final testing
This commit is contained in:
		
							parent
							
								
									16a204faa7
								
							
						
					
					
						commit
						96325e4c43
					
				
					 13 changed files with 505 additions and 274 deletions
				
			
		|  | @ -1,12 +1,39 @@ | ||||||
| module "project" { | resource "stackit_network_area" "project_sna" { | ||||||
|  |   organization_id  = var.organization_id | ||||||
|  |   name             = var.SNA_name | ||||||
|  |   network_ranges   = var.SNA_network_ranges | ||||||
|  |   transfer_network = var.SNA_transfer_network | ||||||
|  | } | ||||||
|  | 
 | ||||||
|  | module "projects" { | ||||||
|   source = "../project" |   source = "../project" | ||||||
| 
 | 
 | ||||||
|   name = "project-123" |   projects        = var.Projects_map | ||||||
|   labels = { |  | ||||||
|     "example" = "test" |  | ||||||
|   } |  | ||||||
|   organization_id = var.organization_id |   organization_id = var.organization_id | ||||||
|   owner_email     = "maximilian.schlenz@stackit.cloud" |   sna_id          = stackit_network_area.project_sna.network_area_id | ||||||
|  |   labels          = var.labels != null ? var.labels : {} | ||||||
|  | } | ||||||
|  | 
 | ||||||
|  | locals { | ||||||
|  |   project_ids = { for k, v in module.projects.created_projects : k => v.project_id } | ||||||
|  | } | ||||||
|  | 
 | ||||||
|  | module "stackit_ske_cluster" { | ||||||
|  |   source = "../ske" | ||||||
|  |   for_each = var.ske_clusters | ||||||
|  | 
 | ||||||
|  |   project_id = local.project_ids[each.value.project_key] | ||||||
|  |   name       = each.value.name | ||||||
|  |   node_pools = each.value.node_pools | ||||||
|  |   network    = { | ||||||
|  |     id = each.value.network_id | ||||||
|  |   } | ||||||
|  | 
 | ||||||
|  |   kubernetes_version_min = lookup(each.value, "kubernetes_version_min", null) | ||||||
|  |   hibernations           = lookup(each.value, "hibernations", null) | ||||||
|  |   maintenance            = lookup(each.value, "maintenance", null) | ||||||
|  |   extensions             = lookup(each.value, "extensions", null) | ||||||
|  |   default_region         = var.default_region | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| module "security_groups" { | module "security_groups" { | ||||||
|  | @ -14,7 +41,7 @@ module "security_groups" { | ||||||
| 
 | 
 | ||||||
|   for_each = var.security_groups |   for_each = var.security_groups | ||||||
| 
 | 
 | ||||||
|   project_id  = module.project.project_id |   project_id  = local.project_ids[each.value.project_key] | ||||||
|   name        = each.value.name |   name        = each.value.name | ||||||
|   description = each.value.description != null ? each.value.description : "" |   description = each.value.description != null ? each.value.description : "" | ||||||
|   rules       = each.value.rules |   rules       = each.value.rules | ||||||
|  | @ -33,10 +60,9 @@ module "net" { | ||||||
| 
 | 
 | ||||||
|   for_each = var.networks |   for_each = var.networks | ||||||
| 
 | 
 | ||||||
|   project_id = module.project.project_id |   project_id = local.project_ids[each.value.project_key] | ||||||
|   name       = each.value.name |   name       = each.value.name | ||||||
| 
 | 
 | ||||||
|   # IPv4 and IPv6 settings |  | ||||||
|   ipv4_gateway       = each.value.ipv4_gateway |   ipv4_gateway       = each.value.ipv4_gateway | ||||||
|   ipv4_nameservers   = each.value.ipv4_nameservers |   ipv4_nameservers   = each.value.ipv4_nameservers | ||||||
|   ipv4_prefix        = each.value.ipv4_prefix |   ipv4_prefix        = each.value.ipv4_prefix | ||||||
|  | @ -52,7 +78,6 @@ module "net" { | ||||||
|   routed          = each.value.routed |   routed          = each.value.routed | ||||||
|   labels          = each.value.labels |   labels          = each.value.labels | ||||||
| 
 | 
 | ||||||
|   # NIC options |  | ||||||
|   nics                       = each.value.nics |   nics                       = each.value.nics | ||||||
|   security_group_ids_by_name = local.security_group_ids_by_name |   security_group_ids_by_name = local.security_group_ids_by_name | ||||||
| } | } | ||||||
|  | @ -62,7 +87,7 @@ module "postgres" { | ||||||
| 
 | 
 | ||||||
|   for_each = var.postgres_instances |   for_each = var.postgres_instances | ||||||
| 
 | 
 | ||||||
|   project_id      = module.project.project_id |   project_id      = local.project_ids[each.value.project_key] | ||||||
|   name            = each.value.name |   name            = each.value.name | ||||||
|   ver             = each.value.version |   ver             = each.value.version | ||||||
|   flavor          = each.value.flavor |   flavor          = each.value.flavor | ||||||
|  | @ -74,22 +99,11 @@ module "postgres" { | ||||||
|   databases       = each.value.databases |   databases       = each.value.databases | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| # module "ske" { |  | ||||||
| #   source = "../ske" |  | ||||||
| 
 |  | ||||||
| #   for_each = var.ske_clusters |  | ||||||
| 
 |  | ||||||
| #   project_id             = module.project.project_id |  | ||||||
| #   name                   = each.value.name |  | ||||||
| #   kubernetes_version_min = each.value.kubernetes_version_min |  | ||||||
| #   node_pools             = each.value.node_pools |  | ||||||
| # } |  | ||||||
| 
 |  | ||||||
| module "observability" { | module "observability" { | ||||||
|   source   = "../observability" |   source   = "../observability" | ||||||
|   for_each = var.observability_instances |   for_each = var.observability_instances | ||||||
| 
 | 
 | ||||||
|   project_id = module.project.project_id |   project_id = local.project_ids[each.value.project_key] | ||||||
| 
 | 
 | ||||||
|   name      = each.value.name |   name      = each.value.name | ||||||
|   plan_name = each.value.plan_name |   plan_name = each.value.plan_name | ||||||
|  | @ -112,7 +126,6 @@ module "observability" { | ||||||
|   scrapeconfigs = each.value.scrapeconfigs |   scrapeconfigs = each.value.scrapeconfigs | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| 
 |  | ||||||
| output "obs_url" { | output "obs_url" { | ||||||
|   value = { |   value = { | ||||||
|     for key, instance in module.observability : |     for key, instance in module.observability : | ||||||
|  |  | ||||||
|  | @ -10,7 +10,7 @@ terraform { | ||||||
| 
 | 
 | ||||||
| provider "stackit" { | provider "stackit" { | ||||||
|   default_region           = var.region |   default_region           = var.region | ||||||
|   service_account_token    = var.service_account_token != "" ? var.service_account_token : null |   service_account_token    = var.service_account_token != null ? var.service_account_token : null | ||||||
|   service_account_key_path = var.service_account_key_path != "" ? var.service_account_key_path : null |   service_account_key_path = var.service_account_key_path != null ? var.service_account_key_path : null | ||||||
|   enable_beta_resources    = true |   enable_beta_resources    = true | ||||||
| } | } | ||||||
|  |  | ||||||
|  | @ -1,148 +1,176 @@ | ||||||
| region                   = "eu01" | organization_id = "03a34540-3c1a-4794-b2c6-7111ecf824ef" | ||||||
| service_account_token    = "" | 
 | ||||||
| project_id               = "" | Projects_map = { | ||||||
| organization_id          = "03a34540-3c1a-4794-b2c6-7111ecf824ef" |   "projekt-alpha" = { | ||||||
| service_account_key_path = "/Users/schlenz/sa-key-dd5fa2c9-1651-4da7-8404-9ac4fe9bc3d5.json" |     name        = "tf_modules_test_3_max" | ||||||
|  |     owner_email = "maximilian.schlenz@stackit.cloud" | ||||||
|  |   }, | ||||||
|  |   "projekt-beta" = { | ||||||
|  |     name        = "tf_modules_test_4_max" | ||||||
|  |     owner_email = "maximilian.schlenz@stackit.cloud" | ||||||
|  |   } | ||||||
|  | } | ||||||
|  | 
 | ||||||
|  | SNA_name = "sna-tf_modules_test" | ||||||
|  | 
 | ||||||
|  | SNA_network_ranges = [ | ||||||
|  |   { prefix = "192.168.10.0/24" } | ||||||
|  | ] | ||||||
|  | 
 | ||||||
|  | SNA_transfer_network = "172.16.0.0/24" | ||||||
| 
 | 
 | ||||||
| security_groups = { | security_groups = { | ||||||
|   # ssh_ingress_group = { |   ssh_ingress_group = { | ||||||
|   #   name        = "ssh-ingress-group" |     name        = "ssh-ingress-group" | ||||||
|   #   description = "ALLOW SSH ingress" |     project_key = "projekt-alpha" | ||||||
|   #   rules = [ |     description = "ALLOW SSH ingress" | ||||||
|   #     { description = "SSH RULE 1" |     rules = [ | ||||||
|   #       direction   = "ingress" |       { description = "SSH RULE 1" | ||||||
|   #       ether_type  = "IPv4" |         direction   = "ingress" | ||||||
|   #       ip_range    = "0.0.0.0/0" |         ether_type  = "IPv4" | ||||||
|   #       protocol = { |         ip_range    = "0.0.0.0/0" | ||||||
|   #         name = "tcp" |         protocol = { | ||||||
|   #       } |           name = "tcp" | ||||||
|   #       port_range = { |         } | ||||||
|   #         min = 22 |         port_range = { | ||||||
|   #         max = 22 |           min = 22 | ||||||
|   #       } |           max = 22 | ||||||
|   #     }, |         } | ||||||
|   #   ] |       }, | ||||||
|   # }, |     ] | ||||||
|  |   }, | ||||||
| 
 | 
 | ||||||
|   # web_traffic_group = { |   web_traffic_group = { | ||||||
|   #   name        = "web-traffic-group" |     name        = "web-traffic-group" | ||||||
|   #   description = "ALLOW WEB TRAFFIC ingress" |     project_key = "projekt-alpha" | ||||||
|   #   rules = [ |     description = "ALLOW WEB TRAFFIC ingress" | ||||||
|   #     { description = "ALLOW ALL 80" |     rules = [ | ||||||
|   #       direction   = "ingress" |       { description = "ALLOW ALL 80" | ||||||
|   #       ether_type  = "IPv4" |         direction   = "ingress" | ||||||
|   #       ip_range    = "0.0.0.0/0" |         ether_type  = "IPv4" | ||||||
|   #       protocol = { |         ip_range    = "0.0.0.0/0" | ||||||
|   #         name = "tcp" |         protocol = { | ||||||
|   #       } |           name = "tcp" | ||||||
|   #       port_range = { |         } | ||||||
|   #         min = 80 |         port_range = { | ||||||
|   #         max = 80 |           min = 80 | ||||||
|   #       } |           max = 80 | ||||||
|   #     }, |         } | ||||||
|   #     { description = "ALLOW ALL 443" |       }, | ||||||
|   #       direction   = "ingress" |       { description = "ALLOW ALL 443" | ||||||
|   #       ether_type  = "IPv4" |         direction   = "ingress" | ||||||
|   #       ip_range    = "0.0.0.0/0" |         ether_type  = "IPv4" | ||||||
|   #       protocol = { |         ip_range    = "0.0.0.0/0" | ||||||
|   #         name = "tcp" |         protocol = { | ||||||
|   #       } |           name = "tcp" | ||||||
|   #       port_range = { |         } | ||||||
|   #         min = 443 |         port_range = { | ||||||
|   #         max = 443 |           min = 443 | ||||||
|   #       } |           max = 443 | ||||||
|   #     }, |         } | ||||||
|   #   ] |       }, | ||||||
|   # }, |     ] | ||||||
|  |   }, | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| postgres_instances = { | postgres_instances = { | ||||||
|   # dev = { |   dev = { | ||||||
|   #   name    = "pg-test-instance" |     name    = "pg-test-instance" | ||||||
|   #   version = 17 |     project_key = "projekt-alpha" | ||||||
|   #   flavor = { |     version = 17 | ||||||
|   #     cpu = 2, |     flavor = { | ||||||
|   #     ram = 4 |       cpu = 2, | ||||||
|   #   } |       ram = 4 | ||||||
|   #   storage = { |     } | ||||||
|   #     class = "premium-perf6-stackit", |     storage = { | ||||||
|   #     size  = 20 |       class = "premium-perf6-stackit", | ||||||
|   #   } |       size  = 20 | ||||||
|   #   replicas        = 1 |     } | ||||||
|   #   acl             = ["0.0.0.0/0"] |     replicas        = 1 | ||||||
|   #   backup_schedule = "00 00 * * *" |     acl             = ["0.0.0.0/0"] | ||||||
|  |     backup_schedule = "00 00 * * *" | ||||||
| 
 | 
 | ||||||
|   #   users = [ |     users = [ | ||||||
|   #     { username = "adminusr", |       { username = "adminusr", | ||||||
|   #       roles    = ["login", "createdb"] |         roles    = ["login", "createdb"] | ||||||
|   #     }, |       }, | ||||||
|   #     { username = "testusr", |       { username = "testusr", | ||||||
|   #       roles    = ["login"] |         roles    = ["login"] | ||||||
|   #     } |       } | ||||||
|   #   ] |     ] | ||||||
| 
 | 
 | ||||||
|   #   databases = [ |     databases = [ | ||||||
|   #     { |       { | ||||||
|   #       name  = "testdb", |         name  = "testdb", | ||||||
|   #       owner = "admin" |         owner = "admin" | ||||||
|   #     } |       } | ||||||
|   #   ] |     ] | ||||||
|   # } |   } | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| networks = { | networks = { | ||||||
|   # wan_network = { |   wan_network = { | ||||||
|   #   name               = "wan_network" |     name               = "wan_network" | ||||||
|   #   ipv4_nameservers   = ["1.1.1.1", "8.8.8.8"] |     project_key            = "projekt-alpha" | ||||||
|   #   ipv4_prefix_length = 24 |     ipv4_nameservers   = ["1.1.1.1", "8.8.8.8"] | ||||||
|   #   ipv4_prefix        = "10.219.0.0/24" |     ipv4_prefix_length = 24 | ||||||
|   #   routed             = true |     ipv4_prefix        = "10.219.0.0/24" | ||||||
|   # } |     routed             = true | ||||||
|   # lan_network1 = { |   } | ||||||
|   #   name               = "lan_network1" |   lan_network1 = { | ||||||
|   #   ipv4_prefix_length = 24 |     name               = "lan_network1" | ||||||
|   #   ipv4_prefix        = "10.220.1.0/24" |     project_key            = "projekt-alpha" | ||||||
|   #   routed             = true |     ipv4_nameservers   = ["1.1.1.1", "8.8.8.8"] | ||||||
|   #   nics = { |     ipv4_prefix_length = 24 | ||||||
|   #     p2_lan1 = { |     ipv4_prefix        = "10.220.1.0/24" | ||||||
|   #       nic_name     = "P2LAN1" |     routed             = true | ||||||
|   #       nic_ipv4     = "10.220.1.32" |     nics = { | ||||||
|   #       nic_security = true |       p2_lan1 = { | ||||||
|   #       nic_security_group_names = ["ssh-ingress-group"] |         nic_name     = "P2LAN1" | ||||||
|   #     } |         nic_ipv4     = "10.220.1.32" | ||||||
|   #   } |         nic_security = true | ||||||
|   # } |         nic_security_group_names = ["ssh-ingress-group"] | ||||||
|   # lan_network2 = { |       } | ||||||
|   #   name               = "lan_network2" |     } | ||||||
|   #   ipv4_prefix_length = 24 |   } | ||||||
|   #   ipv4_prefix        = "10.221.0.0/24" |   lan_network2 = { | ||||||
|   #   routed             = true |     name               = "lan_network2" | ||||||
|   # } |     project_key            = "projekt-alpha" | ||||||
|   # lan_network3 = { |     ipv4_nameservers   = ["1.1.1.1", "8.8.8.8"] | ||||||
|   #   name               = "lan_network3" |     ipv4_prefix_length = 24 | ||||||
|   #   ipv4_nameservers   = ["1.1.1.1", "8.8.8.8"] |     ipv4_prefix        = "10.221.0.0/24" | ||||||
|   #   ipv4_prefix_length = 24 |     routed             = true | ||||||
|   #   ipv4_prefix        = "10.223.3.0/24" |   } | ||||||
|   #   routed             = true |   lan_network3 = { | ||||||
|   # } |     name               = "lan_network3" | ||||||
|   # wan = { |     project_key            = "projekt-alpha" | ||||||
|   #   name               = "MGMT" |     ipv4_nameservers   = ["1.1.1.1", "8.8.8.8"] | ||||||
|   #   ipv4_nameservers   = ["1.1.1.1", "8.8.8.8"] |     ipv4_prefix_length = 24 | ||||||
|   #   ipv4_prefix_length = 24 |     ipv4_prefix        = "10.223.3.0/24" | ||||||
|   #   nic_ipv4           = "10.224.0.254" |     routed             = true | ||||||
|   # } |   } | ||||||
|  |   wan = { | ||||||
|  |     name               = "MGMT" | ||||||
|  |     project_key            = "projekt-alpha" | ||||||
|  |     ipv4_nameservers   = ["1.1.1.1", "8.8.8.8"] | ||||||
|  |     ipv4_prefix_length = 24 | ||||||
|  |     nic_ipv4           = "10.224.0.254" | ||||||
|  |   } | ||||||
| 
 | 
 | ||||||
|   # db = { |   db = { | ||||||
|   #   name         = "db-net" |     name         = "db-net" | ||||||
|   #   nic_ipv4     = "10.0.0.126" |     project_key            = "projekt-alpha" | ||||||
|   #   nic_security = true |     ipv4_nameservers   = ["1.1.1.1", "8.8.8.8"] | ||||||
|   # } |     nic_ipv4     = "10.0.0.126" | ||||||
|  |     nic_security = true | ||||||
|  |   } | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| observability_instances = { | observability_instances = { | ||||||
|   test = { |   test = { | ||||||
|     # Required |     # Required | ||||||
|     name      = "test-observability" |     name      = "test-observability" | ||||||
|  |     project_key = "projekt-alpha" | ||||||
|     plan_name = "Observability-Large-EU01" |     plan_name = "Observability-Large-EU01" | ||||||
| 
 | 
 | ||||||
|     # Optional instance settings |     # Optional instance settings | ||||||
|  | @ -248,43 +276,70 @@ observability_instances = { | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| ske_clusters = { | ske_clusters = { | ||||||
|   #   dev = { |  | ||||||
|   #     name                   = "dev-cluster" |  | ||||||
|   #     kubernetes_version_min = "1.31" |  | ||||||
|   #     node_pools = [ |  | ||||||
|   #       { name               = "default" |  | ||||||
|   #         machine_type       = "c2.1" |  | ||||||
|   #         availability_zones = ["eu01-1", "eu01-2"] |  | ||||||
|   #         volume_size        = 40 |  | ||||||
|   #         minimum            = 1 |  | ||||||
|   #         maximum            = 3 |  | ||||||
|   #       } |  | ||||||
|   #     ] |  | ||||||
|   #   } |  | ||||||
| 
 | 
 | ||||||
|   #   staging = { |   "prod-cluster" = { | ||||||
|   #     name                   = "staging-cluster" |     name                   = "clusterprod"  | ||||||
|   #     kubernetes_version_min = "1.31" |     project_key            = "projekt-alpha" | ||||||
|   #     node_pools = [ |     network_id             = "53917a75-0014-49b0-a4d6-e62934ab479f" # WICHTIG: Hier die Netzwerk-ID connecten | ||||||
|   #       { name               = "general" |     kubernetes_version_min = "1.32.5" | ||||||
|   #         machine_type       = "c2.2" |  | ||||||
|   #         availability_zones = ["eu03-1", "eu03-2"] |  | ||||||
|   #         volume_size        = 80 |  | ||||||
|   #         minimum            = 2 |  | ||||||
|   #         maximum            = 4 |  | ||||||
|   #       } |  | ||||||
|   #     ] |  | ||||||
|   #   } |  | ||||||
|   # } |  | ||||||
| 
 | 
 | ||||||
|   # observability_instances = { |     node_pools = [ | ||||||
|   #   starter = { |       { | ||||||
|   #     name      = "Observability-1" |         name               = "defaulpool" | ||||||
|   #     plan_name = "Observability-Starter-EU01" |         machine_type       = "c1.2" | ||||||
|   #   } |         availability_zones = ["eu01-1"] | ||||||
|  |         minimum            = 1 | ||||||
|  |         maximum            = 2 | ||||||
|  |         cri                = "containerd" | ||||||
|  |         volume_type        = "storage_premium_perf1" | ||||||
|  |         volume_size        = 21 | ||||||
|  |         labels             = { "worker" = "default" } | ||||||
|  |         taints = [{ | ||||||
|  |           effect = "NoSchedule" | ||||||
|  |           key    = "app" | ||||||
|  |           value  = "database" | ||||||
|  |         }] | ||||||
|  |       } | ||||||
|  |     ] | ||||||
| 
 | 
 | ||||||
|   #   prod = { |     hibernations = [ | ||||||
|   #     name      = "Observability-2" |       { | ||||||
|   #     plan_name = "Observability-Large-EU01" |         start    = "00 18 * * 1-5" # Mo-Fr um 18:00 Uhr | ||||||
|   #   } |         end      = "00 08 * * 1-5" # Mo-Fr um 08:00 Uhr | ||||||
|  |         timezone = "Europe/Berlin" | ||||||
|  |       } | ||||||
|  |     ] | ||||||
|  | 
 | ||||||
|  |     maintenance = { | ||||||
|  |       enable_kubernetes_version_updates  = true | ||||||
|  |       enable_machine_image_version_updates = true | ||||||
|  |       start                              = "01:00:00Z" | ||||||
|  |       end                                = "03:00:00Z" | ||||||
|  |     } | ||||||
|  | 
 | ||||||
|  |     extensions = { | ||||||
|  |       acl = { | ||||||
|  |         enabled       = true | ||||||
|  |         allowed_cidrs = ["0.0.0.0/0"] | ||||||
|  |       } | ||||||
|  |     } | ||||||
|  |   }, | ||||||
|  |    | ||||||
|  |   "dev-cluster" = { | ||||||
|  |     name        = "clusterdev" | ||||||
|  |     kubernetes_version_min = "1.32.5" | ||||||
|  |     project_key = "projekt-beta" | ||||||
|  |     network_id  = "bedfc709-9285-4078-93ab-8e8a1c0be6bd" # WICHTIG: Hier die Netzwerk-ID connecten | ||||||
|  | 
 | ||||||
|  |     node_pools = [ | ||||||
|  |       { | ||||||
|  |         name               = "devpool" | ||||||
|  |         machine_type       = "c1.2" | ||||||
|  |         availability_zones = ["eu01-2"] | ||||||
|  |         minimum            = 1 | ||||||
|  |         maximum            = 2 | ||||||
|  |         volume_size        = 21  | ||||||
|  |       } | ||||||
|  |     ] | ||||||
|  |   } | ||||||
| } | } | ||||||
|  | @ -7,33 +7,65 @@ variable "region" { | ||||||
| variable "project_id" { | variable "project_id" { | ||||||
|   description = "STACKIT Cloud project ID" |   description = "STACKIT Cloud project ID" | ||||||
|   type        = string |   type        = string | ||||||
|  |   default     = null | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| variable "service_account_token" { | variable "service_account_token" { | ||||||
|   description = "Service account token for authentication" |   description = "Service account token for authentication" | ||||||
|   sensitive   = true |   sensitive   = true | ||||||
|   type        = string |   type        = string | ||||||
|  |   default     = null | ||||||
|  | } | ||||||
|  | 
 | ||||||
|  | # SNA & Projects variables | ||||||
|  | 
 | ||||||
|  | variable "organization_id" { | ||||||
|  |   description = "Die Container-ID deiner STACKIT Organisation." | ||||||
|  |   type        = string | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| variable "service_account_key_path" { | variable "service_account_key_path" { | ||||||
|  |   type        = string | ||||||
|  |   default = "/users/schlenz/.stackit/sa.json" | ||||||
|  | } | ||||||
|  | 
 | ||||||
|  | variable "default_region" { | ||||||
|   type    = string |   type    = string | ||||||
|   default = "" |   default = "eu01" | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| variable "organization_id" { | variable "SNA_name" { | ||||||
|   description = "Organization ID" |   description = "Name der zu erstellenden Service Network Area." | ||||||
|   type        = string |   type        = string | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| variable "owner_email" { | variable "SNA_network_ranges" { | ||||||
|   description = "Email of the project owner" |   description = "Liste der Netzwerk-CIDRs für die SNA." | ||||||
|  |   type        = list(object({ prefix = string })) | ||||||
|  | } | ||||||
|  | 
 | ||||||
|  | variable "SNA_transfer_network" { | ||||||
|  |   description = "Das Transfer-Netzwerk für die SNA (z.B. 172.16.9.0/24)." | ||||||
|   type        = string |   type        = string | ||||||
|   default     = null | } | ||||||
|  | 
 | ||||||
|  | variable "Projects_map" { | ||||||
|  |   description = "Eine Map von Projekten, die erstellt werden sollen." | ||||||
|  |   type = map(object({ | ||||||
|  |     name        = string | ||||||
|  |     owner_email = string | ||||||
|  |   })) | ||||||
|  | } | ||||||
|  | 
 | ||||||
|  | variable "labels" { | ||||||
|  |   type    = map(string) | ||||||
|  |   default = {} | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| variable "security_groups" { | variable "security_groups" { | ||||||
|   type = map(object({ |   type = map(object({ | ||||||
|     name        = optional(string) |     name        = optional(string) | ||||||
|  |     project_key = string | ||||||
|     description = optional(string) |     description = optional(string) | ||||||
|     rules = list(object({ |     rules = list(object({ | ||||||
|       direction   = string |       direction   = string | ||||||
|  | @ -60,6 +92,7 @@ variable "security_groups" { | ||||||
| variable "postgres_instances" { | variable "postgres_instances" { | ||||||
|   type = map(object({ |   type = map(object({ | ||||||
|     name            = string |     name            = string | ||||||
|  |     project_key = string | ||||||
|     version         = number |     version         = number | ||||||
|     flavor          = object({ cpu = number, ram = number }) |     flavor          = object({ cpu = number, ram = number }) | ||||||
|     storage         = object({ class = string, size = number }) |     storage         = object({ class = string, size = number }) | ||||||
|  | @ -81,7 +114,7 @@ variable "postgres_instances" { | ||||||
| variable "networks" { | variable "networks" { | ||||||
|   type = map(object({ |   type = map(object({ | ||||||
|     name = string |     name = string | ||||||
| 
 |     project_key = string | ||||||
|     # IPv4 settings |     # IPv4 settings | ||||||
|     ipv4_gateway       = optional(string) |     ipv4_gateway       = optional(string) | ||||||
|     ipv4_nameservers   = optional(list(string)) |     ipv4_nameservers   = optional(list(string)) | ||||||
|  | @ -100,7 +133,7 @@ variable "networks" { | ||||||
|     no_ipv6_gateway = optional(bool) |     no_ipv6_gateway = optional(bool) | ||||||
|     routed          = optional(bool) |     routed          = optional(bool) | ||||||
| 
 | 
 | ||||||
|     # NIC‑specific options |     # NIC-specific options | ||||||
|     nics = optional(map(object({ |     nics = optional(map(object({ | ||||||
|       nic_ipv4                 = optional(string) |       nic_ipv4                 = optional(string) | ||||||
|       nic_name                 = string |       nic_name                 = string | ||||||
|  | @ -115,20 +148,62 @@ variable "networks" { | ||||||
|   default = {} |   default = {} | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| 
 |  | ||||||
| variable "ske_clusters" { | variable "ske_clusters" { | ||||||
|  |   description = "Eine Map von SKE-Clustern" | ||||||
|   type = map(object({ |   type = map(object({ | ||||||
|     name                   = string | 
 | ||||||
|     kubernetes_version_min = string |     name        = string | ||||||
|  |     project_key = string | ||||||
|  |     network_id  = string | ||||||
|  | 
 | ||||||
|  |     kubernetes_version_min = optional(string) | ||||||
|  |     hibernations = optional(list(object({ | ||||||
|  |       start    = string | ||||||
|  |       end      = string | ||||||
|  |       timezone = optional(string) | ||||||
|  |     }))) | ||||||
|  |     maintenance = optional(object({ | ||||||
|  |       enable_kubernetes_version_updates  = bool | ||||||
|  |       enable_machine_image_version_updates = bool | ||||||
|  |       start                              = string | ||||||
|  |       end                                = string | ||||||
|  |     })) | ||||||
|  |     extensions = optional(object({ | ||||||
|  |       acl = optional(object({ | ||||||
|  |         enabled       = bool | ||||||
|  |         allowed_cidrs = list(string) | ||||||
|  |       })) | ||||||
|  |       argus = optional(object({ | ||||||
|  |         enabled           = bool | ||||||
|  |         argus_instance_id = string | ||||||
|  |       })) | ||||||
|  |     })) | ||||||
|  | 
 | ||||||
|     node_pools = list(object({ |     node_pools = list(object({ | ||||||
|  | 
 | ||||||
|       name               = string |       name               = string | ||||||
|       machine_type       = string |       machine_type       = string | ||||||
|       availability_zones = list(string) |       availability_zones = list(string) | ||||||
|       volume_size        = number |  | ||||||
|       minimum            = number |       minimum            = number | ||||||
|       maximum            = number |       maximum            = number | ||||||
|  | 
 | ||||||
|  |       allow_system_components = optional(bool) | ||||||
|  |       cri                     = optional(string) | ||||||
|  |       labels                  = optional(map(string)) | ||||||
|  |       max_surge               = optional(number) | ||||||
|  |       max_unavailable         = optional(number) | ||||||
|  |       os_name                 = optional(string) | ||||||
|  |       os_version_min          = optional(string) | ||||||
|  |       volume_size             = optional(number) | ||||||
|  |       volume_type             = optional(string) | ||||||
|  |       taints = optional(list(object({ | ||||||
|  |         effect = string | ||||||
|  |         key    = string | ||||||
|  |         value  = optional(string) | ||||||
|  |       }))) | ||||||
|     })) |     })) | ||||||
|   })) |   })) | ||||||
|  |   default = {} | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| variable "observability_instances" { | variable "observability_instances" { | ||||||
|  | @ -136,6 +211,7 @@ variable "observability_instances" { | ||||||
|   type = map(object({ |   type = map(object({ | ||||||
|     # Required |     # Required | ||||||
|     name      = string |     name      = string | ||||||
|  |     project_key = string | ||||||
|     plan_name = string |     plan_name = string | ||||||
| 
 | 
 | ||||||
|     # Optional instance settings |     # Optional instance settings | ||||||
|  | @ -150,7 +226,7 @@ variable "observability_instances" { | ||||||
|     create_credentials = optional(bool, true) |     create_credentials = optional(bool, true) | ||||||
|     credentials_count  = optional(number, 1) |     credentials_count  = optional(number, 1) | ||||||
| 
 | 
 | ||||||
|     # alert‑groups |     # alert-groups | ||||||
|     alertgroups = optional(map(object({ |     alertgroups = optional(map(object({ | ||||||
|       name     = string |       name     = string | ||||||
|       interval = optional(string) |       interval = optional(string) | ||||||
|  | @ -163,7 +239,7 @@ variable "observability_instances" { | ||||||
|       })) |       })) | ||||||
|     })), {}) |     })), {}) | ||||||
| 
 | 
 | ||||||
|     # log‑alert‑groups |     # log-alert-groups | ||||||
|     logalertgroups = optional(map(object({ |     logalertgroups = optional(map(object({ | ||||||
|       name     = string |       name     = string | ||||||
|       interval = optional(string) |       interval = optional(string) | ||||||
|  | @ -176,7 +252,7 @@ variable "observability_instances" { | ||||||
|       })) |       })) | ||||||
|     })), {}) |     })), {}) | ||||||
| 
 | 
 | ||||||
|     # scrape‑configs |     # scrape-configs | ||||||
|     scrapeconfigs = optional(map(object({ |     scrapeconfigs = optional(map(object({ | ||||||
|       name         = string |       name         = string | ||||||
|       metrics_path = string |       metrics_path = string | ||||||
|  | @ -217,20 +293,20 @@ variable "observability_instances" { | ||||||
|       ], v.plan_name) |       ], v.plan_name) | ||||||
|     ]) |     ]) | ||||||
|     error_message = <<-EOM |     error_message = <<-EOM | ||||||
| One or more observability_instances specify an invalid plan_name. |   One or more observability_instances specify an invalid plan_name. | ||||||
| See the provider error output for the list of supported plans. Allowed values: |   See the provider error output for the list of supported plans. Allowed values: | ||||||
|   Observability-Medium-EU01 |       Observability-Medium-EU01 | ||||||
|   Observability-Monitoring-XL-EU01 |       Observability-Monitoring-XL-EU01 | ||||||
|   Observability-Large-EU01 |       Observability-Large-EU01 | ||||||
|   Observability-Monitoring-Basic-EU01 |       Observability-Monitoring-Basic-EU01 | ||||||
|   Observability-Monitoring-Large-EU01 |       Observability-Monitoring-Large-EU01 | ||||||
|   Observability-Basic-EU01 |       Observability-Basic-EU01 | ||||||
|   Observability-Monitoring-Medium-EU01 |       Observability-Monitoring-Medium-EU01 | ||||||
|   Observability-Monitoring-XXL-EU01 |       Observability-Monitoring-XXL-EU01 | ||||||
|   Observability-Metrics-Endpoint-100k-EU01 |       Observability-Metrics-Endpoint-100k-EU01 | ||||||
|   Observability-Frontend-Starter-EU01 |       Observability-Frontend-Starter-EU01 | ||||||
|   Observability-Monitoring-Starter-EU01 |       Observability-Monitoring-Starter-EU01 | ||||||
|   Observability-Starter-EU01 |       Observability-Starter-EU01 | ||||||
|   EOM |   EOM | ||||||
|   } |   } | ||||||
| } | } | ||||||
|  |  | ||||||
|  | @ -37,5 +37,15 @@ resource "stackit_network_interface" "nics" { | ||||||
|     [for name in each.value.nic_security_group_names : var.security_group_ids_by_name[name]] |     [for name in each.value.nic_security_group_names : var.security_group_ids_by_name[name]] | ||||||
|     : [] |     : [] | ||||||
|   ) |   ) | ||||||
|  |    | ||||||
|  |   lifecycle { | ||||||
|  |     precondition { | ||||||
|  |       condition = alltrue([ | ||||||
|  |         for sg_name in try(each.value.nic_security_group_names, []) : | ||||||
|  |         contains(keys(var.security_group_ids_by_name), sg_name) | ||||||
|  |       ]) | ||||||
|  |       error_message = "NIC '${each.key}' references unknown security group name(s)." | ||||||
|  |     } | ||||||
|  |   } | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
|  |  | ||||||
|  | @ -1,6 +1,14 @@ | ||||||
| resource "stackit_resourcemanager_project" "this" { | resource "stackit_resourcemanager_project" "project" { | ||||||
|  |   for_each = var.projects | ||||||
|  | 
 | ||||||
|   parent_container_id = var.organization_id |   parent_container_id = var.organization_id | ||||||
|   name                = var.name |   name                = each.value.name | ||||||
|   labels              = var.labels |   owner_email         = each.value.owner_email | ||||||
|   owner_email         = var.owner_email | 
 | ||||||
|  |   labels = merge( | ||||||
|  |     { | ||||||
|  |       "networkArea" = var.sna_id | ||||||
|  |     }, | ||||||
|  |     var.labels | ||||||
|  |   ) | ||||||
| } | } | ||||||
|  |  | ||||||
|  | @ -1,4 +1,4 @@ | ||||||
| output "project_id" { | output "created_projects" { | ||||||
|   value       = stackit_resourcemanager_project.this.project_id |   description = "Eine Map aller erstellten STACKIT Projekte." | ||||||
|   description = "ID of the project" |   value       = stackit_resourcemanager_project.project | ||||||
| } | } | ||||||
|  | @ -1,27 +1,21 @@ | ||||||
| variable "organization_id" { | variable "organization_id" { | ||||||
|   type = string |   description = "Empfängt die Container-ID der Organisation vom Root-Modul." | ||||||
|  |   type        = string | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| variable "name" { | variable "projects" { | ||||||
|   type = string |   type = map(object({ | ||||||
|  |     name        = string | ||||||
|  |     owner_email = string | ||||||
|  |   })) | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| variable "description" { | variable "sna_id" { | ||||||
|   type    = string |   description = "Empfängt die ID der Network Area vom Root-Modul." | ||||||
|   default = null |   type        = string | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| variable "labels" { | variable "labels" { | ||||||
|   type    = map(string) |   type    = map(string) | ||||||
|   default = {} |   default = {} | ||||||
| } | } | ||||||
| 
 |  | ||||||
| variable "project_id" { |  | ||||||
|   type    = string |  | ||||||
|   default = null |  | ||||||
| } |  | ||||||
| 
 |  | ||||||
| variable "owner_email" { |  | ||||||
|   type    = string |  | ||||||
|   default = null |  | ||||||
| } |  | ||||||
|  |  | ||||||
|  | @ -1,7 +1,3 @@ | ||||||
| locals { |  | ||||||
|   rule_count = length(var.rules) |  | ||||||
| } |  | ||||||
| 
 |  | ||||||
| resource "stackit_security_group" "this" { | resource "stackit_security_group" "this" { | ||||||
|   project_id  = var.project_id |   project_id  = var.project_id | ||||||
|   name        = var.name |   name        = var.name | ||||||
|  | @ -9,17 +5,19 @@ resource "stackit_security_group" "this" { | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| resource "stackit_security_group_rule" "rule" { | resource "stackit_security_group_rule" "rule" { | ||||||
|   count = local.rule_count |   for_each = { | ||||||
|  |     for idx, r in var.rules : idx => r | ||||||
|  |   } | ||||||
| 
 | 
 | ||||||
|   direction         = var.rules[count.index].direction |   direction         = each.value.direction | ||||||
|   project_id        = var.project_id |   project_id        = var.project_id | ||||||
|   security_group_id = stackit_security_group.this.security_group_id |   security_group_id = stackit_security_group.this.security_group_id | ||||||
| 
 | 
 | ||||||
|   description              = var.rules[count.index].description |   description              = each.value.description | ||||||
|   ether_type               = var.rules[count.index].ether_type |   ether_type               = each.value.ether_type | ||||||
|   icmp_parameters          = var.rules[count.index].icmp_parameters |   icmp_parameters          = each.value.icmp_parameters | ||||||
|   ip_range                 = var.rules[count.index].ip_range |   ip_range                 = each.value.ip_range | ||||||
|   port_range               = var.rules[count.index].port_range |   port_range               = each.value.port_range | ||||||
|   protocol                 = var.rules[count.index].protocol |   protocol                 = each.value.protocol | ||||||
|   remote_security_group_id = var.rules[count.index].remote_security_group_id |   remote_security_group_id = each.value.remote_security_group_id | ||||||
| } | } | ||||||
|  |  | ||||||
							
								
								
									
										13
									
								
								ske/main.tf
									
									
									
									
									
								
							
							
						
						
									
										13
									
								
								ske/main.tf
									
									
									
									
									
								
							|  | @ -1,8 +1,13 @@ | ||||||
| resource "stackit_ske_cluster" "this" { | resource "stackit_ske_cluster" "this" { | ||||||
|   project_id             = var.project_id |   project_id = var.project_id | ||||||
|   name                   = var.name |   name       = var.name | ||||||
|   kubernetes_version_min = var.kubernetes_version_min |   node_pools = var.node_pools | ||||||
|   node_pools             = var.node_pools |   kubernetes_version_min      = var.kubernetes_version_min | ||||||
|  |   hibernations                = var.hibernations | ||||||
|  |   maintenance                 = var.maintenance | ||||||
|  |   extensions                  = var.extensions | ||||||
|  |   network                     = var.network | ||||||
|  |   region                      = var.default_region | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| resource "stackit_ske_kubeconfig" "admin" { | resource "stackit_ske_kubeconfig" "admin" { | ||||||
|  |  | ||||||
|  | @ -3,7 +3,7 @@ terraform { | ||||||
|   required_providers { |   required_providers { | ||||||
|     stackit = { |     stackit = { | ||||||
|       source  = "stackitcloud/stackit" |       source  = "stackitcloud/stackit" | ||||||
|       version = "0.56.0" |       version = "0.54.0" | ||||||
|     } |     } | ||||||
|   } |   } | ||||||
| } | } | ||||||
|  |  | ||||||
|  | @ -1,22 +1,94 @@ | ||||||
| variable "project_id" { | variable "project_id" { | ||||||
|   type = string |   description = "STACKIT project ID to which the cluster is associated." | ||||||
|  |   type        = string | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| variable "name" { | variable "name" { | ||||||
|   type = string |   description = "The cluster name." | ||||||
| } |   type        = string | ||||||
| 
 |  | ||||||
| variable "kubernetes_version_min" { |  | ||||||
|   type = string |  | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| variable "node_pools" { | variable "node_pools" { | ||||||
|  |   description = "One or more node_pool blocks." | ||||||
|   type = list(object({ |   type = list(object({ | ||||||
|     name               = string |     name                      = string | ||||||
|     machine_type       = string |     machine_type              = string | ||||||
|     availability_zones = list(string) |     availability_zones        = list(string) | ||||||
|     volume_size        = number |     minimum                   = number | ||||||
|     minimum            = number |     maximum                   = number | ||||||
|     maximum            = number |     allow_system_components   = optional(bool) | ||||||
|  |     cri                       = optional(string) | ||||||
|  |     labels                    = optional(map(string)) | ||||||
|  |     max_surge                 = optional(number) | ||||||
|  |     max_unavailable           = optional(number) | ||||||
|  |     os_name                   = optional(string) | ||||||
|  |     os_version_min            = optional(string) | ||||||
|  |     taints                    = optional(list(object({ | ||||||
|  |       effect = string | ||||||
|  |       key    = string | ||||||
|  |       value  = optional(string) | ||||||
|  |     }))) | ||||||
|  |     volume_size               = optional(number) | ||||||
|  |     volume_type               = optional(string) | ||||||
|   })) |   })) | ||||||
| } | } | ||||||
|  | 
 | ||||||
|  | # Optionale Variablen | ||||||
|  | variable "kubernetes_version_min" { | ||||||
|  |   description = "The minimum Kubernetes version." | ||||||
|  |   type        = string | ||||||
|  |   default     = null | ||||||
|  | } | ||||||
|  | 
 | ||||||
|  | variable "hibernations" { | ||||||
|  |   description = "A list of hibernation schedules for the cluster." | ||||||
|  |   type = list(object({ | ||||||
|  |     start    = string | ||||||
|  |     end      = string | ||||||
|  |     timezone = optional(string) | ||||||
|  |   })) | ||||||
|  |   default = null | ||||||
|  | } | ||||||
|  | 
 | ||||||
|  | variable "maintenance" { | ||||||
|  |   description = "A single maintenance block." | ||||||
|  |   type = object({ | ||||||
|  |     enable_kubernetes_version_updates    = bool | ||||||
|  |     enable_machine_image_version_updates = bool | ||||||
|  |     start                                = string | ||||||
|  |     end                                  = string | ||||||
|  |   }) | ||||||
|  |   default = null | ||||||
|  | } | ||||||
|  | variable "extensions" { | ||||||
|  |   description = "A single extensions block." | ||||||
|  |   type = object({ | ||||||
|  |     acl = optional(object({ | ||||||
|  |       enabled       = bool | ||||||
|  |       allowed_cidrs = list(string) | ||||||
|  |     })) | ||||||
|  |     argus = optional(object({ | ||||||
|  |       enabled           = bool | ||||||
|  |       argus_instance_id = string | ||||||
|  |     })) | ||||||
|  |     dns = optional(object({ | ||||||
|  |         enabled = bool | ||||||
|  |         zones   = optional(list(string)) | ||||||
|  |     })) | ||||||
|  |   }) | ||||||
|  |   default = null | ||||||
|  | } | ||||||
|  | 
 | ||||||
|  | variable "network" { | ||||||
|  |   description = "Network block." | ||||||
|  |   type = object({ | ||||||
|  |     id = string | ||||||
|  |   }) | ||||||
|  |   default = null | ||||||
|  | } | ||||||
|  | 
 | ||||||
|  | variable "default_region" { | ||||||
|  |   description = "The resource region." | ||||||
|  |   type        = string | ||||||
|  |   default     = null | ||||||
|  | } | ||||||
		Loading…
	
		Reference in a new issue