add project and ske

2025-07-03 13:30:12 +00:00 · 2025-07-03 13:30:12 +00:00 · 5fee7d8289
commit 5fee7d8289
parent eeb18cafe1
16 changed files with 338 additions and 24 deletions
--- a/00-provider.tf
+++ b/00-provider.tf
@ -1,24 +0,0 @@
-
-terraform {
-  required_providers {
-    stackit = {
-      source = "stackitcloud/stackit"
-      version = "0.54.0"
-    }
-  }
-}
-
-# Authentication
-# Key flow (using path)
-
-
-provider "stackit" {
-  default_region = var.default_region
-  //service_account_key_path = var.service_account_key_path
-  enable_beta_resources = true
-  service_account_token = "eyJraWQiOiJaRGcyWlRNNU1EVXdPRGc1TW1GaVlqRXpNR0V5WTJReE5XVmlNMk00WWpnIiwiYWxnIjoiUlM1MTIifQ.eyJzdWIiOiI1MDQ3NjUxMy1kN2RmLTQyYmYtOTAwYS0yZWJmMGE4YzczMDAiLCJhdWQiOlsic3RhY2tpdCIsImFwaSJdLCJzdGFja2l0L3NlcnZpY2VhY2NvdW50L3Rva2VuLnNvdXJjZSI6ImxlZ2FjeSIsInN0YWNraXQvc2VydmljZWFjY291bnQvbmFtZXNwYWNlIjoiYXBpIiwic3RhY2tpdC9wcm9qZWN0L3Byb2plY3QuaWQiOiJhNWYyYzdjNS0xOGI5LTRlYjAtYmNlNS1kOTE3ODRiNjcwNjQiLCJhenAiOiI4NjQyNDhkMy02MjFjLTQwMTktYmUxZi1hOGYxNWNhMjAxMDYiLCJpc3MiOiJzdGFja2l0L3NlcnZpY2VhY2NvdW50Iiwic3RhY2tpdC9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiNTA0NzY1MTMtZDdkZi00MmJmLTkwMGEtMmViZjBhOGM3MzAwIiwiZXhwIjoxNzU2NzI0ODk5LCJpYXQiOjE3NDg5NDg4OTksImVtYWlsIjoiYWxsaWFuei1hZG1pbi12N21qYnMxQHNhLnN0YWNraXQuY2xvdWQiLCJqdGkiOiJhY2FmZDFjZC1iOWQ3LTRmZTctYjhlYi05ZWFjYjU3ZGE4ZTEifQ.wiiuGBYd4XpwBFXkdnb6Pg_BJJ7zzCUAMmfIYwmGtYUFc2xqJ2a8nWjdUG6IRJBUtaaPgpP_Ae5M8v66V__HXZEgfJGaWmD0CSbhPUBGVUi_eiJEwnLWVdBRE8Z1IMoMkMG5Q0TLGXW6SZrox1sw1L_fi0ylYvD4dPeyMs6RZd7ADlYWhibSA-LFyvbIDw4GIepj7e1sELgtFet6jLgdeS1zmPMMxWYypGOj8kUesnN9dql9AsqlPsoPQrI1igEGDfyr2s5py7-mq8cHyX4DO4NfKQGqSNui_D0yqcVFd9x3uQx8LRdkPVaa-KJqrz6tDevvB-QNvV4wqUf7vt2g7g"
-}
-
-module "project" {
-  source = "./project"
-}
--- a/01-network.tf
+++ b/01-network.tf
@ -0,0 +1,106 @@
+// ------- project 1 - landingzone ------------
+// This file defines the network setup for the first project landingzone.
+resource "stackit_network" "wan_network" {
+  project_id          = module.project.project_info["project1"].project_id
+  name                = "wan_network"
+  ipv4_nameservers    = ["1.1.1.1", "8.8.8.8"]
+  ipv4_prefix_length  = 24
+  ipv4_prefix         = "10.220.0.0/24"
+  routed              = true
+}
+
+resource "stackit_network" "lan_network1" {
+  project_id         = module.project.project_info["project1"].project_id
+  name               = "lan_network1"
+  ipv4_prefix_length = 24
+  ipv4_prefix        = "10.220.1.0/24"
+  routed              = true
+}
+
+resource "stackit_network" "lan_network2" {
+  project_id         = module.project.project_info["project1"].project_id
+  name               = "lan_network2"
+  ipv4_prefix_length = 24
+  ipv4_prefix        = "10.220.2.0/24"
+  routed              = true
+}
+
+resource "stackit_network" "lan_network3" {
+  project_id         = module.project.project_info["project1"].project_id
+  name               = "lan_network3"
+  ipv4_prefix_length = 24
+  ipv4_prefix        = "10.220.3.0/24"
+  routed              = false
+}
+
+resource "stackit_network_interface" "wan" {
+  project_id        = module.project.project_info["project1"].project_id
+  network_id        = stackit_network.wan_network.network_id
+  security          = false
+  name              = "MGMT"
+  ipv4              = "10.220.0.254"
+
+}
+
+resource "stackit_network_interface" "lan1" {
+  project_id         = module.project.project_info["project1"].project_id
+  network_id         = stackit_network.lan_network1.network_id
+  security           = false
+  name              = "LAN1"
+}
+
+resource "stackit_network_interface" "lan2" {
+  project_id         = module.project.project_info["project1"].project_id
+  network_id         = stackit_network.lan_network2.network_id
+  security           = false
+  name              = "LAN2"
+}
+
+resource "stackit_network_interface" "lan3" {
+  project_id         = module.project.project_info["project1"].project_id
+  network_id         = stackit_network.lan_network3.network_id
+  security           = false
+  name              = "LAN3"
+}
+
+# ---------- project 2 core ------------------
+// This file defines the network setup for the second project (core).
+
+resource "stackit_network" "p2_lan_network1" {
+  project_id         = module.project.project_info["project2"].project_id
+  name               = "p2_lan_network"
+  ipv4_prefix_length = 24
+  ipv4_prefix        = "10.220.5.0/24"
+  routed              = true
+}
+
+resource "stackit_network_interface" "p2_lan1" {
+  project_id         = module.project.project_info["project2"].project_id
+  network_id         = stackit_network.p2_lan_network1.network_id
+  security           = true 
+  name              = "P2LAN1"
+  security_group_ids = [ stackit_security_group.example.security_group_id ]
+}
+
+
+// ---------- public IPs ------------------
+// This file defines the public IPs for the projects.
+resource "stackit_public_ip" "wan_ip" {
+  project_id           = module.project.project_info["project1"].project_id
+  network_interface_id = stackit_network_interface.wan.network_interface_id
+}
+
+/*resource "stackit_public_ip" "wan_server" {
+  project_id           = module.project.project_info["project2"].project_id
+  network_interface_id = stackit_network_interface.p2_wan_interface1.network_interface_id
+}
+*/
+
+// Output the public IPs for both projects
+output "public_ips" {
+  value = {
+    "wan_ip"   = stackit_public_ip.wan_ip.ip
+    //"wan_server"   = stackit_public_ip.wan_server.ip
+  }
+}
+
--- a/06-security-group.tf
+++ b/06-security-group.tf
@ -0,0 +1,51 @@
+
+// Security Group and Security Group Rules
+resource "stackit_security_group" "example" {
+  project_id = module.project.project_info["project2"].project_id
+  name       = "test"
+  labels = {
+    "key" = "example"
+  }
+}
+
+resource "stackit_security_group_rule" "icmp_ingress" {
+  security_group_id = stackit_security_group.example.security_group_id
+  project_id = module.project.project_info["project2"].project_id
+  direction         = "ingress"
+  icmp_parameters = {
+    code = 0
+    type = 8
+  }
+  protocol = {
+    name = "icmp"
+  }
+}
+resource "stackit_security_group_rule" "icmp_egress" {
+  project_id = module.project.project_info["project2"].project_id
+  security_group_id = stackit_security_group.example.security_group_id
+  direction         = "egress"
+  icmp_parameters = {
+    code = 0
+    type = 8
+  }
+  protocol = {
+    name = "icmp"
+  }
+}
+
+resource "stackit_security_group_rule" "ssh_ingress" {
+  security_group_id = stackit_security_group.example.security_group_id
+  project_id = module.project.project_info["project2"].project_id
+  direction         = "ingress"
+
+  protocol = {
+    name = "tcp"
+  }
+  port_range = {
+    max = 22
+    min = 22
+  }
+}
+
+
+
--- a/99-variables.tf
+++ b/99-variables.tf
@ -0,0 +1,22 @@
+variable "organization_id" {
+  type        = string
+  description = "Die Container-ID Ihrer Organisation."
+  # Kein Default, wird per .tfvars gesetzt
+  default = "03a34540-3c1a-4794-b2c6-7111ecf824ef"
+}
+
+variable "service_account_key_path" {
+  type        = string
+  default = "/root/.stackit/credentials.json"
+}
+
+variable "private_key_path" {
+  type        = string
+  default = "/root/.stackit/private_key.pem"
+}
+
+variable "default_region" {
+  type    = string
+  default = "eu01"
+}
+
--- a/main.tf
+++ b/main.tf
@ -0,0 +1,31 @@
+# main.tf 
+
+terraform {
+  required_providers {
+    stackit = {
+      source  = "stackitcloud/stackit"
+      version = ">=0.54"
+    }
+  }
+}
+
+provider "stackit" {
+  default_region             = var.default_region
+  service_account_key_path = var.service_account_key_path
+  private_key_path         = var.private_key_path
+  enable_beta_resources    = true
+}
+
+
+module "project" {
+  source = "./project"
+
+  organization_id = var.organization_id
+}
+
+module "ske" {
+  source = "./ske"
+
+  target_project_id = module.project.project_info["project1"].project_id
+}
+
--- a/project/00-provider.tf
+++ b/project/00-provider.tf
--- a/project/01-sna.tf
+++ b/project/01-sna.tf
@ -0,0 +1,27 @@
+/* resource "time_sleep" "wait_before_destroy" {
+  destroy_duration = "60s"
+}
+*/
+
+resource "stackit_network_area" "sna" {
+  organization_id = var.organization_id
+  name            = "bego_sna"
+  network_ranges = [
+    {
+      prefix = "10.220.0.0/16"
+    }
+  ]
+  transfer_network = "172.16.9.0/24"
+  //depends_on = [time_sleep.wait_before_destroy]
+}
+
+/* resource "stackit_network_area_route" "sna_route1" {
+  organization_id = var.organization_id
+  network_area_id = stackit_network_area.sna.network_area_id
+  prefix          = "10.220.99.0/24"
+  next_hop        = "10.220.0.0"
+  labels = {
+    "key" = "value"
+  }
+}
+*/
--- a/project/99-variables.tf
+++ b/project/99-variables.tf
--- a/project/main.tf
+++ b/project/main.tf
@ -0,0 +1,34 @@
+variable "projects" {
+  type = map(object({
+    name        = string
+    owner_email = string
+  }))
+  default = {
+    project1 = {
+      name        = "project-alpha"
+      owner_email = "michael.sodan@stackit.cloud"
+    }
+    project2 = {
+      name        = "project-beta"
+      owner_email = "michael.sodan@stackit.cloud"
+    }
+  }
+}
+
+resource "stackit_resourcemanager_project" "projects" {
+  for_each            = var.projects
+  parent_container_id = var.organization_id # Nutzt jetzt die übergebene Variable
+  name                = each.value.name
+  owner_email         = each.value.owner_email
+  # labels = { ... } # Vorerst entfernt, da stackit_network_area nicht definiert war
+}
+
+output "project_info" {
+  value = {
+    for k, project in stackit_resourcemanager_project.projects : k => {
+      project_id   = project.project_id
+      container_id = project.container_id
+    }
+  }
+}
+
--- a/project/provider.tf
+++ b/project/provider.tf
@ -0,0 +1,10 @@
+
+terraform {
+  required_providers {
+    stackit = {
+      source  = "stackitcloud/stackit"
+      version = ">= 0.54.0" # Diese Version passt zu Ihrer Anforderung
+    }
+  }
+}
+
--- a/project/variables.tf
+++ b/project/variables.tf
@ -0,0 +1,5 @@
+variable "organization_id" {
+  description = "Empfängt die Container-ID der Organisation vom Root-Modul."
+  type        = string
+}
+
--- a/ske/00-provider.tf
+++ b/ske/00-provider.tf
--- a/ske/99-variables.tf
+++ b/ske/99-variables.tf
--- a/ske/main.tf
+++ b/ske/main.tf
@ -0,0 +1,37 @@
+# Dieses Netzwerk wird im Projekt erstellt, dessen ID übergeben wurde
+resource "stackit_network" "ske_network" {
+  project_id = var.target_project_id
+  name       = "ske-network"
+  ipv4_prefix_length = 24
+}
+
+# Dieser Cluster wird im selben Projekt erstellt
+resource "stackit_ske_cluster" "demo-cluster" {
+  project_id = var.target_project_id # Nutzt die übergebene Variable
+  name       = "demo-cluster"
+  node_pools = [
+    {
+      name               = "np"
+      machine_type       = "g1.4"
+      minimum            = "2"
+      maximum            = "3"
+      volume_size        = "64"
+      volume_type        = "storage_premium_perf4"
+      availability_zones = ["eu01-3", "eu01-1"]
+    }
+  ]
+  network = {
+    id = stackit_network.ske_network.id # Korrekte Referenz auf die Ressource oben
+  }
+  extensions = {
+    acl = {
+      enabled       = true
+      allowed_cidrs = ["0.0.0.0/0"]
+    }
+  }
+}
+
+output "ske-egress-ip" {
+  value = stackit_ske_cluster.demo-cluster.egress_address_ranges
+}
+
--- a/ske/provider.tf
+++ b/ske/provider.tf
@ -0,0 +1,11 @@
+# In project/versions.tf und in ske/versions.tf
+
+terraform {
+  required_providers {
+    stackit = {
+      source  = "stackitcloud/stackit"
+      version = ">= 0.54.0" # Diese Version passt zu Ihrer Anforderung
+    }
+  }
+}
+
--- a/ske/variables.tf
+++ b/ske/variables.tf
@ -0,0 +1,4 @@
+variable "target_project_id" {
+  description = "Empfängt die ID des Projekts, in dem die SKE-Ressourcen erstellt werden sollen."
+  type        = string
+}