professional-service-best-practices/terraform-modules
Archived
20
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

add logic for nic, nic w. custom ipv4, creation of and attachement of sec grps to nic

Browse source
This commit is contained in:
Maximilian_Schlenz 2025-07-15 15:42:38 +02:00
parent bb841ad2a3
commit 7345619f23
13 changed files with 270 additions and 107 deletions
Download patch file Download diff file Expand all files Collapse all files

69
example/main.tf
View file

@ -1,9 +1,12 @@
module "project" {
source = "../project"
name = "project-1"
name = "project-123"
labels = {
"example" = "test"
}
organization_id = var.organization_id
owner_email = "maximilian.schlenz@stackit.cloud"
owner_email = "maximilian.schlenz@stackit.cloud"
}
module "security_groups" {
@ -13,10 +16,47 @@ module "security_groups" {
project_id = module.project.project_id
name = each.value.name
description = each.value.description
description = each.value.description != null ? each.value.description : ""
rules = each.value.rules
}
locals {
security_group_ids_by_name = {
for key, m in module.security_groups :
m.name => m.security_group_id
}
}
module "net" {
depends_on = [module.security_groups]
source = "../network"
for_each = var.networks
project_id = module.project.project_id
name = each.value.name
# IPv4 and IPv6 settings
ipv4_gateway = each.value.ipv4_gateway
ipv4_nameservers = each.value.ipv4_nameservers
ipv4_prefix = each.value.ipv4_prefix
ipv4_prefix_length = each.value.ipv4_prefix_length
ipv6_gateway = each.value.ipv6_gateway
ipv6_nameservers = each.value.ipv6_nameservers
ipv6_prefix = each.value.ipv6_prefix
ipv6_prefix_length = each.value.ipv6_prefix_length
no_ipv4_gateway = each.value.no_ipv4_gateway
no_ipv6_gateway = each.value.no_ipv6_gateway
routed = each.value.routed
labels = each.value.labels
# NIC options
nics = each.value.nics
security_group_ids_by_name = local.security_group_ids_by_name
}
# module "postgres" {
# source = "../postgres"
@ -34,29 +74,6 @@ module "security_groups" {
# databases = each.value.databases
# }
module "net" {
depends_on = [module.security_groups]
source = "../network"
for_each = var.networks
project_id = module.project.project_id
name = each.value.name
ipv4_nameservers = each.value.ipv4_nameservers
labels = each.value.labels
nic_ipv4 = each.value.nic_ipv4
nic_name = each.value.nic_name
nic_allowed_addresses = each.value.nic_allowed_addresses
nic_labels = each.value.nic_labels
nic_security = each.value.nic_security
nic_security_group_ids = [
module.security_groups["ssh_ingress_group"].security_group_id,
]
}
# module "ske" {
# source = "../ske"

2
example/providers.tf
View file

@ -3,7 +3,7 @@ terraform {
required_providers {
stackit = {
source = "stackitcloud/stackit"
version = "0.56.0"
version = "0.54.0"
}
}
}

52
example/terraform.tfvars
View file

@ -1,7 +1,7 @@
region = "eu01"
service_account_token = ""
project_id = ""
organization_id = "03a34540-3c1a-4794-b2c6-7111ecf824ef"
organization_id = "03a34540-3c1a-4794-b2c6-7111ecf824ef"
service_account_key_path = "/Users/schlenz/sa-key-dd5fa2c9-1651-4da7-8404-9ac4fe9bc3d5.json"
security_groups = {
@ -91,21 +91,51 @@ security_groups = {
# }
networks = {
# web = {
# name = "web-net"
# ipv4_nameservers = ["1.1.1.1", "8.8.8.8"]
# labels = {
# env = "prod"
# }
# }
wan_network = {
name = "wan_network"
ipv4_nameservers = ["1.1.1.1", "8.8.8.8"]
ipv4_prefix_length = 24
ipv4_prefix = "10.219.0.0/24"
routed = true
}
lan_network1 = {
name = "lan_network1"
ipv4_prefix_length = 24
ipv4_prefix = "10.220.1.0/24"
routed = true
nics = {
p2_lan1 = {
nic_name = "P2LAN1"
nic_ipv4 = "10.220.1.32"
nic_security = true
nic_security_group_names = ["ssh-ingress-group"]
}
}
}
lan_network2 = {
name = "lan_network2"
ipv4_prefix_length = 24
ipv4_prefix = "10.221.0.0/24"
routed = true
}
lan_network3 = {
name = "lan_network3"
ipv4_nameservers = ["1.1.1.1", "8.8.8.8"]
ipv4_prefix_length = 24
ipv4_prefix = "10.223.3.0/24"
routed = true
}
wan = {
name = "MGMT"
ipv4_nameservers = ["1.1.1.1", "8.8.8.8"]
ipv4_prefix_length = 24
nic_ipv4 = "10.224.0.254"
}
db = {
name = "db-net"
nic_ipv4 = "10.0.0.126"
nic_security = true
security_groups = {
}
}
}

38
example/variables.tf
View file

@ -77,23 +77,45 @@ variable "security_groups" {
# }))
# }
# Network definition map
variable "networks" {
type = map(object({
name = string
ipv4_nameservers = optional(list(string))
labels = optional(map(string))
# IPv4 settings
ipv4_gateway = optional(string)
ipv4_nameservers = optional(list(string))
ipv4_prefix = optional(string)
ipv4_prefix_length = optional(number)
nic_ipv4 = optional(string)
nic_name = optional(string)
# IPv6 settings
ipv6_gateway = optional(string)
ipv6_nameservers = optional(list(string))
ipv6_prefix = optional(string)
ipv6_prefix_length = optional(number)
nic_allowed_addresses = optional(list(string))
nic_labels = optional(map(string))
nic_security = optional(bool)
nic_security_group_ids = optional(list(string))
# Flags & labels
labels = optional(map(string))
no_ipv4_gateway = optional(bool)
no_ipv6_gateway = optional(bool)
routed = optional(bool)
# NICspecific options
nics = optional(map(object({
nic_ipv4 = optional(string)
nic_name = string
nic_allowed_addresses = optional(list(string))
nic_labels = optional(map(string))
nic_security = optional(bool)
nic_security_group_ids = optional(list(string))
nic_security_group_names = optional(list(string))
})))
}))
default = {}
}
# variable "ske_clusters" {
# type = map(object({
# name = string