diff --git a/.gitignore b/.gitignore index 5dfe310..65bfb30 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,3 @@ .terraform* terraform.tfstate* +.env \ No newline at end of file diff --git a/example/main.tf b/example/main.tf new file mode 100644 index 0000000..2d2fc0b --- /dev/null +++ b/example/main.tf @@ -0,0 +1,10 @@ +module "security_groups" { + source = "../security-group" + + for_each = var.security_groups + + project_id = var.project_id + name = each.value.name + description = each.value.description + rules = each.value.rules +} \ No newline at end of file diff --git a/example/providers.tf b/example/providers.tf new file mode 100644 index 0000000..e5cfc8d --- /dev/null +++ b/example/providers.tf @@ -0,0 +1,15 @@ +terraform { + required_version = ">= 1.9.0" + required_providers { + stackit = { + source = "stackitcloud/stackit" + version = "0.56.0" + } + } +} + +provider "stackit" { + default_region = var.region + service_account_token = var.service_account_token + enable_beta_resources = true +} \ No newline at end of file diff --git a/example/terraform.tfvars b/example/terraform.tfvars new file mode 100644 index 0000000..584af52 --- /dev/null +++ b/example/terraform.tfvars @@ -0,0 +1,59 @@ +region = "eu01" +service_account_token = "" +project_id = "" + +security_groups = { + ssh_ingress_group = { + name = "ssh-ingress-group" + description = "ALLOW SSH ingress" + rules = [ + { + description = "SSH RULE 1" + direction = "ingress" + ether_type = "IPv4" + ip_range = "0.0.0.0/0" + protocol = { + name = "tcp" + } + port_range = { + min = 22 + max = 22 + } + }, + ] + }, + + web_traffic_group = { + name = "web-traffic-group" + description = "ALLOW WEB TRAFFIC ingress" + rules = [ + { + description = "ALLOW ALL 80" + direction = "ingress" + ether_type = "IPv4" + ip_range = "0.0.0.0/0" + protocol = { + name = "tcp" + } + port_range = { + min = 80 + max = 80 + } + }, + { + description = "ALLOW ALL 443" + direction = "ingress" + ether_type = "IPv4" + ip_range = "0.0.0.0/0" + protocol = { + name = "tcp" + } + port_range = { + min = 443 + max = 443 + } + }, + ] + }, + +} \ No newline at end of file diff --git a/example/variables.tf b/example/variables.tf new file mode 100644 index 0000000..918e44e --- /dev/null +++ b/example/variables.tf @@ -0,0 +1,43 @@ +variable "region" { + description = "Region for the STACKIT Cloud" + type = string + default = "eu01" +} + +variable "project_id" { + description = "STACKIT Cloud project ID" + type = string +} + +variable "service_account_token" { + description = "Service account token for authentication" + sensitive = true + type = string +} + + +variable "security_groups" { + type = map(object({ + name = optional(string) + description = optional(string) + rules = list(object({ + direction = string + description = optional(string) + ether_type = optional(string) + icmp_parameters = optional(object({ + type = optional(number) + code = optional(number) + })) + ip_range = optional(string) + port_range = optional(object({ + min = number + max = number + })) + protocol = optional(object({ + name = optional(string) + number = optional(number) + })) + remote_security_group_id = optional(string) + })) + })) +} diff --git a/network/main.tf b/network/main.tf new file mode 100644 index 0000000..f9ca504 --- /dev/null +++ b/network/main.tf @@ -0,0 +1,23 @@ +resource "stackit_network" "this" { + project_id = var.project_id + name = var.name + + ipv4_nameservers = var.ipv4_nameservers + labels = var.labels + + routed = true +} + +resource "stackit_network_interface" "static" { + count = var.static_ipv4 == null ? 0 : 1 + + project_id = var.project_id + network_id = stackit_network.this.network_id + + ipv4 = var.static_ipv4 + labels = var.nic_labels + name = var.nic_name == null ? "${var.name}-nic" : var.nic_name + security = var.nic_security + security_group_ids = var.nic_security ? var.nic_security_group_ids : null + allowed_addresses = var.nic_security ? var.nic_allowed_addresses : null +} diff --git a/network/output.tf b/network/output.tf new file mode 100644 index 0000000..14a3f9c --- /dev/null +++ b/network/output.tf @@ -0,0 +1,19 @@ +output "network_id" { + description = "Network ID" + value = stackit_network.this.network_id +} + +output "network_name" { + description = "Network name" + value = stackit_network.this.name +} + +output "network_interface_id" { + description = "NIC ID" + value = try(stackit_network_interface.static[0].network_interface_id, null) +} + +output "static_ipv4" { + description = "IPv4 address assigned to NIC (null when not used)" + value = var.static_ipv4 +} diff --git a/network/providers.tf b/network/providers.tf new file mode 100644 index 0000000..dd742e3 --- /dev/null +++ b/network/providers.tf @@ -0,0 +1,9 @@ +terraform { + required_version = ">= 1.9.0" + required_providers { + stackit = { + source = "stackitcloud/stackit" + version = "0.56.0" + } + } +} \ No newline at end of file diff --git a/network/variables.tf b/network/variables.tf new file mode 100644 index 0000000..5bbe8e6 --- /dev/null +++ b/network/variables.tf @@ -0,0 +1,50 @@ +variable "project_id" { + type = string +} + +variable "name" { + type = string +} + +variable "ipv4_nameservers" { + type = list(string) + default = [] +} + +variable "labels" { + type = map(string) + default = {} +} + +variable "static_ipv4" { + type = string + description = "If set, a NIC will be created with this IPv4." + default = null +} + +variable "nic_name" { + type = string + default = null +} + +variable "nic_allowed_addresses" { + type = list(string) + description = "Additional CIDR blocks for NIC" + default = [] +} + +variable "nic_labels" { + type = map(string) + default = {} +} + +variable "nic_security" { + type = bool + default = true +} + +variable "nic_security_group_ids" { + type = list(string) + description = "nic_security must be set to true" + default = [] +} diff --git a/postgres/main.tf b/postgres/main.tf new file mode 100644 index 0000000..0507717 --- /dev/null +++ b/postgres/main.tf @@ -0,0 +1,33 @@ +locals { + user_count = length(var.users) + db_count = length(var.databases) +} + +resource "stackit_postgresflex_instance" "this" { + project_id = var.project_id + name = var.name + version = var.ver + flavor = var.flavor + storage = var.storage + replicas = var.replicas + acl = var.acl + backup_schedule = var.backup_schedule +} + +resource "stackit_postgresflex_user" "user" { + count = local.user_count + + project_id = var.project_id + instance_id = stackit_postgresflex_instance.this.instance_id + username = var.users[count.index].username + roles = var.users[count.index].roles +} + +resource "stackit_postgresflex_database" "db" { + count = local.db_count + + project_id = var.project_id + instance_id = stackit_postgresflex_instance.this.instance_id + name = var.databases[count.index].name + owner = var.databases[count.index].owner +} diff --git a/postgres/outputs.tf b/postgres/outputs.tf new file mode 100644 index 0000000..216884c --- /dev/null +++ b/postgres/outputs.tf @@ -0,0 +1,11 @@ +output "instance_id" { + value = stackit_postgresflex_instance.this.instance_id +} + +output "user_ids" { + value = stackit_postgresflex_user.user[*].user_id +} + +output "database_ids" { + value = stackit_postgresflex_database.db[*].database_id +} diff --git a/postgres/providers.tf b/postgres/providers.tf new file mode 100644 index 0000000..6e038c3 --- /dev/null +++ b/postgres/providers.tf @@ -0,0 +1,9 @@ +terraform { + required_version = ">= 1.9.0" + required_providers { + stackit = { + source = "stackitcloud/stackit" + version = "0.56.0" + } + } +} diff --git a/postgres/variables.tf b/postgres/variables.tf new file mode 100644 index 0000000..dbe1920 --- /dev/null +++ b/postgres/variables.tf @@ -0,0 +1,56 @@ +variable "project_id" { + type = string +} + +variable "name" { + type = string +} + +variable "ver" { + type = number +} + +variable "flavor" { + type = object({ + cpu = number, + ram = number + }) +} + +variable "storage" { + type = object({ + class = string, + size = number + }) +} + +variable "replicas" { + type = number +} + +variable "acl" { + type = list(string) +} + +variable "backup_schedule" { + type = string + +} + +variable "users" { + description = "List of users" + type = list(object({ + username = string + roles = set(string) + })) + default = [] +} + +variable "databases" { + description = "List of databases" + type = list(object({ + name = string + owner = string + })) + default = [] +} diff --git a/security-group/main.tf b/security-group/main.tf new file mode 100644 index 0000000..17a4dba --- /dev/null +++ b/security-group/main.tf @@ -0,0 +1,25 @@ +locals { + rule_count = length(var.rules) +} + +resource "stackit_security_group" "this" { + project_id = var.project_id + name = var.name + description = var.description +} + +resource "stackit_security_group_rule" "rule" { + count = local.rule_count + + direction = var.rules[count.index].direction + project_id = var.project_id + security_group_id = stackit_security_group.this.id + + description = var.rules[count.index].description + ether_type = var.rules[count.index].ether_type + icmp_parameters = var.rules[count.index].icmp_parameters + ip_range = var.rules[count.index].ip_range + port_range = var.rules[count.index].port_range + protocol = var.rules[count.index].protocol + remote_security_group_id = var.rules[count.index].remote_security_group_id +} diff --git a/security-group/output.tf b/security-group/output.tf new file mode 100644 index 0000000..bf320d2 --- /dev/null +++ b/security-group/output.tf @@ -0,0 +1,8 @@ +output "security_group_id" { + value = stackit_security_group.this.security_group_id + description = "ID of the security group" +} + +output "rule_ids" { + value = stackit_security_group_rule.rule[*].id +} \ No newline at end of file diff --git a/security-group/providers.tf b/security-group/providers.tf new file mode 100644 index 0000000..6e038c3 --- /dev/null +++ b/security-group/providers.tf @@ -0,0 +1,9 @@ +terraform { + required_version = ">= 1.9.0" + required_providers { + stackit = { + source = "stackitcloud/stackit" + version = "0.56.0" + } + } +} diff --git a/security-group/variables.tf b/security-group/variables.tf new file mode 100644 index 0000000..4367b87 --- /dev/null +++ b/security-group/variables.tf @@ -0,0 +1,45 @@ +variable "project_id" { + type = string + description = "The ID of the project where the security group will be created." +} + +variable "name" { + type = string + description = "Name of the security group." +} + +variable "description" { + type = string + default = "" + description = "Description of the security group. If not provided, it defaults to an empty string." +} + +variable "rules" { + description = "List of rules to attach to this security-group" + type = list(object({ + direction = string + description = optional(string) + ether_type = optional(string) + icmp_parameters = optional(object({ + type = optional(number) + code = optional(number) + })) + ip_range = optional(string) + port_range = optional(object({ + min = number + max = number + })) + protocol = optional(object({ + name = optional(string) + })) + remote_security_group_id = optional(string) + })) + default = [] + validation { + condition = alltrue([ + for rule in var.rules : contains(["ingress", "egress"], rule.direction) + # ... need more validations + ]) + error_message = "Direction must be either \"ingress\" or \"egress\"." + } +} diff --git a/ske/main.tf b/ske/main.tf new file mode 100644 index 0000000..90124a0 --- /dev/null +++ b/ske/main.tf @@ -0,0 +1,12 @@ +resource "stackit_ske_cluster" "this" { + project_id = var.project_id + name = var.name + kubernetes_version_min = var.kubernetes_version_min + node_pools = var.node_pools +} + +resource "stackit_ske_kubeconfig" "admin" { + project_id = var.project_id + cluster_name = stackit_ske_cluster.this.name + refresh = true +} diff --git a/ske/output.tf b/ske/output.tf new file mode 100644 index 0000000..9abc2e4 --- /dev/null +++ b/ske/output.tf @@ -0,0 +1,10 @@ +output "name" { + description = "Name of SKE cluster" + value = stackit_ske_cluster.this.name +} + +output "kubeconfig" { + description = "Kubeconfig of SKE cluster" + value = stackit_ske_kubeconfig.admin.kube_config + sensitive = true +} \ No newline at end of file diff --git a/ske/providers.tf b/ske/providers.tf new file mode 100644 index 0000000..6e038c3 --- /dev/null +++ b/ske/providers.tf @@ -0,0 +1,9 @@ +terraform { + required_version = ">= 1.9.0" + required_providers { + stackit = { + source = "stackitcloud/stackit" + version = "0.56.0" + } + } +} diff --git a/ske/variables.tf b/ske/variables.tf new file mode 100644 index 0000000..53533c0 --- /dev/null +++ b/ske/variables.tf @@ -0,0 +1,22 @@ +variable "project_id" { + type = string +} + +variable "name" { + type = string +} + +variable "kubernetes_version_min" { + type = string +} + +variable "node_pools" { + type = list(object({ + name = string + machine_type = string + availability_zones = list(string) + volume_size = number + minimum = number + maximum = number + })) +}