diff --git a/00-provider.tf b/00-provider.tf deleted file mode 100644 index 65fae9a..0000000 --- a/00-provider.tf +++ /dev/null @@ -1,24 +0,0 @@ - -terraform { - required_providers { - stackit = { - source = "stackitcloud/stackit" - version = "0.54.0" - } - } -} - -# Authentication -# Key flow (using path) - - -provider "stackit" { - default_region = var.default_region - //service_account_key_path = var.service_account_key_path - enable_beta_resources = true - service_account_token = "eyJraWQiOiJaRGcyWlRNNU1EVXdPRGc1TW1GaVlqRXpNR0V5WTJReE5XVmlNMk00WWpnIiwiYWxnIjoiUlM1MTIifQ.eyJzdWIiOiI1MDQ3NjUxMy1kN2RmLTQyYmYtOTAwYS0yZWJmMGE4YzczMDAiLCJhdWQiOlsic3RhY2tpdCIsImFwaSJdLCJzdGFja2l0L3NlcnZpY2VhY2NvdW50L3Rva2VuLnNvdXJjZSI6ImxlZ2FjeSIsInN0YWNraXQvc2VydmljZWFjY291bnQvbmFtZXNwYWNlIjoiYXBpIiwic3RhY2tpdC9wcm9qZWN0L3Byb2plY3QuaWQiOiJhNWYyYzdjNS0xOGI5LTRlYjAtYmNlNS1kOTE3ODRiNjcwNjQiLCJhenAiOiI4NjQyNDhkMy02MjFjLTQwMTktYmUxZi1hOGYxNWNhMjAxMDYiLCJpc3MiOiJzdGFja2l0L3NlcnZpY2VhY2NvdW50Iiwic3RhY2tpdC9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiNTA0NzY1MTMtZDdkZi00MmJmLTkwMGEtMmViZjBhOGM3MzAwIiwiZXhwIjoxNzU2NzI0ODk5LCJpYXQiOjE3NDg5NDg4OTksImVtYWlsIjoiYWxsaWFuei1hZG1pbi12N21qYnMxQHNhLnN0YWNraXQuY2xvdWQiLCJqdGkiOiJhY2FmZDFjZC1iOWQ3LTRmZTctYjhlYi05ZWFjYjU3ZGE4ZTEifQ.wiiuGBYd4XpwBFXkdnb6Pg_BJJ7zzCUAMmfIYwmGtYUFc2xqJ2a8nWjdUG6IRJBUtaaPgpP_Ae5M8v66V__HXZEgfJGaWmD0CSbhPUBGVUi_eiJEwnLWVdBRE8Z1IMoMkMG5Q0TLGXW6SZrox1sw1L_fi0ylYvD4dPeyMs6RZd7ADlYWhibSA-LFyvbIDw4GIepj7e1sELgtFet6jLgdeS1zmPMMxWYypGOj8kUesnN9dql9AsqlPsoPQrI1igEGDfyr2s5py7-mq8cHyX4DO4NfKQGqSNui_D0yqcVFd9x3uQx8LRdkPVaa-KJqrz6tDevvB-QNvV4wqUf7vt2g7g" -} - -module "project" { - source = "./project" -} diff --git a/01-network.tf b/01-network.tf new file mode 100644 index 0000000..577a909 --- /dev/null +++ b/01-network.tf @@ -0,0 +1,106 @@ +// ------- project 1 - landingzone ------------ +// This file defines the network setup for the first project landingzone. +resource "stackit_network" "wan_network" { + project_id = module.project.project_info["project1"].project_id + name = "wan_network" + ipv4_nameservers = ["1.1.1.1", "8.8.8.8"] + ipv4_prefix_length = 24 + ipv4_prefix = "10.220.0.0/24" + routed = true +} + +resource "stackit_network" "lan_network1" { + project_id = module.project.project_info["project1"].project_id + name = "lan_network1" + ipv4_prefix_length = 24 + ipv4_prefix = "10.220.1.0/24" + routed = true +} + +resource "stackit_network" "lan_network2" { + project_id = module.project.project_info["project1"].project_id + name = "lan_network2" + ipv4_prefix_length = 24 + ipv4_prefix = "10.220.2.0/24" + routed = true +} + +resource "stackit_network" "lan_network3" { + project_id = module.project.project_info["project1"].project_id + name = "lan_network3" + ipv4_prefix_length = 24 + ipv4_prefix = "10.220.3.0/24" + routed = false +} + +resource "stackit_network_interface" "wan" { + project_id = module.project.project_info["project1"].project_id + network_id = stackit_network.wan_network.network_id + security = false + name = "MGMT" + ipv4 = "10.220.0.254" + +} + +resource "stackit_network_interface" "lan1" { + project_id = module.project.project_info["project1"].project_id + network_id = stackit_network.lan_network1.network_id + security = false + name = "LAN1" +} + +resource "stackit_network_interface" "lan2" { + project_id = module.project.project_info["project1"].project_id + network_id = stackit_network.lan_network2.network_id + security = false + name = "LAN2" +} + +resource "stackit_network_interface" "lan3" { + project_id = module.project.project_info["project1"].project_id + network_id = stackit_network.lan_network3.network_id + security = false + name = "LAN3" +} + +# ---------- project 2 core ------------------ +// This file defines the network setup for the second project (core). + +resource "stackit_network" "p2_lan_network1" { + project_id = module.project.project_info["project2"].project_id + name = "p2_lan_network" + ipv4_prefix_length = 24 + ipv4_prefix = "10.220.5.0/24" + routed = true +} + +resource "stackit_network_interface" "p2_lan1" { + project_id = module.project.project_info["project2"].project_id + network_id = stackit_network.p2_lan_network1.network_id + security = true + name = "P2LAN1" + security_group_ids = [ stackit_security_group.example.security_group_id ] +} + + +// ---------- public IPs ------------------ +// This file defines the public IPs for the projects. +resource "stackit_public_ip" "wan_ip" { + project_id = module.project.project_info["project1"].project_id + network_interface_id = stackit_network_interface.wan.network_interface_id +} + +/*resource "stackit_public_ip" "wan_server" { + project_id = module.project.project_info["project2"].project_id + network_interface_id = stackit_network_interface.p2_wan_interface1.network_interface_id +} +*/ + +// Output the public IPs for both projects +output "public_ips" { + value = { + "wan_ip" = stackit_public_ip.wan_ip.ip + //"wan_server" = stackit_public_ip.wan_server.ip + } +} + diff --git a/06-security-group.tf b/06-security-group.tf new file mode 100644 index 0000000..22958ff --- /dev/null +++ b/06-security-group.tf @@ -0,0 +1,51 @@ + +// Security Group and Security Group Rules +resource "stackit_security_group" "example" { + project_id = module.project.project_info["project2"].project_id + name = "test" + labels = { + "key" = "example" + } +} + +resource "stackit_security_group_rule" "icmp_ingress" { + security_group_id = stackit_security_group.example.security_group_id + project_id = module.project.project_info["project2"].project_id + direction = "ingress" + icmp_parameters = { + code = 0 + type = 8 + } + protocol = { + name = "icmp" + } +} +resource "stackit_security_group_rule" "icmp_egress" { + project_id = module.project.project_info["project2"].project_id + security_group_id = stackit_security_group.example.security_group_id + direction = "egress" + icmp_parameters = { + code = 0 + type = 8 + } + protocol = { + name = "icmp" + } +} + +resource "stackit_security_group_rule" "ssh_ingress" { + security_group_id = stackit_security_group.example.security_group_id + project_id = module.project.project_info["project2"].project_id + direction = "ingress" + + protocol = { + name = "tcp" + } + port_range = { + max = 22 + min = 22 + } +} + + + diff --git a/99-variables.tf b/99-variables.tf new file mode 100644 index 0000000..ebb0fec --- /dev/null +++ b/99-variables.tf @@ -0,0 +1,22 @@ +variable "organization_id" { + type = string + description = "Die Container-ID Ihrer Organisation." + # Kein Default, wird per .tfvars gesetzt + default = "03a34540-3c1a-4794-b2c6-7111ecf824ef" +} + +variable "service_account_key_path" { + type = string + default = "/root/.stackit/credentials.json" +} + +variable "private_key_path" { + type = string + default = "/root/.stackit/private_key.pem" +} + +variable "default_region" { + type = string + default = "eu01" +} + diff --git a/main.tf b/main.tf new file mode 100644 index 0000000..7d62727 --- /dev/null +++ b/main.tf @@ -0,0 +1,31 @@ +# main.tf + +terraform { + required_providers { + stackit = { + source = "stackitcloud/stackit" + version = ">=0.54" + } + } +} + +provider "stackit" { + default_region = var.default_region + service_account_key_path = var.service_account_key_path + private_key_path = var.private_key_path + enable_beta_resources = true +} + + +module "project" { + source = "./project" + + organization_id = var.organization_id +} + +module "ske" { + source = "./ske" + + target_project_id = module.project.project_info["project1"].project_id +} + diff --git a/project/00-provider.tf b/project/00-provider.tf new file mode 100644 index 0000000..e69de29 diff --git a/project/01-sna.tf b/project/01-sna.tf new file mode 100644 index 0000000..1dcc31f --- /dev/null +++ b/project/01-sna.tf @@ -0,0 +1,27 @@ +/* resource "time_sleep" "wait_before_destroy" { + destroy_duration = "60s" +} +*/ + +resource "stackit_network_area" "sna" { + organization_id = var.organization_id + name = "bego_sna" + network_ranges = [ + { + prefix = "10.220.0.0/16" + } + ] + transfer_network = "172.16.9.0/24" + //depends_on = [time_sleep.wait_before_destroy] +} + +/* resource "stackit_network_area_route" "sna_route1" { + organization_id = var.organization_id + network_area_id = stackit_network_area.sna.network_area_id + prefix = "10.220.99.0/24" + next_hop = "10.220.0.0" + labels = { + "key" = "value" + } +} +*/ diff --git a/project/99-variables.tf b/project/99-variables.tf new file mode 100644 index 0000000..e69de29 diff --git a/project/main.tf b/project/main.tf new file mode 100644 index 0000000..58176f0 --- /dev/null +++ b/project/main.tf @@ -0,0 +1,34 @@ +variable "projects" { + type = map(object({ + name = string + owner_email = string + })) + default = { + project1 = { + name = "project-alpha" + owner_email = "michael.sodan@stackit.cloud" + } + project2 = { + name = "project-beta" + owner_email = "michael.sodan@stackit.cloud" + } + } +} + +resource "stackit_resourcemanager_project" "projects" { + for_each = var.projects + parent_container_id = var.organization_id # Nutzt jetzt die übergebene Variable + name = each.value.name + owner_email = each.value.owner_email + # labels = { ... } # Vorerst entfernt, da stackit_network_area nicht definiert war +} + +output "project_info" { + value = { + for k, project in stackit_resourcemanager_project.projects : k => { + project_id = project.project_id + container_id = project.container_id + } + } +} + diff --git a/project/provider.tf b/project/provider.tf new file mode 100644 index 0000000..a89dd02 --- /dev/null +++ b/project/provider.tf @@ -0,0 +1,10 @@ + +terraform { + required_providers { + stackit = { + source = "stackitcloud/stackit" + version = ">= 0.54.0" # Diese Version passt zu Ihrer Anforderung + } + } +} + diff --git a/project/variables.tf b/project/variables.tf new file mode 100644 index 0000000..91a0d5f --- /dev/null +++ b/project/variables.tf @@ -0,0 +1,5 @@ +variable "organization_id" { + description = "Empfängt die Container-ID der Organisation vom Root-Modul." + type = string +} + diff --git a/ske/00-provider.tf b/ske/00-provider.tf new file mode 100644 index 0000000..e69de29 diff --git a/ske/99-variables.tf b/ske/99-variables.tf new file mode 100644 index 0000000..e69de29 diff --git a/ske/main.tf b/ske/main.tf new file mode 100644 index 0000000..6b0fc17 --- /dev/null +++ b/ske/main.tf @@ -0,0 +1,37 @@ +# Dieses Netzwerk wird im Projekt erstellt, dessen ID übergeben wurde +resource "stackit_network" "ske_network" { + project_id = var.target_project_id + name = "ske-network" + ipv4_prefix_length = 24 +} + +# Dieser Cluster wird im selben Projekt erstellt +resource "stackit_ske_cluster" "demo-cluster" { + project_id = var.target_project_id # Nutzt die übergebene Variable + name = "demo-cluster" + node_pools = [ + { + name = "np" + machine_type = "g1.4" + minimum = "2" + maximum = "3" + volume_size = "64" + volume_type = "storage_premium_perf4" + availability_zones = ["eu01-3", "eu01-1"] + } + ] + network = { + id = stackit_network.ske_network.id # Korrekte Referenz auf die Ressource oben + } + extensions = { + acl = { + enabled = true + allowed_cidrs = ["0.0.0.0/0"] + } + } +} + +output "ske-egress-ip" { + value = stackit_ske_cluster.demo-cluster.egress_address_ranges +} + diff --git a/ske/provider.tf b/ske/provider.tf new file mode 100644 index 0000000..05828ca --- /dev/null +++ b/ske/provider.tf @@ -0,0 +1,11 @@ +# In project/versions.tf und in ske/versions.tf + +terraform { + required_providers { + stackit = { + source = "stackitcloud/stackit" + version = ">= 0.54.0" # Diese Version passt zu Ihrer Anforderung + } + } +} + diff --git a/ske/variables.tf b/ske/variables.tf new file mode 100644 index 0000000..1f7b2e5 --- /dev/null +++ b/ske/variables.tf @@ -0,0 +1,4 @@ +variable "target_project_id" { + description = "Empfängt die ID des Projekts, in dem die SKE-Ressourcen erstellt werden sollen." + type = string +}