diff --git a/terraform.tfvars b/terraform.tfvars new file mode 100644 index 0000000..7481295 --- /dev/null +++ b/terraform.tfvars @@ -0,0 +1,285 @@ +# Your STACKIT organization container ID (must be provided) +organization_id = "" + + +# ----------------------------------------------------------------------------- +# Projects to Create +# ----------------------------------------------------------------------------- +Projects_map = { + "projekt-alpha" = { + name = "" + owner_email = "" + }, + + "projekt-beta" = { + name = "" + owner_email = "" + } +} + + +# ----------------------------------------------------------------------------- +# Service Network Area (SNA) Settings +# ----------------------------------------------------------------------------- +# Name to assign to the Service Network Area +SNA_name = "" + +# List of CIDR blocks to include in the SNA +SNA_network_ranges = [ + { prefix = "192.168.10.0/24" } +] +# Dedicated transfer network CIDR for internal traffic +SNA_transfer_network = "172.16.0.0/24" + + +# ----------------------------------------------------------------------------- +# Security Groups Definitions +# ----------------------------------------------------------------------------- +security_groups = { + ssh_ingress_group = { + name = "ssh-ingress-group" + project_key = "projekt-alpha" + description = "ALLOW SSH ingress" + rules = [ + { + description = "SSH RULE 1" + direction = "ingress" + ether_type = "IPv4" + ip_range = "0.0.0.0/0" + protocol = { + name = "tcp" + } + port_range = { + min = 22 + max = 22 + } + }, + ] + }, + + web_traffic_group = { + name = "web-traffic-group" + project_key = "projekt-alpha" + description = "ALLOW WEB TRAFFIC ingress" + rules = [ + { + description = "ALLOW ALL 80" + direction = "ingress" + ether_type = "IPv4" + ip_range = "0.0.0.0/0" + protocol = { + name = "tcp" + } + port_range = { + min = 80 + max = 80 + } + }, + { + description = "ALLOW ALL 443" + direction = "ingress" + ether_type = "IPv4" + ip_range = "0.0.0.0/0" + protocol = { + name = "tcp" + } + port_range = { + min = 443 + max = 443 + } + }, + ] + }, +} + + +# ----------------------------------------------------------------------------- +# PostgreSQL Instances +# ----------------------------------------------------------------------------- +postgres_instances = { + # Development instance “dev” + dev = { + name = "pg-test-instance" # Instance name + project_key = "projekt-alpha" # Owning project + version = 17 # PostgreSQL major version + flavor = { + cpu = 2 # vCPU count + ram = 4 # RAM in GB + } + storage = { + class = "premium-perf6-stackit" # Storage performance class + size = 20 # Size in GB + } + replicas = 1 # Number of read replicas + acl = ["0.0.0.0/0"] # CIDR(s) allowed to connect + backup_schedule = "00 00 * * *" # Daily at midnight (cron syntax) + + # Database users to create + users = [ + { + username = "adminusr" + roles = ["login", "createdb"] # Permissions granted + }, + { + username = "testusr" + roles = ["login"] + } + ] + + # Databases to provision + databases = [ + { + name = "testdb" + owner = "admin" # Owner user of the database + } + ] + } +} + + +# ----------------------------------------------------------------------------- +# Network Definitions +# ----------------------------------------------------------------------------- +networks = { + wan_network = { + name = "wan_network" + project_key = "projekt-beta" + ipv4_nameservers = ["1.1.1.1", "8.8.8.8"] # DNS resolvers + ipv4_prefix_length = 29 + ipv4_prefix = "192.168.10.248/29" # Subnet CIDR + routed = true + } +} + + +# ----------------------------------------------------------------------------- +# Observability (Metrics & Logs) Instances +# ----------------------------------------------------------------------------- +observability_instances = { + test = { + # Required instance settings + name = "test-observability" + project_key = "projekt-alpha" + plan_name = "Observability-Large-EU01" # Choose from allowed plan list + + # Optional network & retention settings + acl = ["192.168.100.10/32", "203.0.113.5/32"] + metrics_retention_days = 30 + metrics_retention_days_5m_downsampling = 10 + metrics_retention_days_1h_downsampling = 5 + + # Credentials management + create_credentials = true + credentials_count = 2 + + # Alert groups for metrics + alertgroups = { + test_group = { + name = "example-alert-group" + interval = "60s" + rules = [ + { + alert = "example-alert-name" + expression = "kube_node_status_condition{condition=\"Ready\", status=\"false\"} > 0" + for = "60s" + labels = { + severity = "critical" + } + annotations = { + summary = "example summary" + description = "example description" + } + }, + { + alert = "example-alert-name-2" + expression = "kube_node_status_condition{condition=\"Ready\", status=\"false\"} > 0" + for = "1m" + labels = { + severity = "critical" + } + annotations = { + summary = "example summary" + description = "example description" + } + }, + ] + } + } + + # Log-based alert groups + logalertgroups = { + example_log = { + name = "example-log-alert-group" + interval = "60m" + rules = [ + { + alert = "example-log-alert-name" + expression = "sum(rate({namespace=\"example\", pod=\"logger\"} |= \"Simulated error message\" [1m])) > 0" + for = "60s" + labels = { + severity = "critical" + } + annotations = { + summary = "example summary" + description = "example description" + } + }, + { + alert = "example-log-alert-name-2" + expression = "sum(rate({namespace=\"example\", pod=\"logger\"} |= \"Another error message\" [1m])) > 0" + for = "60s" + labels = { + severity = "critical" + } + annotations = { + summary = "example summary" + description = "example description" + } + }, + ] + } + } + + # Scrape configurations for Prometheus-style scraping + scrapeconfigs = { + example_job = { + name = "example-job" + metrics_path = "/my-metrics" + saml2 = { + enable_url_parameters = true + } + targets = [ + { + urls = ["url1", "urls2"] + labels = { + "url1" = "dev" + } + } + ] + } + } + } +} + + +# ----------------------------------------------------------------------------- +# SKE (Kubernetes) Clusters +# ----------------------------------------------------------------------------- +ske_clusters = { + "dev-cluster" = { + name = "cluster" + kubernetes_version_min = "1.32.5" + project_key = "projekt-alpha" + + node_pools = [ + { + name = "np" + machine_type = "g1.4" + availability_zones = ["eu01-2"] + minimum = 1 + maximum = 2 + volume_size = 21 + } + ] + } +}