Compare commits
	
		
			9 commits
		
	
	
		
	
	| Author | SHA1 | Date | |
|---|---|---|---|
| fa1b669670 | |||
| 0dc69a66dd | |||
| f9b7fb71eb | |||
| 8c146a76b5 | |||
| 93f2af55c7 | |||
| 8ec98bf1da | |||
| ea99fca002 | |||
| 5db4a90b93 | |||
| 74b09c73e5 | 
					 16 changed files with 589 additions and 327 deletions
				
			
		|  | @ -1,66 +1,18 @@ | ||||||
| module "security_groups" { | module "project" { | ||||||
|   source = "../security-group" |   source   = "../project" | ||||||
|  |   for_each = var.projects | ||||||
| 
 | 
 | ||||||
|   for_each = var.security_groups |   organization_id = each.value.organization_id | ||||||
| 
 |  | ||||||
|   project_id  = var.project_id |  | ||||||
|   name            = each.value.name |   name            = each.value.name | ||||||
|   description = each.value.description | 
 | ||||||
|   rules       = each.value.rules |   description = each.value.description != null ? each.value.description : null | ||||||
|  |   labels      = each.value.labels != {} ? each.value.labels : {} | ||||||
|  | 
 | ||||||
|  |   owner_email = each.value.owner_email | ||||||
|  | 
 | ||||||
|  |   security_groups         = each.value.security_groups | ||||||
|  |   networks                = each.value.networks | ||||||
|  |   postgres_instances      = each.value.postgres_instances | ||||||
|  |   ske_clusters            = each.value.ske_clusters | ||||||
|  |   observability_instances = each.value.observability_instances | ||||||
| } | } | ||||||
| 
 |  | ||||||
| # module "postgres" { |  | ||||||
| #   source = "../postgres" |  | ||||||
| 
 |  | ||||||
| #   for_each = var.postgres_instances |  | ||||||
| 
 |  | ||||||
| #   project_id      = var.project_id |  | ||||||
| #   name            = each.value.name |  | ||||||
| #   ver             = each.value.version |  | ||||||
| #   flavor          = each.value.flavor |  | ||||||
| #   storage         = each.value.storage |  | ||||||
| #   replicas        = each.value.replicas |  | ||||||
| #   acl             = each.value.acl |  | ||||||
| #   backup_schedule = each.value.backup_schedule |  | ||||||
| #   users           = each.value.users |  | ||||||
| #   databases       = each.value.databases |  | ||||||
| # } |  | ||||||
| 
 |  | ||||||
| # module "net" { |  | ||||||
| #   source = "../network" |  | ||||||
| 
 |  | ||||||
| #   for_each = var.routed_networks |  | ||||||
| 
 |  | ||||||
| #   project_id = var.project_id |  | ||||||
| #   name       = each.value.name |  | ||||||
| 
 |  | ||||||
| #   ipv4_nameservers = each.value.ipv4_nameservers |  | ||||||
| #   labels           = each.value.labels |  | ||||||
| 
 |  | ||||||
| #   static_ipv4            = each.value.static_ipv4 |  | ||||||
| #   nic_name               = each.value.nic_name |  | ||||||
| #   nic_allowed_addresses  = each.value.nic_allowed_addresses |  | ||||||
| #   nic_labels             = each.value.nic_labels |  | ||||||
| #   nic_security           = each.value.nic_security |  | ||||||
| #   nic_security_group_ids = each.value.nic_security_group_ids |  | ||||||
| # } |  | ||||||
| 
 |  | ||||||
| # module "ske" { |  | ||||||
| #   source = "../ske" |  | ||||||
| 
 |  | ||||||
| #   for_each = var.ske_clusters |  | ||||||
| 
 |  | ||||||
| #   project_id             = var.project_id |  | ||||||
| #   name                   = each.value.name |  | ||||||
| #   kubernetes_version_min = each.value.kubernetes_version_min |  | ||||||
| #   node_pools             = each.value.node_pools |  | ||||||
| # } |  | ||||||
| 
 |  | ||||||
| # module "observability" { |  | ||||||
| #   source = "../observability" |  | ||||||
| 
 |  | ||||||
| #   for_each   = var.observability_instances |  | ||||||
| #   project_id = var.project_id |  | ||||||
| #   name       = each.value.name |  | ||||||
| #   plan_name  = each.value.plan_name |  | ||||||
| # } |  | ||||||
|  |  | ||||||
|  | @ -10,6 +10,7 @@ terraform { | ||||||
| 
 | 
 | ||||||
| provider "stackit" { | provider "stackit" { | ||||||
|   default_region           = var.region |   default_region           = var.region | ||||||
|   service_account_token = var.service_account_token |   service_account_token    = var.service_account_token != "" ? var.service_account_token : null | ||||||
|  |   service_account_key_path = var.service_account_key_path != "" ? var.service_account_key_path : null | ||||||
|   enable_beta_resources    = true |   enable_beta_resources    = true | ||||||
| } | } | ||||||
|  | @ -1,8 +1,54 @@ | ||||||
| region                   = "eu01" | region                   = "eu01" | ||||||
| service_account_token = "" | service_account_key_path = "/Users/schlenz/sa-key-dd5fa2c9-1651-4da7-8404-9ac4fe9bc3d5.json" | ||||||
| project_id            = "" |  | ||||||
| 
 | 
 | ||||||
| security_groups = { | projects = { | ||||||
|  |   project_1 = { | ||||||
|  |     name            = "project-1" | ||||||
|  |     organization_id = "03a34540-3c1a-4794-b2c6-7111ecf824ef" | ||||||
|  |     owner_email     = "maximilian.schlenz@stackit.cloud" | ||||||
|  | 
 | ||||||
|  |     postgres_instances = { | ||||||
|  |       dev = { | ||||||
|  |         name    = "pg-test-instance" | ||||||
|  |         version = 17 | ||||||
|  |         flavor = { | ||||||
|  |           cpu = 2, | ||||||
|  |           ram = 4 | ||||||
|  |         } | ||||||
|  |         storage = { | ||||||
|  |           class = "premium-perf6-stackit", | ||||||
|  |           size  = 20 | ||||||
|  |         } | ||||||
|  |         replicas        = 1 | ||||||
|  |         acl             = ["0.0.0.0/0"] | ||||||
|  |         backup_schedule = "00 00 * * *" | ||||||
|  | 
 | ||||||
|  |         users = [ | ||||||
|  |           { username = "adm-usr", | ||||||
|  |             roles    = ["login", "createdb"] | ||||||
|  |           }, | ||||||
|  |           { username = "testusr", | ||||||
|  |             roles    = ["login"] | ||||||
|  |           } | ||||||
|  |         ] | ||||||
|  | 
 | ||||||
|  |         databases = [ | ||||||
|  |           { | ||||||
|  |             name  = "test-db", | ||||||
|  |             owner = "admin" | ||||||
|  |           } | ||||||
|  |         ] | ||||||
|  |       } | ||||||
|  |     } | ||||||
|  | 
 | ||||||
|  |     networks = { | ||||||
|  |       tiny = { | ||||||
|  |         name               = "tiny-net" | ||||||
|  |         ipv4_prefix_length = 28 | ||||||
|  |         labels = { | ||||||
|  |           purpose = "test" | ||||||
|  |         } | ||||||
|  |         security_groups = { | ||||||
|           ssh_ingress_group = { |           ssh_ingress_group = { | ||||||
|             name        = "ssh-ingress-group" |             name        = "ssh-ingress-group" | ||||||
|             description = "ALLOW SSH ingress" |             description = "ALLOW SSH ingress" | ||||||
|  | @ -16,7 +62,7 @@ security_groups = { | ||||||
|                 } |                 } | ||||||
|                 port_range = { |                 port_range = { | ||||||
|                   min = 22 |                   min = 22 | ||||||
|           max = 22 |                   max = 23 | ||||||
|                 } |                 } | ||||||
|               }, |               }, | ||||||
|             ] |             ] | ||||||
|  | @ -52,90 +98,54 @@ security_groups = { | ||||||
|               }, |               }, | ||||||
|             ] |             ] | ||||||
|           }, |           }, | ||||||
| 
 |  | ||||||
| } |  | ||||||
| 
 |  | ||||||
| postgres_instances = { |  | ||||||
|   dev = { |  | ||||||
|     name    = "pg-test-instance" |  | ||||||
|     version = 17 |  | ||||||
|     flavor = { |  | ||||||
|       cpu = 2, |  | ||||||
|       ram = 4 |  | ||||||
|         } |         } | ||||||
|     storage = { |         network_static = { | ||||||
|       class = "premium-perf6-stackit", |  | ||||||
|       size  = 20 |  | ||||||
|         } |         } | ||||||
|     replicas        = 1 |  | ||||||
|     acl             = ["0.0.0.0/0"] |  | ||||||
|     backup_schedule = "00 00 * * *" |  | ||||||
| 
 | 
 | ||||||
|     users = [ |         custom_static = { | ||||||
|       { username = "admin", |           name         = "static-net" | ||||||
|         roles    = ["login", "createdb"] |           routed       = true | ||||||
|       }, |           ipv4_prefix  = "10.99.0.0/24" | ||||||
|       { username = "testusr", |           ipv4_gateway = "10.99.0.1" | ||||||
|         roles    = ["login"] |  | ||||||
|       } |  | ||||||
|     ] |  | ||||||
| 
 | 
 | ||||||
|     databases = [ |           nic_ipv4               = "10.99.0.10" | ||||||
|       { |           nic_name               = "static-nic" | ||||||
|         name  = "test_db", |           nic_security_group_ids = [""] | ||||||
|         owner = "admin" |  | ||||||
|         } |         } | ||||||
|     ] |  | ||||||
|   } |  | ||||||
| } |  | ||||||
| 
 |  | ||||||
| routed_networks = { |  | ||||||
|   web = { |  | ||||||
|     name             = "web-net" |  | ||||||
|     ipv4_nameservers = ["1.1.1.1", "8.8.8.8"] |  | ||||||
|     labels = { |  | ||||||
|       env = "prod" |  | ||||||
|       } |       } | ||||||
|     } |     } | ||||||
| 
 | 
 | ||||||
|   db = { |     # ske_clusters = { | ||||||
|     name         = "db-net" |     #   dev = { | ||||||
|     static_ipv4  = "10.0.2.120" |     #     name                   = "dev" | ||||||
|     nic_security = false |     #     kubernetes_version_min = "1.31" | ||||||
|   } |     #     node_pools = [ | ||||||
| } |     #       { name               = "default" | ||||||
|  |     #         machine_type       = "c2.1" | ||||||
|  |     #         availability_zones = ["eu01-1", "eu01-2"] | ||||||
|  |     #         volume_size        = 40 | ||||||
|  |     #         minimum            = 1 | ||||||
|  |     #         maximum            = 3 | ||||||
|  |     #       } | ||||||
|  |     #     ] | ||||||
|  |     #   } | ||||||
| 
 | 
 | ||||||
| ske_clusters = { |     #   prod = { | ||||||
|   dev = { |     #     name                   = "prod" | ||||||
|     name                   = "dev-cluster" |     #     kubernetes_version_min = "1.31" | ||||||
|     kubernetes_version_min = "1.31" |     #     node_pools = [ | ||||||
|     node_pools = [ |     #       { name               = "general" | ||||||
|       { name               = "default" |     #         machine_type       = "c2.2" | ||||||
|         machine_type       = "c2.1" |     #         availability_zones = ["eu03-1", "eu03-2"] | ||||||
|         availability_zones = ["eu01-1", "eu01-2"] |     #         volume_size        = 80 | ||||||
|         volume_size        = 40 |     #         minimum            = 2 | ||||||
|         minimum            = 1 |     #         maximum            = 4 | ||||||
|         maximum            = 3 |     #       } | ||||||
|       } |     #     ] | ||||||
|     ] |     #   } | ||||||
|   } |     # } | ||||||
| 
 | 
 | ||||||
|   staging = { |     observability_instances = { | ||||||
|     name                   = "staging-cluster" |  | ||||||
|     kubernetes_version_min = "1.31" |  | ||||||
|     node_pools = [ |  | ||||||
|       { name               = "general" |  | ||||||
|         machine_type       = "c2.2" |  | ||||||
|         availability_zones = ["eu03-1", "eu03-2"] |  | ||||||
|         volume_size        = 80 |  | ||||||
|         minimum            = 2 |  | ||||||
|         maximum            = 4 |  | ||||||
|       } |  | ||||||
|     ] |  | ||||||
|   } |  | ||||||
| } |  | ||||||
| 
 |  | ||||||
| observability_instances = { |  | ||||||
|       starter = { |       starter = { | ||||||
|         name      = "Observability-1" |         name      = "Observability-1" | ||||||
|         plan_name = "Observability-Starter-EU01" |         plan_name = "Observability-Starter-EU01" | ||||||
|  | @ -145,4 +155,32 @@ observability_instances = { | ||||||
|         name      = "Observability-2" |         name      = "Observability-2" | ||||||
|         plan_name = "Observability-Large-EU01" |         plan_name = "Observability-Large-EU01" | ||||||
|       } |       } | ||||||
|  |     } | ||||||
|  | 
 | ||||||
|  |   }, | ||||||
|  |   # project_2 = { | ||||||
|  |   #   name            = "project-2" | ||||||
|  |   #   organization_id = "03a34540-3c1a-4794-b2c6-7111ecf824ef" | ||||||
|  |   #   owner_email     = "maximilian.schlenz@stackit.cloud" | ||||||
|  |   #   networks = { | ||||||
|  |   #     tiny = { | ||||||
|  |   #       name               = "tiny-net" | ||||||
|  |   #       ipv4_prefix_length = 28 | ||||||
|  |   #       labels             = {  | ||||||
|  |   #         purpose = "test"  | ||||||
|  |   #       } | ||||||
|  |   #     } | ||||||
|  | 
 | ||||||
|  |   #     custom_static = { | ||||||
|  |   #       name         = "static-net" | ||||||
|  |   #       routed       = false | ||||||
|  |   #       ipv4_prefix  = "10.99.0.0/24" | ||||||
|  |   #       ipv4_gateway = "10.99.0.1" | ||||||
|  | 
 | ||||||
|  |   #       nic_ipv4               = "10.99.0.10" | ||||||
|  |   #       nic_name               = "static-nic" | ||||||
|  |   #       nic_security_group_ids = [""] | ||||||
|  |   #     } | ||||||
|  |   #   } | ||||||
|  |   # } | ||||||
| } | } | ||||||
|  | @ -4,49 +4,82 @@ variable "region" { | ||||||
|   default     = "eu01" |   default     = "eu01" | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| variable "project_id" { |  | ||||||
|   description = "STACKIT Cloud project ID" |  | ||||||
|   type        = string |  | ||||||
| } |  | ||||||
| 
 |  | ||||||
| variable "service_account_token" { | variable "service_account_token" { | ||||||
|   description = "Service account token for authentication" |   description = "Service account token for authentication" | ||||||
|   sensitive   = true |   sensitive   = true | ||||||
|   type        = string |   type        = string | ||||||
|  |   default     = "" | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| variable "security_groups" { | variable "service_account_key_path" { | ||||||
|  |   type    = string | ||||||
|  |   default = "" | ||||||
|  | } | ||||||
|  | 
 | ||||||
|  | variable "projects" { | ||||||
|   type = map(object({ |   type = map(object({ | ||||||
|     name        = optional(string) | 
 | ||||||
|  |     organization_id = string | ||||||
|  |     name            = string | ||||||
|  |     description     = optional(string) | ||||||
|  |     labels          = optional(map(string)) | ||||||
|  |     project_id      = optional(string) | ||||||
|  |     owner_email     = optional(string) | ||||||
|  | 
 | ||||||
|  |     security_groups = optional(map(object({ | ||||||
|  |       name        = string | ||||||
|       description = optional(string) |       description = optional(string) | ||||||
|       rules = list(object({ |       rules = list(object({ | ||||||
|       direction   = string |  | ||||||
|         description = optional(string) |         description = optional(string) | ||||||
|  |         direction   = string | ||||||
|         ether_type  = optional(string) |         ether_type  = optional(string) | ||||||
|       icmp_parameters = optional(object({ |  | ||||||
|         type = optional(number) |  | ||||||
|         code = optional(number) |  | ||||||
|       })) |  | ||||||
|         ip_range    = optional(string) |         ip_range    = optional(string) | ||||||
|       port_range = optional(object({ |  | ||||||
|         min = number |  | ||||||
|         max = number |  | ||||||
|       })) |  | ||||||
|         protocol = optional(object({ |         protocol = optional(object({ | ||||||
|           name   = optional(string) |           name   = optional(string) | ||||||
|           number = optional(number) |           number = optional(number) | ||||||
|         })) |         })) | ||||||
|  |         port_range = optional(object({ | ||||||
|  |           min = number | ||||||
|  |           max = number | ||||||
|  |         })) | ||||||
|         remote_security_group_id = optional(string) |         remote_security_group_id = optional(string) | ||||||
|       })) |       })) | ||||||
|   })) |     })), {}) | ||||||
| } |  | ||||||
| 
 | 
 | ||||||
| variable "postgres_instances" { |     networks = optional(map(object({ | ||||||
|   type = map(object({ |       name               = string | ||||||
|  |       ipv4_gateway       = optional(string) | ||||||
|  |       ipv4_nameservers   = optional(list(string)) | ||||||
|  |       ipv4_prefix        = optional(string) | ||||||
|  |       ipv4_prefix_length = optional(number) | ||||||
|  |       ipv6_gateway       = optional(string) | ||||||
|  |       ipv6_nameservers   = optional(list(string)) | ||||||
|  |       ipv6_prefix        = optional(string) | ||||||
|  |       ipv6_prefix_length = optional(number) | ||||||
|  |       labels             = optional(map(string)) | ||||||
|  |       no_ipv4_gateway    = optional(bool) | ||||||
|  |       no_ipv6_gateway    = optional(bool) | ||||||
|  |       routed             = optional(bool) | ||||||
|  | 
 | ||||||
|  |       nic_ipv4               = optional(string) | ||||||
|  |       nic_name               = optional(string) | ||||||
|  |       nic_allowed_addresses  = optional(list(string)) | ||||||
|  |       nic_labels             = optional(map(string)) | ||||||
|  |       nic_security           = optional(bool) | ||||||
|  |       nic_security_group_ids = optional(list(string)) | ||||||
|  |     })), {}) | ||||||
|  | 
 | ||||||
|  |     postgres_instances = optional(map(object({ | ||||||
|       name    = string |       name    = string | ||||||
|       version = number |       version = number | ||||||
|     flavor          = object({ cpu = number, ram = number }) |       flavor = object({ | ||||||
|     storage         = object({ class = string, size = number }) |         cpu = number, | ||||||
|  |         ram = number | ||||||
|  |       }) | ||||||
|  |       storage = object({ | ||||||
|  |         class = string, | ||||||
|  |         size  = number | ||||||
|  |       }) | ||||||
|       replicas        = number |       replicas        = number | ||||||
|       acl             = list(string) |       acl             = list(string) | ||||||
|       backup_schedule = string |       backup_schedule = string | ||||||
|  | @ -58,28 +91,9 @@ variable "postgres_instances" { | ||||||
|         name  = string |         name  = string | ||||||
|         owner = string |         owner = string | ||||||
|       })) |       })) | ||||||
|   })) |     })), {}) | ||||||
| } |  | ||||||
| 
 | 
 | ||||||
| variable "routed_networks" { |     ske_clusters = optional(map(object({ | ||||||
|   type = map(object({ |  | ||||||
|     name = string |  | ||||||
| 
 |  | ||||||
|     ipv4_nameservers = optional(list(string)) |  | ||||||
|     labels           = optional(map(string)) |  | ||||||
| 
 |  | ||||||
|     static_ipv4 = optional(string) |  | ||||||
|     nic_name    = optional(string) |  | ||||||
| 
 |  | ||||||
|     nic_allowed_addresses  = optional(list(string)) |  | ||||||
|     nic_labels             = optional(map(string)) |  | ||||||
|     nic_security           = optional(bool) |  | ||||||
|     nic_security_group_ids = optional(list(string)) |  | ||||||
|   })) |  | ||||||
| } |  | ||||||
| 
 |  | ||||||
| variable "ske_clusters" { |  | ||||||
|   type = map(object({ |  | ||||||
|       name                   = string |       name                   = string | ||||||
|       kubernetes_version_min = string |       kubernetes_version_min = string | ||||||
|       node_pools = list(object({ |       node_pools = list(object({ | ||||||
|  | @ -90,12 +104,11 @@ variable "ske_clusters" { | ||||||
|         minimum            = number |         minimum            = number | ||||||
|         maximum            = number |         maximum            = number | ||||||
|       })) |       })) | ||||||
|   })) |     })), {}) | ||||||
| } |  | ||||||
| 
 | 
 | ||||||
| variable "observability_instances" { |     observability_instances = optional(map(object({ | ||||||
|   type = map(object({ |  | ||||||
|       name      = string |       name      = string | ||||||
|       plan_name = string |       plan_name = string | ||||||
|  |     })), {}) | ||||||
|   })) |   })) | ||||||
| } | } | ||||||
|  |  | ||||||
|  | @ -18,7 +18,7 @@ resource "stackit_postgresflex_user" "user" { | ||||||
|   count = local.user_count |   count = local.user_count | ||||||
| 
 | 
 | ||||||
|   project_id  = var.project_id |   project_id  = var.project_id | ||||||
|   instance_id = stackit_postgresflex_instance.this.instance_id |   instance_id = var.instance_id != "" ? var.instance_id : stackit_postgresflex_instance.this.instance_id | ||||||
|   username    = var.users[count.index].username |   username    = var.users[count.index].username | ||||||
|   roles       = var.users[count.index].roles |   roles       = var.users[count.index].roles | ||||||
| } | } | ||||||
|  |  | ||||||
|  | @ -4,6 +4,21 @@ variable "project_id" { | ||||||
| 
 | 
 | ||||||
| variable "name" { | variable "name" { | ||||||
|   type = string |   type = string | ||||||
|  | 
 | ||||||
|  |   validation { | ||||||
|  |     condition     = length(regexall("^[a-z]([-a-z0-9]*[a-z0-9])?$", var.name)) > 0 | ||||||
|  |     error_message = <<EOT | ||||||
|  |       The name must be a valid DNS-1035 label: | ||||||
|  |       - only lower-case letters, digits or '-' | ||||||
|  |       - must start with a letter | ||||||
|  |       - must end with a letter or digit | ||||||
|  |       EOT | ||||||
|  |   } | ||||||
|  | } | ||||||
|  | 
 | ||||||
|  | variable "instance_id" { | ||||||
|  |   type    = string | ||||||
|  |   default = "" | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| variable "ver" { | variable "ver" { | ||||||
|  | @ -38,19 +53,34 @@ variable "backup_schedule" { | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| variable "users" { | variable "users" { | ||||||
|   description = "List of users" |  | ||||||
|   type = list(object({ |   type = list(object({ | ||||||
|     username = string |     username = string | ||||||
|     roles    = set(string) |     roles    = set(string) | ||||||
|   })) |   })) | ||||||
|   default = [] |   default = [] | ||||||
|  |   validation { | ||||||
|  |     condition     = alltrue([ | ||||||
|  |       for user in var.users : user.username != "admin" | ||||||
|  |     ]) | ||||||
|  |     error_message = "The username 'admin' is reserved and cannot be used." | ||||||
|  |   } | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| variable "databases" { | variable "databases" { | ||||||
|   description = "List of databases" |  | ||||||
|   type = list(object({ |   type = list(object({ | ||||||
|     name  = string |     name  = string | ||||||
|     owner = string |     owner = string | ||||||
|   })) |   })) | ||||||
|   default = [] |   default = [] | ||||||
|  |     validation { | ||||||
|  |     condition = alltrue([ | ||||||
|  |       for db in var.databases : length(regexall("^[a-z]([-a-z0-9]*[a-z0-9])?$", db.name)) > 0 | ||||||
|  |     ]) | ||||||
|  |     error_message = <<EOT | ||||||
|  |       The name must be a valid DNS-1035 label: | ||||||
|  |       - only lower-case letters, digits or '-' | ||||||
|  |       - must start with a letter | ||||||
|  |       - must end with a letter or digit | ||||||
|  |       EOT | ||||||
|  |   } | ||||||
| } | } | ||||||
|  |  | ||||||
|  | @ -1,34 +1,79 @@ | ||||||
| variable "projects" { | resource "stackit_resourcemanager_project" "this" { | ||||||
|   type = map(object({ |   parent_container_id = var.organization_id | ||||||
|     name        = string |   name                = var.name | ||||||
|     owner_email = string |   labels              = var.labels | ||||||
|   })) |   owner_email         = var.owner_email | ||||||
|   default = { |  | ||||||
|     project1 = { |  | ||||||
|       name        = "project-alpha" |  | ||||||
|       owner_email = "michael.sodan@stackit.cloud" |  | ||||||
|     } |  | ||||||
|     project2 = { |  | ||||||
|       name        = "project-beta" |  | ||||||
|       owner_email = "michael.sodan@stackit.cloud" |  | ||||||
|     } |  | ||||||
|   } |  | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| resource "stackit_resourcemanager_project" "projects" { | module "sg" { | ||||||
|   for_each            = var.projects |   source   = "../security-group" | ||||||
|   parent_container_id = var.organization_id # Nutzt jetzt die übergebene Variable |   for_each = var.security_groups | ||||||
|  | 
 | ||||||
|  |   project_id  = stackit_resourcemanager_project.this.project_id | ||||||
|   name        = each.value.name |   name        = each.value.name | ||||||
|   owner_email         = each.value.owner_email |   description = each.value.description | ||||||
|   # labels = { ... } # Vorerst entfernt, da stackit_network_area nicht definiert war |   rules       = each.value.rules | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| output "project_info" { | module "net" { | ||||||
|   value = { |   source   = "../network" | ||||||
|     for k, project in stackit_resourcemanager_project.projects : k => { |   for_each = var.networks | ||||||
|       project_id   = project.project_id | 
 | ||||||
|       container_id = project.container_id |   project_id = stackit_resourcemanager_project.this.project_id | ||||||
|     } |   name       = each.value.name | ||||||
|   } | 
 | ||||||
|  |   ipv4_gateway       = each.value.ipv4_gateway != null ? each.value.ipv4_gateway : null | ||||||
|  |   ipv4_nameservers   = each.value.ipv4_nameservers != [] ? each.value.ipv4_nameservers : [] | ||||||
|  |   ipv4_prefix        = each.value.ipv4_prefix != null ? each.value.ipv4_prefix : null | ||||||
|  |   ipv4_prefix_length = each.value.ipv4_prefix_length != null ? each.value.ipv4_prefix_length : null | ||||||
|  |   ipv6_gateway       = each.value.ipv6_gateway != null ? each.value.ipv6_gateway : null | ||||||
|  |   ipv6_nameservers   = each.value.ipv6_nameservers != [] ? each.value.ipv6_nameservers : [] | ||||||
|  |   ipv6_prefix        = each.value.ipv6_prefix != null ? each.value.ipv6_prefix : null | ||||||
|  |   ipv6_prefix_length = each.value.ipv6_prefix_length != null ? each.value.ipv6_prefix_length : null | ||||||
|  |   labels             = each.value.labels != {} ? each.value.labels : {} | ||||||
|  |   no_ipv4_gateway    = each.value.no_ipv4_gateway | ||||||
|  |   no_ipv6_gateway    = each.value.no_ipv6_gateway | ||||||
|  |   routed             = each.value.routed != null ? each.value.routed : true | ||||||
|  | 
 | ||||||
|  |   nic_ipv4               = each.value.nic_ipv4 | ||||||
|  |   nic_name               = each.value.nic_name != null ? each.value.nic_name : null | ||||||
|  |   nic_allowed_addresses  = each.value.nic_allowed_addresses | ||||||
|  |   nic_labels             = each.value.nic_labels != {} ? each.value.nic_labels : {} | ||||||
|  |   nic_security           = each.value.nic_security | ||||||
|  |   nic_security_group_ids = each.value.nic_security_group_ids | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
|  | module "pg" { | ||||||
|  |   source   = "../postgres" | ||||||
|  |   for_each = var.postgres_instances | ||||||
|  | 
 | ||||||
|  |   project_id      = stackit_resourcemanager_project.this.project_id | ||||||
|  |   name            = each.value.name | ||||||
|  |   ver             = each.value.version | ||||||
|  |   flavor          = each.value.flavor | ||||||
|  |   storage         = each.value.storage | ||||||
|  |   replicas        = each.value.replicas | ||||||
|  |   acl             = each.value.acl | ||||||
|  |   backup_schedule = each.value.backup_schedule | ||||||
|  |   users           = each.value.users | ||||||
|  |   databases       = each.value.databases | ||||||
|  | } | ||||||
|  | 
 | ||||||
|  | module "ske" { | ||||||
|  |   source   = "../ske" | ||||||
|  |   for_each = var.ske_clusters | ||||||
|  | 
 | ||||||
|  |   project_id             = stackit_resourcemanager_project.this.project_id | ||||||
|  |   name                   = each.value.name | ||||||
|  |   kubernetes_version_min = each.value.kubernetes_version_min | ||||||
|  |   node_pools             = each.value.node_pools | ||||||
|  | } | ||||||
|  | 
 | ||||||
|  | module "obs" { | ||||||
|  |   source   = "../observability" | ||||||
|  |   for_each = var.observability_instances | ||||||
|  | 
 | ||||||
|  |   project_id = stackit_resourcemanager_project.this.project_id | ||||||
|  |   name       = each.value.name | ||||||
|  |   plan_name  = each.value.plan_name | ||||||
|  | } | ||||||
|  |  | ||||||
							
								
								
									
										0
									
								
								project/output.tf
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										0
									
								
								project/output.tf
									
									
									
									
									
										Normal file
									
								
							
							
								
								
									
										9
									
								
								project/providers.tf
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										9
									
								
								project/providers.tf
									
									
									
									
									
										Normal file
									
								
							|  | @ -0,0 +1,9 @@ | ||||||
|  | terraform { | ||||||
|  |   required_version = ">= 1.9.0" | ||||||
|  |   required_providers { | ||||||
|  |     stackit = { | ||||||
|  |       source  = "stackitcloud/stackit" | ||||||
|  |       version = "0.56.0" | ||||||
|  |     } | ||||||
|  |   } | ||||||
|  | } | ||||||
|  | @ -1,10 +1,140 @@ | ||||||
| variable "organization_id" { | variable "organization_id" { | ||||||
|   description = "Empfängt die Container-ID der Organisation vom Root-Modul." |  | ||||||
|   type = string |   type = string | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| variable "sna_net" { | variable "name" { | ||||||
|   description = "SNA Transfer Network" |  | ||||||
|   type = string |   type = string | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
|  | variable "description" { | ||||||
|  |   type    = string | ||||||
|  |   default = null | ||||||
|  | } | ||||||
|  | 
 | ||||||
|  | variable "labels" { | ||||||
|  |   type    = map(string) | ||||||
|  |   default = {} | ||||||
|  | } | ||||||
|  | 
 | ||||||
|  | variable "project_id" { | ||||||
|  |   type    = string | ||||||
|  |   default = null | ||||||
|  | } | ||||||
|  | 
 | ||||||
|  | variable "owner_email" { | ||||||
|  |   type    = string | ||||||
|  |   default = null | ||||||
|  | } | ||||||
|  | 
 | ||||||
|  | variable "security_groups" { | ||||||
|  |   type = map(object({ | ||||||
|  |     name        = string | ||||||
|  |     description = optional(string) | ||||||
|  |     labels      = optional(map(string)) | ||||||
|  |     stateful    = optional(bool) | ||||||
|  |     rules       = list(object({ | ||||||
|  |       description               = optional(string) | ||||||
|  |       direction                 = string | ||||||
|  |       ether_type                = optional(string) | ||||||
|  |       ip_range                  = optional(string) | ||||||
|  |       protocol                  = optional(object({ | ||||||
|  |                                 name   = optional(string) | ||||||
|  |                                 number = optional(number) | ||||||
|  |                               })) | ||||||
|  |       port_range                = optional(object({ | ||||||
|  |                                 min = number | ||||||
|  |                                 max = number | ||||||
|  |                               })) | ||||||
|  |       remote_security_group_id  = optional(string) | ||||||
|  |     })) | ||||||
|  |   })) | ||||||
|  |   default = {} | ||||||
|  | } | ||||||
|  | 
 | ||||||
|  | variable "networks" { | ||||||
|  |   type = map(object({ | ||||||
|  |     name               = string | ||||||
|  |     ipv4_gateway       = optional(string) | ||||||
|  |     ipv4_nameservers   = optional(list(string)) | ||||||
|  |     ipv4_prefix        = optional(string) | ||||||
|  |     ipv4_prefix_length = optional(number) | ||||||
|  |     ipv6_gateway       = optional(string) | ||||||
|  |     ipv6_nameservers   = optional(list(string)) | ||||||
|  |     ipv6_prefix        = optional(string) | ||||||
|  |     ipv6_prefix_length = optional(number) | ||||||
|  |     labels             = optional(map(string)) | ||||||
|  |     no_ipv4_gateway    = optional(bool) | ||||||
|  |     no_ipv6_gateway    = optional(bool) | ||||||
|  |     routed             = optional(bool) | ||||||
|  | 
 | ||||||
|  |     nic_ipv4               = optional(string) | ||||||
|  |     nic_name               = optional(string) | ||||||
|  |     nic_allowed_addresses  = optional(list(string)) | ||||||
|  |     nic_labels             = optional(map(string)) | ||||||
|  |     nic_security           = optional(bool) | ||||||
|  |     nic_security_group_ids = optional(list(string)) | ||||||
|  |   })) | ||||||
|  |   default = {} | ||||||
|  | } | ||||||
|  | 
 | ||||||
|  | variable "postgres_instances" { | ||||||
|  |   type = map(object({ | ||||||
|  |     acl             = list(string) | ||||||
|  |     backup_schedule = string | ||||||
|  | 
 | ||||||
|  |     flavor = object({ | ||||||
|  |       cpu = number | ||||||
|  |       ram = number | ||||||
|  |     }) | ||||||
|  | 
 | ||||||
|  |     name     = string | ||||||
|  |     replicas = number | ||||||
|  | 
 | ||||||
|  |     storage = object({ | ||||||
|  |       class = string | ||||||
|  |       size  = number | ||||||
|  |     }) | ||||||
|  | 
 | ||||||
|  |     version = string | ||||||
|  |     region  = optional(string) | ||||||
|  | 
 | ||||||
|  |     databases = optional(list(object({ | ||||||
|  |       instance_id = optional(string) | ||||||
|  |       name        = string | ||||||
|  |       owner       = string | ||||||
|  |       region      = optional(string) | ||||||
|  |     }))) | ||||||
|  | 
 | ||||||
|  |     users = optional(list(object({ | ||||||
|  |       instance_id = optional(string) | ||||||
|  |       roles       = set(string) | ||||||
|  |       username    = string | ||||||
|  |       region      = optional(string) | ||||||
|  |     }))) | ||||||
|  |   })) | ||||||
|  |   default = {} | ||||||
|  | } | ||||||
|  | 
 | ||||||
|  | variable "ske_clusters" { | ||||||
|  |   type = map(object({ | ||||||
|  |     name                   = string | ||||||
|  |     kubernetes_version_min = string | ||||||
|  |     node_pools             = list(object({ | ||||||
|  |       name               = string | ||||||
|  |       machine_type       = string | ||||||
|  |       availability_zones = list(string) | ||||||
|  |       volume_size        = number | ||||||
|  |       minimum            = number | ||||||
|  |       maximum            = number | ||||||
|  |     })) | ||||||
|  |   })) | ||||||
|  |   default = {} | ||||||
|  | } | ||||||
|  | 
 | ||||||
|  | variable "observability_instances" { | ||||||
|  |   type = map(object({ | ||||||
|  |     name      = string | ||||||
|  |     plan_name = string | ||||||
|  |   })) | ||||||
|  |   default = {} | ||||||
|  | } | ||||||
|  |  | ||||||
							
								
								
									
										34
									
								
								project_old/main.tf
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										34
									
								
								project_old/main.tf
									
									
									
									
									
										Normal file
									
								
							|  | @ -0,0 +1,34 @@ | ||||||
|  | variable "projects" { | ||||||
|  |   type = map(object({ | ||||||
|  |     name        = string | ||||||
|  |     owner_email = string | ||||||
|  |   })) | ||||||
|  |   default = { | ||||||
|  |     project1 = { | ||||||
|  |       name        = "project-alpha" | ||||||
|  |       owner_email = "michael.sodan@stackit.cloud" | ||||||
|  |     } | ||||||
|  |     project2 = { | ||||||
|  |       name        = "project-beta" | ||||||
|  |       owner_email = "michael.sodan@stackit.cloud" | ||||||
|  |     } | ||||||
|  |   } | ||||||
|  | } | ||||||
|  | 
 | ||||||
|  | resource "stackit_resourcemanager_project" "projects" { | ||||||
|  |   for_each            = var.projects | ||||||
|  |   parent_container_id = var.organization_id # Nutzt jetzt die übergebene Variable | ||||||
|  |   name                = each.value.name | ||||||
|  |   owner_email         = each.value.owner_email | ||||||
|  |   # labels = { ... } # Vorerst entfernt, da stackit_network_area nicht definiert war | ||||||
|  | } | ||||||
|  | 
 | ||||||
|  | output "project_info" { | ||||||
|  |   value = { | ||||||
|  |     for k, project in stackit_resourcemanager_project.projects : k => { | ||||||
|  |       project_id   = project.project_id | ||||||
|  |       container_id = project.container_id | ||||||
|  |     } | ||||||
|  |   } | ||||||
|  | } | ||||||
|  | 
 | ||||||
							
								
								
									
										10
									
								
								project_old/variables.tf
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										10
									
								
								project_old/variables.tf
									
									
									
									
									
										Normal file
									
								
							|  | @ -0,0 +1,10 @@ | ||||||
|  | variable "organization_id" { | ||||||
|  |   description = "Empfängt die Container-ID der Organisation vom Root-Modul." | ||||||
|  |   type        = string | ||||||
|  | } | ||||||
|  | 
 | ||||||
|  | variable "sna_net" { | ||||||
|  |   description = "SNA Transfer Network" | ||||||
|  |   type        = string | ||||||
|  | } | ||||||
|  | 
 | ||||||
|  | @ -13,7 +13,7 @@ resource "stackit_security_group_rule" "rule" { | ||||||
| 
 | 
 | ||||||
|   direction         = var.rules[count.index].direction |   direction         = var.rules[count.index].direction | ||||||
|   project_id        = var.project_id |   project_id        = var.project_id | ||||||
|   security_group_id = stackit_security_group.this.id |   security_group_id = stackit_security_group.this.security_group_id | ||||||
| 
 | 
 | ||||||
|   description              = var.rules[count.index].description |   description              = var.rules[count.index].description | ||||||
|   ether_type               = var.rules[count.index].ether_type |   ether_type               = var.rules[count.index].ether_type | ||||||
|  |  | ||||||
		Loading…
	
		Reference in a new issue