rm testing parameters in tfvars
This commit is contained in:
parent
9695f5a95f
commit
938455bd7c
1 changed files with 285 additions and 0 deletions
285
terraform.tfvars
Normal file
285
terraform.tfvars
Normal file
|
|
@ -0,0 +1,285 @@
|
|||
# Your STACKIT organization container ID (must be provided)
|
||||
organization_id = ""
|
||||
|
||||
|
||||
# -----------------------------------------------------------------------------
|
||||
# Projects to Create
|
||||
# -----------------------------------------------------------------------------
|
||||
Projects_map = {
|
||||
"projekt-alpha" = {
|
||||
name = ""
|
||||
owner_email = ""
|
||||
},
|
||||
|
||||
"projekt-beta" = {
|
||||
name = ""
|
||||
owner_email = ""
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
# -----------------------------------------------------------------------------
|
||||
# Service Network Area (SNA) Settings
|
||||
# -----------------------------------------------------------------------------
|
||||
# Name to assign to the Service Network Area
|
||||
SNA_name = ""
|
||||
|
||||
# List of CIDR blocks to include in the SNA
|
||||
SNA_network_ranges = [
|
||||
{ prefix = "192.168.10.0/24" }
|
||||
]
|
||||
# Dedicated transfer network CIDR for internal traffic
|
||||
SNA_transfer_network = "172.16.0.0/24"
|
||||
|
||||
|
||||
# -----------------------------------------------------------------------------
|
||||
# Security Groups Definitions
|
||||
# -----------------------------------------------------------------------------
|
||||
security_groups = {
|
||||
ssh_ingress_group = {
|
||||
name = "ssh-ingress-group"
|
||||
project_key = "projekt-alpha"
|
||||
description = "ALLOW SSH ingress"
|
||||
rules = [
|
||||
{
|
||||
description = "SSH RULE 1"
|
||||
direction = "ingress"
|
||||
ether_type = "IPv4"
|
||||
ip_range = "0.0.0.0/0"
|
||||
protocol = {
|
||||
name = "tcp"
|
||||
}
|
||||
port_range = {
|
||||
min = 22
|
||||
max = 22
|
||||
}
|
||||
},
|
||||
]
|
||||
},
|
||||
|
||||
web_traffic_group = {
|
||||
name = "web-traffic-group"
|
||||
project_key = "projekt-alpha"
|
||||
description = "ALLOW WEB TRAFFIC ingress"
|
||||
rules = [
|
||||
{
|
||||
description = "ALLOW ALL 80"
|
||||
direction = "ingress"
|
||||
ether_type = "IPv4"
|
||||
ip_range = "0.0.0.0/0"
|
||||
protocol = {
|
||||
name = "tcp"
|
||||
}
|
||||
port_range = {
|
||||
min = 80
|
||||
max = 80
|
||||
}
|
||||
},
|
||||
{
|
||||
description = "ALLOW ALL 443"
|
||||
direction = "ingress"
|
||||
ether_type = "IPv4"
|
||||
ip_range = "0.0.0.0/0"
|
||||
protocol = {
|
||||
name = "tcp"
|
||||
}
|
||||
port_range = {
|
||||
min = 443
|
||||
max = 443
|
||||
}
|
||||
},
|
||||
]
|
||||
},
|
||||
}
|
||||
|
||||
|
||||
# -----------------------------------------------------------------------------
|
||||
# PostgreSQL Instances
|
||||
# -----------------------------------------------------------------------------
|
||||
postgres_instances = {
|
||||
# Development instance “dev”
|
||||
dev = {
|
||||
name = "pg-test-instance" # Instance name
|
||||
project_key = "projekt-alpha" # Owning project
|
||||
version = 17 # PostgreSQL major version
|
||||
flavor = {
|
||||
cpu = 2 # vCPU count
|
||||
ram = 4 # RAM in GB
|
||||
}
|
||||
storage = {
|
||||
class = "premium-perf6-stackit" # Storage performance class
|
||||
size = 20 # Size in GB
|
||||
}
|
||||
replicas = 1 # Number of read replicas
|
||||
acl = ["0.0.0.0/0"] # CIDR(s) allowed to connect
|
||||
backup_schedule = "00 00 * * *" # Daily at midnight (cron syntax)
|
||||
|
||||
# Database users to create
|
||||
users = [
|
||||
{
|
||||
username = "adminusr"
|
||||
roles = ["login", "createdb"] # Permissions granted
|
||||
},
|
||||
{
|
||||
username = "testusr"
|
||||
roles = ["login"]
|
||||
}
|
||||
]
|
||||
|
||||
# Databases to provision
|
||||
databases = [
|
||||
{
|
||||
name = "testdb"
|
||||
owner = "admin" # Owner user of the database
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
# -----------------------------------------------------------------------------
|
||||
# Network Definitions
|
||||
# -----------------------------------------------------------------------------
|
||||
networks = {
|
||||
wan_network = {
|
||||
name = "wan_network"
|
||||
project_key = "projekt-beta"
|
||||
ipv4_nameservers = ["1.1.1.1", "8.8.8.8"] # DNS resolvers
|
||||
ipv4_prefix_length = 29
|
||||
ipv4_prefix = "192.168.10.248/29" # Subnet CIDR
|
||||
routed = true
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
# -----------------------------------------------------------------------------
|
||||
# Observability (Metrics & Logs) Instances
|
||||
# -----------------------------------------------------------------------------
|
||||
observability_instances = {
|
||||
test = {
|
||||
# Required instance settings
|
||||
name = "test-observability"
|
||||
project_key = "projekt-alpha"
|
||||
plan_name = "Observability-Large-EU01" # Choose from allowed plan list
|
||||
|
||||
# Optional network & retention settings
|
||||
acl = ["192.168.100.10/32", "203.0.113.5/32"]
|
||||
metrics_retention_days = 30
|
||||
metrics_retention_days_5m_downsampling = 10
|
||||
metrics_retention_days_1h_downsampling = 5
|
||||
|
||||
# Credentials management
|
||||
create_credentials = true
|
||||
credentials_count = 2
|
||||
|
||||
# Alert groups for metrics
|
||||
alertgroups = {
|
||||
test_group = {
|
||||
name = "example-alert-group"
|
||||
interval = "60s"
|
||||
rules = [
|
||||
{
|
||||
alert = "example-alert-name"
|
||||
expression = "kube_node_status_condition{condition=\"Ready\", status=\"false\"} > 0"
|
||||
for = "60s"
|
||||
labels = {
|
||||
severity = "critical"
|
||||
}
|
||||
annotations = {
|
||||
summary = "example summary"
|
||||
description = "example description"
|
||||
}
|
||||
},
|
||||
{
|
||||
alert = "example-alert-name-2"
|
||||
expression = "kube_node_status_condition{condition=\"Ready\", status=\"false\"} > 0"
|
||||
for = "1m"
|
||||
labels = {
|
||||
severity = "critical"
|
||||
}
|
||||
annotations = {
|
||||
summary = "example summary"
|
||||
description = "example description"
|
||||
}
|
||||
},
|
||||
]
|
||||
}
|
||||
}
|
||||
|
||||
# Log-based alert groups
|
||||
logalertgroups = {
|
||||
example_log = {
|
||||
name = "example-log-alert-group"
|
||||
interval = "60m"
|
||||
rules = [
|
||||
{
|
||||
alert = "example-log-alert-name"
|
||||
expression = "sum(rate({namespace=\"example\", pod=\"logger\"} |= \"Simulated error message\" [1m])) > 0"
|
||||
for = "60s"
|
||||
labels = {
|
||||
severity = "critical"
|
||||
}
|
||||
annotations = {
|
||||
summary = "example summary"
|
||||
description = "example description"
|
||||
}
|
||||
},
|
||||
{
|
||||
alert = "example-log-alert-name-2"
|
||||
expression = "sum(rate({namespace=\"example\", pod=\"logger\"} |= \"Another error message\" [1m])) > 0"
|
||||
for = "60s"
|
||||
labels = {
|
||||
severity = "critical"
|
||||
}
|
||||
annotations = {
|
||||
summary = "example summary"
|
||||
description = "example description"
|
||||
}
|
||||
},
|
||||
]
|
||||
}
|
||||
}
|
||||
|
||||
# Scrape configurations for Prometheus-style scraping
|
||||
scrapeconfigs = {
|
||||
example_job = {
|
||||
name = "example-job"
|
||||
metrics_path = "/my-metrics"
|
||||
saml2 = {
|
||||
enable_url_parameters = true
|
||||
}
|
||||
targets = [
|
||||
{
|
||||
urls = ["url1", "urls2"]
|
||||
labels = {
|
||||
"url1" = "dev"
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
# -----------------------------------------------------------------------------
|
||||
# SKE (Kubernetes) Clusters
|
||||
# -----------------------------------------------------------------------------
|
||||
ske_clusters = {
|
||||
"dev-cluster" = {
|
||||
name = "cluster"
|
||||
kubernetes_version_min = "1.32.5"
|
||||
project_key = "projekt-alpha"
|
||||
|
||||
node_pools = [
|
||||
{
|
||||
name = "np"
|
||||
machine_type = "g1.4"
|
||||
availability_zones = ["eu01-2"]
|
||||
minimum = 1
|
||||
maximum = 2
|
||||
volume_size = 21
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
Loading…
Reference in a new issue