diff --git a/example/main.tf b/example/main.tf index 8ca31ba..4799fb5 100644 --- a/example/main.tf +++ b/example/main.tf @@ -1,66 +1,18 @@ -module "security_groups" { - source = "../security-group" +module "project" { + source = "../project" + for_each = var.projects - for_each = var.security_groups + organization_id = each.value.organization_id + name = each.value.name - project_id = var.project_id - name = each.value.name - description = each.value.description - rules = each.value.rules + description = each.value.description != null ? each.value.description : null + labels = each.value.labels != {} ? each.value.labels : {} + + owner_email = each.value.owner_email + + security_groups = each.value.security_groups + networks = each.value.networks + postgres_instances = each.value.postgres_instances + ske_clusters = each.value.ske_clusters + observability_instances = each.value.observability_instances } - -# module "postgres" { -# source = "../postgres" - -# for_each = var.postgres_instances - -# project_id = var.project_id -# name = each.value.name -# ver = each.value.version -# flavor = each.value.flavor -# storage = each.value.storage -# replicas = each.value.replicas -# acl = each.value.acl -# backup_schedule = each.value.backup_schedule -# users = each.value.users -# databases = each.value.databases -# } - -# module "net" { -# source = "../network" - -# for_each = var.routed_networks - -# project_id = var.project_id -# name = each.value.name - -# ipv4_nameservers = each.value.ipv4_nameservers -# labels = each.value.labels - -# static_ipv4 = each.value.static_ipv4 -# nic_name = each.value.nic_name -# nic_allowed_addresses = each.value.nic_allowed_addresses -# nic_labels = each.value.nic_labels -# nic_security = each.value.nic_security -# nic_security_group_ids = each.value.nic_security_group_ids -# } - -# module "ske" { -# source = "../ske" - -# for_each = var.ske_clusters - -# project_id = var.project_id -# name = each.value.name -# kubernetes_version_min = each.value.kubernetes_version_min -# node_pools = each.value.node_pools -# } - -# module "observability" { -# source = "../observability" - -# for_each = var.observability_instances -# project_id = var.project_id -# name = each.value.name -# plan_name = each.value.plan_name -# } diff --git a/example/providers.tf b/example/providers.tf index e5cfc8d..5eb9d92 100644 --- a/example/providers.tf +++ b/example/providers.tf @@ -9,7 +9,8 @@ terraform { } provider "stackit" { - default_region = var.region - service_account_token = var.service_account_token - enable_beta_resources = true + default_region = var.region + service_account_token = var.service_account_token != "" ? var.service_account_token : null + service_account_key_path = var.service_account_key_path != "" ? var.service_account_key_path : null + enable_beta_resources = true } \ No newline at end of file diff --git a/example/terraform.tfvars b/example/terraform.tfvars index 70d2beb..a9f8b5b 100644 --- a/example/terraform.tfvars +++ b/example/terraform.tfvars @@ -1,148 +1,186 @@ -region = "eu01" -service_account_token = "" -project_id = "" +region = "eu01" +service_account_key_path = "/Users/schlenz/sa-key-dd5fa2c9-1651-4da7-8404-9ac4fe9bc3d5.json" -security_groups = { - ssh_ingress_group = { - name = "ssh-ingress-group" - description = "ALLOW SSH ingress" - rules = [ - { description = "SSH RULE 1" - direction = "ingress" - ether_type = "IPv4" - ip_range = "0.0.0.0/0" - protocol = { - name = "tcp" +projects = { + project_1 = { + name = "project-1" + organization_id = "03a34540-3c1a-4794-b2c6-7111ecf824ef" + owner_email = "maximilian.schlenz@stackit.cloud" + + postgres_instances = { + dev = { + name = "pg-test-instance" + version = 17 + flavor = { + cpu = 2, + ram = 4 } - port_range = { - min = 22 - max = 22 + storage = { + class = "premium-perf6-stackit", + size = 20 } - }, - ] + replicas = 1 + acl = ["0.0.0.0/0"] + backup_schedule = "00 00 * * *" + + users = [ + { username = "adm-usr", + roles = ["login", "createdb"] + }, + { username = "testusr", + roles = ["login"] + } + ] + + databases = [ + { + name = "test-db", + owner = "admin" + } + ] + } + } + + networks = { + tiny = { + name = "tiny-net" + ipv4_prefix_length = 28 + labels = { + purpose = "test" + } + security_groups = { + ssh_ingress_group = { + name = "ssh-ingress-group" + description = "ALLOW SSH ingress" + rules = [ + { description = "SSH RULE 1" + direction = "ingress" + ether_type = "IPv4" + ip_range = "0.0.0.0/0" + protocol = { + name = "tcp" + } + port_range = { + min = 22 + max = 23 + } + }, + ] + }, + + web_traffic_group = { + name = "web-traffic-group" + description = "ALLOW WEB TRAFFIC ingress" + rules = [ + { description = "ALLOW ALL 80" + direction = "ingress" + ether_type = "IPv4" + ip_range = "0.0.0.0/0" + protocol = { + name = "tcp" + } + port_range = { + min = 80 + max = 80 + } + }, + { description = "ALLOW ALL 443" + direction = "ingress" + ether_type = "IPv4" + ip_range = "0.0.0.0/0" + protocol = { + name = "tcp" + } + port_range = { + min = 443 + max = 443 + } + }, + ] + }, + } + network_static = { + } + + custom_static = { + name = "static-net" + routed = true + ipv4_prefix = "10.99.0.0/24" + ipv4_gateway = "10.99.0.1" + + nic_ipv4 = "10.99.0.10" + nic_name = "static-nic" + nic_security_group_ids = [""] + } + } + } + + # ske_clusters = { + # dev = { + # name = "dev" + # kubernetes_version_min = "1.31" + # node_pools = [ + # { name = "default" + # machine_type = "c2.1" + # availability_zones = ["eu01-1", "eu01-2"] + # volume_size = 40 + # minimum = 1 + # maximum = 3 + # } + # ] + # } + + # prod = { + # name = "prod" + # kubernetes_version_min = "1.31" + # node_pools = [ + # { name = "general" + # machine_type = "c2.2" + # availability_zones = ["eu03-1", "eu03-2"] + # volume_size = 80 + # minimum = 2 + # maximum = 4 + # } + # ] + # } + # } + + observability_instances = { + starter = { + name = "Observability-1" + plan_name = "Observability-Starter-EU01" + } + + prod = { + name = "Observability-2" + plan_name = "Observability-Large-EU01" + } + } + }, + # project_2 = { + # name = "project-2" + # organization_id = "03a34540-3c1a-4794-b2c6-7111ecf824ef" + # owner_email = "maximilian.schlenz@stackit.cloud" + # networks = { + # tiny = { + # name = "tiny-net" + # ipv4_prefix_length = 28 + # labels = { + # purpose = "test" + # } + # } - web_traffic_group = { - name = "web-traffic-group" - description = "ALLOW WEB TRAFFIC ingress" - rules = [ - { description = "ALLOW ALL 80" - direction = "ingress" - ether_type = "IPv4" - ip_range = "0.0.0.0/0" - protocol = { - name = "tcp" - } - port_range = { - min = 80 - max = 80 - } - }, - { description = "ALLOW ALL 443" - direction = "ingress" - ether_type = "IPv4" - ip_range = "0.0.0.0/0" - protocol = { - name = "tcp" - } - port_range = { - min = 443 - max = 443 - } - }, - ] - }, + # custom_static = { + # name = "static-net" + # routed = false + # ipv4_prefix = "10.99.0.0/24" + # ipv4_gateway = "10.99.0.1" -} - -postgres_instances = { - dev = { - name = "pg-test-instance" - version = 17 - flavor = { - cpu = 2, - ram = 4 - } - storage = { - class = "premium-perf6-stackit", - size = 20 - } - replicas = 1 - acl = ["0.0.0.0/0"] - backup_schedule = "00 00 * * *" - - users = [ - { username = "admin", - roles = ["login", "createdb"] - }, - { username = "testusr", - roles = ["login"] - } - ] - - databases = [ - { - name = "test_db", - owner = "admin" - } - ] - } -} - -routed_networks = { - web = { - name = "web-net" - ipv4_nameservers = ["1.1.1.1", "8.8.8.8"] - labels = { - env = "prod" - } - } - - db = { - name = "db-net" - static_ipv4 = "10.0.2.120" - nic_security = false - } -} - -ske_clusters = { - dev = { - name = "dev-cluster" - kubernetes_version_min = "1.31" - node_pools = [ - { name = "default" - machine_type = "c2.1" - availability_zones = ["eu01-1", "eu01-2"] - volume_size = 40 - minimum = 1 - maximum = 3 - } - ] - } - - staging = { - name = "staging-cluster" - kubernetes_version_min = "1.31" - node_pools = [ - { name = "general" - machine_type = "c2.2" - availability_zones = ["eu03-1", "eu03-2"] - volume_size = 80 - minimum = 2 - maximum = 4 - } - ] - } -} - -observability_instances = { - starter = { - name = "Observability-1" - plan_name = "Observability-Starter-EU01" - } - - prod = { - name = "Observability-2" - plan_name = "Observability-Large-EU01" - } -} + # nic_ipv4 = "10.99.0.10" + # nic_name = "static-nic" + # nic_security_group_ids = [""] + # } + # } + # } +} \ No newline at end of file diff --git a/example/variables.tf b/example/variables.tf index 2752f35..8bbd19a 100644 --- a/example/variables.tf +++ b/example/variables.tf @@ -4,98 +4,111 @@ variable "region" { default = "eu01" } -variable "project_id" { - description = "STACKIT Cloud project ID" - type = string -} - variable "service_account_token" { description = "Service account token for authentication" sensitive = true type = string + default = "" } -variable "security_groups" { - type = map(object({ - name = optional(string) - description = optional(string) - rules = list(object({ - direction = string - description = optional(string) - ether_type = optional(string) - icmp_parameters = optional(object({ - type = optional(number) - code = optional(number) - })) - ip_range = optional(string) - port_range = optional(object({ - min = number - max = number - })) - protocol = optional(object({ - name = optional(string) - number = optional(number) - })) - remote_security_group_id = optional(string) - })) - })) +variable "service_account_key_path" { + type = string + default = "" } -variable "postgres_instances" { +variable "projects" { type = map(object({ + + organization_id = string name = string - version = number - flavor = object({ cpu = number, ram = number }) - storage = object({ class = string, size = number }) - replicas = number - acl = list(string) - backup_schedule = string - users = list(object({ - username = string - roles = set(string) - })) - databases = list(object({ - name = string - owner = string - })) - })) -} + description = optional(string) + labels = optional(map(string)) + project_id = optional(string) + owner_email = optional(string) -variable "routed_networks" { - type = map(object({ - name = string + security_groups = optional(map(object({ + name = string + description = optional(string) + rules = list(object({ + description = optional(string) + direction = string + ether_type = optional(string) + ip_range = optional(string) + protocol = optional(object({ + name = optional(string) + number = optional(number) + })) + port_range = optional(object({ + min = number + max = number + })) + remote_security_group_id = optional(string) + })) + })), {}) - ipv4_nameservers = optional(list(string)) - labels = optional(map(string)) - - static_ipv4 = optional(string) - nic_name = optional(string) - - nic_allowed_addresses = optional(list(string)) - nic_labels = optional(map(string)) - nic_security = optional(bool) - nic_security_group_ids = optional(list(string)) - })) -} - -variable "ske_clusters" { - type = map(object({ - name = string - kubernetes_version_min = string - node_pools = list(object({ + networks = optional(map(object({ name = string - machine_type = string - availability_zones = list(string) - volume_size = number - minimum = number - maximum = number - })) - })) -} + ipv4_gateway = optional(string) + ipv4_nameservers = optional(list(string)) + ipv4_prefix = optional(string) + ipv4_prefix_length = optional(number) + ipv6_gateway = optional(string) + ipv6_nameservers = optional(list(string)) + ipv6_prefix = optional(string) + ipv6_prefix_length = optional(number) + labels = optional(map(string)) + no_ipv4_gateway = optional(bool) + no_ipv6_gateway = optional(bool) + routed = optional(bool) -variable "observability_instances" { - type = map(object({ - name = string - plan_name = string + nic_ipv4 = optional(string) + nic_name = optional(string) + nic_allowed_addresses = optional(list(string)) + nic_labels = optional(map(string)) + nic_security = optional(bool) + nic_security_group_ids = optional(list(string)) + })), {}) + + postgres_instances = optional(map(object({ + name = string + version = number + flavor = object({ + cpu = number, + ram = number + }) + storage = object({ + class = string, + size = number + }) + replicas = number + acl = list(string) + backup_schedule = string + users = list(object({ + username = string + roles = set(string) + })) + databases = list(object({ + name = string + owner = string + })) + })), {}) + + ske_clusters = optional(map(object({ + name = string + kubernetes_version_min = string + node_pools = list(object({ + name = string + machine_type = string + availability_zones = list(string) + volume_size = number + minimum = number + maximum = number + })) + })), {}) + + observability_instances = optional(map(object({ + name = string + plan_name = string + })), {}) })) }