+      version = "0.79.0"
+    }
+  }
+}
+
+provider "stackit" {
+  default_region           = "eu01"
+  service_account_key_path = "secrets.json"
+  enable_beta_resources    = true
+}

examples/ske-stackit-sfs-integration/01-config.tf

@@ -0,0 +1,51 @@
+# Copyright 2026 Schwarz Digits Cloud GmbH & Co. KG
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#
+# Custom User Settings
+#
+
+# STACKIT Availability Zone
+variable "zone" {
+  type        = string
+  description = "Availability Zone"
+  default     = "eu01-3"
+}
+
+# STACKIT VM Flavor
+variable "flavor" {
+  type        = string
+  description = "Flavor ID"
+  default     = "g2i.4"
+}
+
+# Local VPC Subnet to create Network
+variable "LOCAL_SUBNET" {
+  type        = string
+  description = ""
+  default     = "10.10.0.0/24"
+}
+
+# STACKIT ProjectID
+variable "STACKIT_PROJECT_ID" {
+  type        = string
+  description = "STACKIT Project ID"
+  default     = "16ec118f-90d0-466d-8393-99eea504c536"
+}
+
+variable "STACKIT_ORG_ID" {
+  type        = string
+  description = "STACKIT Org ID"
+  default     = "03a34540-3c1a-4794-b2c6-7111ecf824ef"
+}

examples/ske-stackit-sfs-integration/03-network.tf

@@ -0,0 +1,35 @@
+# Copyright 2026 Schwarz Digits Cloud GmbH & Co. KG
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Get vNET Networks
+resource "stackit_network_area" "sfs" {
+  organization_id = var.STACKIT_ORG_ID
+  name            = "sfs-network-area"
+  labels = {
+    "preview/routingtables" = "true"
+  }
+}
+
+resource "stackit_network_area_region" "sfs" {
+  organization_id = var.STACKIT_ORG_ID
+  network_area_id = stackit_network_area.sfs.network_area_id
+  ipv4 = {
+    transfer_network = "10.1.2.0/24"
+    network_ranges = [
+      {
+        prefix = "10.0.0.0/16"
+      }
+    ]
+  }
+}

examples/ske-stackit-sfs-integration/04-project.tf

@@ -0,0 +1,31 @@
+# Copyright 2026 Schwarz Digits Cloud GmbH & Co. KG
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+resource "stackit_resourcemanager_project" "sfs-no-folder" {
+  parent_container_id = var.STACKIT_ORG_ID
+  name                = "sfs-example"
+  labels = {
+    "networkArea" = stackit_network_area.sfs.network_area_id
+  }
+  owner_email = "markus.brunsch@stackit.cloud"
+}
+
+resource "stackit_resourcemanager_project" "sfs-folder" {
+  parent_container_id = "bc229fa8-4be4-42d5-8808-514fe6d39074" #Folder ID Demos
+  name                = "sfs-example-folder"
+  labels = {
+    "networkArea" = stackit_network_area.sfs.network_area_id
+  }
+  owner_email = "markus.brunsch@stackit.cloud"
+}

examples/ske-stackit-sfs-integration/05-sfs.tf

@@ -0,0 +1,81 @@
+# Copyright 2026 Schwarz Digits Cloud GmbH & Co. KG
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+resource "stackit_sfs_resource_pool" "no-folder-resourcepool" {
+  project_id        = stackit_resourcemanager_project.sfs-no-folder.project_id
+  name              = "sfs-resourcepool"
+  availability_zone = "eu01-m"
+  performance_class = "Standard"
+  size_gigabytes    = 512
+  ip_acl = [
+    "0.0.0.0/0",
+  ]
+  snapshots_are_visible = true
+}
+
+resource "stackit_sfs_export_policy" "no-folder-policy" {
+  project_id = stackit_resourcemanager_project.sfs-no-folder.project_id
+  name       = "example"
+  rules = [
+    {
+      ip_acl = ["0.0.0.0/0"]
+      order  = 1
+    }
+  ]
+}
+
+resource "stackit_sfs_share" "no-folder-share" {
+  project_id                 = stackit_resourcemanager_project.sfs-no-folder.project_id
+  resource_pool_id           = stackit_sfs_resource_pool.no-folder-resourcepool.resource_pool_id
+  name                       = "nfs-share"
+  export_policy              = "example"
+  space_hard_limit_gigabytes = 128
+}
+
+##############
+
+resource "stackit_sfs_resource_pool" "folder-resourcepool" {
+  project_id        = stackit_resourcemanager_project.sfs-folder.project_id
+  name              = "sfs-resourcepool"
+  availability_zone = "eu01-m"
+  performance_class = "Standard"
+  size_gigabytes    = 512
+  ip_acl = [
+    "0.0.0.0/0",
+  ]
+  snapshots_are_visible = true
+}
+
+resource "stackit_sfs_export_policy" "folder-policy" {
+  project_id = stackit_resourcemanager_project.sfs-folder.project_id
+  name       = "example"
+  rules = [
+    {
+      ip_acl = ["0.0.0.0/0"]
+      order  = 1
+    }
+  ]
+}
+
+resource "stackit_sfs_share" "folder-share" {
+  project_id                 = stackit_resourcemanager_project.sfs-folder.project_id
+  resource_pool_id           = stackit_sfs_resource_pool.folder-resourcepool.resource_pool_id
+  name                       = "nfs-share"
+  export_policy              = "example"
+  space_hard_limit_gigabytes = 128
+}
+
+output "mount" {
+  value = stackit_sfs_share.no-folder-share.mount_path
+}

examples/ske-stackit-sfs-integration/06.ske.tf

@@ -0,0 +1,43 @@
+# Copyright 2026 Schwarz Digits Cloud GmbH & Co. KG
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+resource "stackit_ske_cluster" "sfs" {
+  project_id             = stackit_resourcemanager_project.sfs-no-folder.project_id
+  name                   = "sfs"
+  kubernetes_version_min = "1.34"
+  node_pools = [
+    {
+      name               = "np-example"
+      machine_type       = "c2i.2"
+      minimum            = "1"
+      maximum            = "3"
+      availability_zones = ["eu01-3"]
+    }
+  ]
+  network = {
+    id = stackit_network.sfs-example.network_id
+  }
+  maintenance = {
+    enable_kubernetes_version_updates    = true
+    enable_machine_image_version_updates = true
+    start                                = "01:00:00Z"
+    end                                  = "02:00:00Z"
+  }
+}
+
+resource "stackit_network" "sfs-example" {
+  project_id       = stackit_resourcemanager_project.sfs-no-folder.project_id
+  name             = "ske-example"
+  ipv4_nameservers = ["9.9.9.9"]
+}

examples/ske-stackit-sfs-integration/MAINTAINERS.md

@@ -0,0 +1,9 @@
+# Maintainers
+
+General maintainers:
+
+- Markus Brunsch (Markus.Brunsch@digits.schwarz)
+
+This example is actively maintained. The owner is responsible for reviewing and updating dependencies and functionalities on a monthly basis.
+For questions, issues, or feature requests, please email general maintainers.
+Please include the BP name and version in your request. We will track your request as an issue.

examples/ske-stackit-sfs-integration/PersistentVolumeClaim.yaml

@@ -0,0 +1,11 @@
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+  name: test-claim
+spec:
+  storageClassName: nfs-client
+  accessModes:
+    - ReadWriteMany
+  resources:
+    requests:
+      storage: 100Mi

examples/ske-stackit-sfs-integration/README.md

@@ -0,0 +1,42 @@
+# STACKIT File Storage Example Deployment
+
+Terraform Example of deploying a STACKIT File Storage NFS Service
+
+## Deployment Scope
+
+- Network Area with Routing Tables Enabled
+- Projects attached to the Network area
+- STACKIT SFS Resources
+- SKE Cluster for RWX usage
+
+## Setup RWX on SKE with STACKIT SFS
+
+**Install Helmchart**
+
+```bash
+helm repo add nfs-subdir-external-provisioner https://kubernetes-sigs.github.io/nfs-subdir-external-provisioner/
+helm repo update
+```
+
+```bash
+helm install nfs-provisioner nfs-subdir-external-provisioner/nfs-subdir-external-provisioner \
+    --set nfs.server=1.2.3.4 \
+    --set nfs.path=/srv/nfs/storage \
+    --set storageClass.name=nfs-client
+```
+
+**Create PersistentVolumeClaim from NFS Storage**
+
+```yaml
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+  name: test-claim
+spec:
+  storageClassName: nfs-client
+  accessModes:
+    - ReadWriteMany
+  resources:
+    requests:
+      storage: 1Mi
+```

examples/ske-stackit-sfs-integration/example-rwx-deployment.yaml

@@ -0,0 +1,73 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: rwx-test
+  labels:
+    app: rwx-test
+spec:
+  ports:
+    - port: 80
+  type: LoadBalancer
+  selector:
+    app: rwx-test
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: rwx-test
+  namespace: default
+spec:
+  accessModes:
+    - ReadWriteMany
+  storageClassName: nfs-client
+  resources:
+    requests:
+      storage: 10Gi
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: rwx-test
+  labels:
+    app: rwx-test
+  namespace: default
+spec:
+  replicas: 4
+  selector:
+    matchLabels:
+      app: rwx-test
+  strategy:
+    type: Recreate
+  template:
+    metadata:
+      labels:
+        app: rwx-test
+    spec:
+      containers:
+        - image: ubuntu:focal
+          imagePullPolicy: IfNotPresent
+          command: ["/bin/sh", "-c"]
+          args:
+            - sleep 10; touch /data/index.html; while true; do echo "<p> Hostname $HOSTNAME</p><p>Date $(date)</p><br/>" >> /data/index.html; sleep 1; done;
+          name: rwx-test
+          stdin: true
+          tty: true
+          resources: {}
+          volumeMounts:
+            - mountPath: /data
+              name: rwx-test
+        - image: nginx:stable
+          imagePullPolicy: IfNotPresent
+          name: nginx
+          ports:
+            - containerPort: 80
+              name: http
+          resources: {}
+          volumeMounts:
+            - mountPath: /usr/share/nginx/html
+              name: rwx-test
+      restartPolicy: Always
+      volumes:
+        - name: rwx-test
+          persistentVolumeClaim:
+            claimName: rwx-test