Compare commits
	
		
			9 commits
		
	
	
		
	
	| Author | SHA1 | Date | |
|---|---|---|---|
| fa1b669670 | |||
| 0dc69a66dd | |||
| f9b7fb71eb | |||
| 8c146a76b5 | |||
| 93f2af55c7 | |||
| 8ec98bf1da | |||
| ea99fca002 | |||
| 5db4a90b93 | |||
| 74b09c73e5 | 
					 16 changed files with 589 additions and 327 deletions
				
			
		|  | @ -1,66 +1,18 @@ | |||
| module "security_groups" { | ||||
|   source = "../security-group" | ||||
| module "project" { | ||||
|   source   = "../project" | ||||
|   for_each = var.projects | ||||
| 
 | ||||
|   for_each = var.security_groups | ||||
|   organization_id = each.value.organization_id | ||||
|   name            = each.value.name | ||||
| 
 | ||||
|   project_id  = var.project_id | ||||
|   name        = each.value.name | ||||
|   description = each.value.description | ||||
|   rules       = each.value.rules | ||||
|   description = each.value.description != null ? each.value.description : null | ||||
|   labels      = each.value.labels != {} ? each.value.labels : {} | ||||
| 
 | ||||
|   owner_email = each.value.owner_email | ||||
| 
 | ||||
|   security_groups         = each.value.security_groups | ||||
|   networks                = each.value.networks | ||||
|   postgres_instances      = each.value.postgres_instances | ||||
|   ske_clusters            = each.value.ske_clusters | ||||
|   observability_instances = each.value.observability_instances | ||||
| } | ||||
| 
 | ||||
| # module "postgres" { | ||||
| #   source = "../postgres" | ||||
| 
 | ||||
| #   for_each = var.postgres_instances | ||||
| 
 | ||||
| #   project_id      = var.project_id | ||||
| #   name            = each.value.name | ||||
| #   ver             = each.value.version | ||||
| #   flavor          = each.value.flavor | ||||
| #   storage         = each.value.storage | ||||
| #   replicas        = each.value.replicas | ||||
| #   acl             = each.value.acl | ||||
| #   backup_schedule = each.value.backup_schedule | ||||
| #   users           = each.value.users | ||||
| #   databases       = each.value.databases | ||||
| # } | ||||
| 
 | ||||
| # module "net" { | ||||
| #   source = "../network" | ||||
| 
 | ||||
| #   for_each = var.routed_networks | ||||
| 
 | ||||
| #   project_id = var.project_id | ||||
| #   name       = each.value.name | ||||
| 
 | ||||
| #   ipv4_nameservers = each.value.ipv4_nameservers | ||||
| #   labels           = each.value.labels | ||||
| 
 | ||||
| #   static_ipv4            = each.value.static_ipv4 | ||||
| #   nic_name               = each.value.nic_name | ||||
| #   nic_allowed_addresses  = each.value.nic_allowed_addresses | ||||
| #   nic_labels             = each.value.nic_labels | ||||
| #   nic_security           = each.value.nic_security | ||||
| #   nic_security_group_ids = each.value.nic_security_group_ids | ||||
| # } | ||||
| 
 | ||||
| # module "ske" { | ||||
| #   source = "../ske" | ||||
| 
 | ||||
| #   for_each = var.ske_clusters | ||||
| 
 | ||||
| #   project_id             = var.project_id | ||||
| #   name                   = each.value.name | ||||
| #   kubernetes_version_min = each.value.kubernetes_version_min | ||||
| #   node_pools             = each.value.node_pools | ||||
| # } | ||||
| 
 | ||||
| # module "observability" { | ||||
| #   source = "../observability" | ||||
| 
 | ||||
| #   for_each   = var.observability_instances | ||||
| #   project_id = var.project_id | ||||
| #   name       = each.value.name | ||||
| #   plan_name  = each.value.plan_name | ||||
| # } | ||||
|  |  | |||
|  | @ -9,7 +9,8 @@ terraform { | |||
| } | ||||
| 
 | ||||
| provider "stackit" { | ||||
|   default_region        = var.region | ||||
|   service_account_token = var.service_account_token | ||||
|   enable_beta_resources = true | ||||
|   default_region           = var.region | ||||
|   service_account_token    = var.service_account_token != "" ? var.service_account_token : null | ||||
|   service_account_key_path = var.service_account_key_path != "" ? var.service_account_key_path : null | ||||
|   enable_beta_resources    = true | ||||
| } | ||||
|  | @ -1,148 +1,186 @@ | |||
| region                = "eu01" | ||||
| service_account_token = "" | ||||
| project_id            = "" | ||||
| region                   = "eu01" | ||||
| service_account_key_path = "/Users/schlenz/sa-key-dd5fa2c9-1651-4da7-8404-9ac4fe9bc3d5.json" | ||||
| 
 | ||||
| security_groups = { | ||||
|   ssh_ingress_group = { | ||||
|     name        = "ssh-ingress-group" | ||||
|     description = "ALLOW SSH ingress" | ||||
|     rules = [ | ||||
|       { description = "SSH RULE 1" | ||||
|         direction   = "ingress" | ||||
|         ether_type  = "IPv4" | ||||
|         ip_range    = "0.0.0.0/0" | ||||
|         protocol = { | ||||
|           name = "tcp" | ||||
| projects = { | ||||
|   project_1 = { | ||||
|     name            = "project-1" | ||||
|     organization_id = "03a34540-3c1a-4794-b2c6-7111ecf824ef" | ||||
|     owner_email     = "maximilian.schlenz@stackit.cloud" | ||||
| 
 | ||||
|     postgres_instances = { | ||||
|       dev = { | ||||
|         name    = "pg-test-instance" | ||||
|         version = 17 | ||||
|         flavor = { | ||||
|           cpu = 2, | ||||
|           ram = 4 | ||||
|         } | ||||
|         port_range = { | ||||
|           min = 22 | ||||
|           max = 22 | ||||
|         storage = { | ||||
|           class = "premium-perf6-stackit", | ||||
|           size  = 20 | ||||
|         } | ||||
|       }, | ||||
|     ] | ||||
|         replicas        = 1 | ||||
|         acl             = ["0.0.0.0/0"] | ||||
|         backup_schedule = "00 00 * * *" | ||||
| 
 | ||||
|         users = [ | ||||
|           { username = "adm-usr", | ||||
|             roles    = ["login", "createdb"] | ||||
|           }, | ||||
|           { username = "testusr", | ||||
|             roles    = ["login"] | ||||
|           } | ||||
|         ] | ||||
| 
 | ||||
|         databases = [ | ||||
|           { | ||||
|             name  = "test-db", | ||||
|             owner = "admin" | ||||
|           } | ||||
|         ] | ||||
|       } | ||||
|     } | ||||
| 
 | ||||
|     networks = { | ||||
|       tiny = { | ||||
|         name               = "tiny-net" | ||||
|         ipv4_prefix_length = 28 | ||||
|         labels = { | ||||
|           purpose = "test" | ||||
|         } | ||||
|         security_groups = { | ||||
|           ssh_ingress_group = { | ||||
|             name        = "ssh-ingress-group" | ||||
|             description = "ALLOW SSH ingress" | ||||
|             rules = [ | ||||
|               { description = "SSH RULE 1" | ||||
|                 direction   = "ingress" | ||||
|                 ether_type  = "IPv4" | ||||
|                 ip_range    = "0.0.0.0/0" | ||||
|                 protocol = { | ||||
|                   name = "tcp" | ||||
|                 } | ||||
|                 port_range = { | ||||
|                   min = 22 | ||||
|                   max = 23 | ||||
|                 } | ||||
|               }, | ||||
|             ] | ||||
|           }, | ||||
| 
 | ||||
|           web_traffic_group = { | ||||
|             name        = "web-traffic-group" | ||||
|             description = "ALLOW WEB TRAFFIC ingress" | ||||
|             rules = [ | ||||
|               { description = "ALLOW ALL 80" | ||||
|                 direction   = "ingress" | ||||
|                 ether_type  = "IPv4" | ||||
|                 ip_range    = "0.0.0.0/0" | ||||
|                 protocol = { | ||||
|                   name = "tcp" | ||||
|                 } | ||||
|                 port_range = { | ||||
|                   min = 80 | ||||
|                   max = 80 | ||||
|                 } | ||||
|               }, | ||||
|               { description = "ALLOW ALL 443" | ||||
|                 direction   = "ingress" | ||||
|                 ether_type  = "IPv4" | ||||
|                 ip_range    = "0.0.0.0/0" | ||||
|                 protocol = { | ||||
|                   name = "tcp" | ||||
|                 } | ||||
|                 port_range = { | ||||
|                   min = 443 | ||||
|                   max = 443 | ||||
|                 } | ||||
|               }, | ||||
|             ] | ||||
|           }, | ||||
|         } | ||||
|         network_static = { | ||||
|         } | ||||
| 
 | ||||
|         custom_static = { | ||||
|           name         = "static-net" | ||||
|           routed       = true | ||||
|           ipv4_prefix  = "10.99.0.0/24" | ||||
|           ipv4_gateway = "10.99.0.1" | ||||
| 
 | ||||
|           nic_ipv4               = "10.99.0.10" | ||||
|           nic_name               = "static-nic" | ||||
|           nic_security_group_ids = [""] | ||||
|         } | ||||
|       } | ||||
|     } | ||||
| 
 | ||||
|     # ske_clusters = { | ||||
|     #   dev = { | ||||
|     #     name                   = "dev" | ||||
|     #     kubernetes_version_min = "1.31" | ||||
|     #     node_pools = [ | ||||
|     #       { name               = "default" | ||||
|     #         machine_type       = "c2.1" | ||||
|     #         availability_zones = ["eu01-1", "eu01-2"] | ||||
|     #         volume_size        = 40 | ||||
|     #         minimum            = 1 | ||||
|     #         maximum            = 3 | ||||
|     #       } | ||||
|     #     ] | ||||
|     #   } | ||||
| 
 | ||||
|     #   prod = { | ||||
|     #     name                   = "prod" | ||||
|     #     kubernetes_version_min = "1.31" | ||||
|     #     node_pools = [ | ||||
|     #       { name               = "general" | ||||
|     #         machine_type       = "c2.2" | ||||
|     #         availability_zones = ["eu03-1", "eu03-2"] | ||||
|     #         volume_size        = 80 | ||||
|     #         minimum            = 2 | ||||
|     #         maximum            = 4 | ||||
|     #       } | ||||
|     #     ] | ||||
|     #   } | ||||
|     # } | ||||
| 
 | ||||
|     observability_instances = { | ||||
|       starter = { | ||||
|         name      = "Observability-1" | ||||
|         plan_name = "Observability-Starter-EU01" | ||||
|       } | ||||
| 
 | ||||
|       prod = { | ||||
|         name      = "Observability-2" | ||||
|         plan_name = "Observability-Large-EU01" | ||||
|       } | ||||
|     } | ||||
| 
 | ||||
|   }, | ||||
|   # project_2 = { | ||||
|   #   name            = "project-2" | ||||
|   #   organization_id = "03a34540-3c1a-4794-b2c6-7111ecf824ef" | ||||
|   #   owner_email     = "maximilian.schlenz@stackit.cloud" | ||||
|   #   networks = { | ||||
|   #     tiny = { | ||||
|   #       name               = "tiny-net" | ||||
|   #       ipv4_prefix_length = 28 | ||||
|   #       labels             = {  | ||||
|   #         purpose = "test"  | ||||
|   #       } | ||||
|   #     } | ||||
| 
 | ||||
|   web_traffic_group = { | ||||
|     name        = "web-traffic-group" | ||||
|     description = "ALLOW WEB TRAFFIC ingress" | ||||
|     rules = [ | ||||
|       { description = "ALLOW ALL 80" | ||||
|         direction   = "ingress" | ||||
|         ether_type  = "IPv4" | ||||
|         ip_range    = "0.0.0.0/0" | ||||
|         protocol = { | ||||
|           name = "tcp" | ||||
|         } | ||||
|         port_range = { | ||||
|           min = 80 | ||||
|           max = 80 | ||||
|         } | ||||
|       }, | ||||
|       { description = "ALLOW ALL 443" | ||||
|         direction   = "ingress" | ||||
|         ether_type  = "IPv4" | ||||
|         ip_range    = "0.0.0.0/0" | ||||
|         protocol = { | ||||
|           name = "tcp" | ||||
|         } | ||||
|         port_range = { | ||||
|           min = 443 | ||||
|           max = 443 | ||||
|         } | ||||
|       }, | ||||
|     ] | ||||
|   }, | ||||
|   #     custom_static = { | ||||
|   #       name         = "static-net" | ||||
|   #       routed       = false | ||||
|   #       ipv4_prefix  = "10.99.0.0/24" | ||||
|   #       ipv4_gateway = "10.99.0.1" | ||||
| 
 | ||||
| } | ||||
| 
 | ||||
| postgres_instances = { | ||||
|   dev = { | ||||
|     name    = "pg-test-instance" | ||||
|     version = 17 | ||||
|     flavor = { | ||||
|       cpu = 2, | ||||
|       ram = 4 | ||||
|     } | ||||
|     storage = { | ||||
|       class = "premium-perf6-stackit", | ||||
|       size  = 20 | ||||
|     } | ||||
|     replicas        = 1 | ||||
|     acl             = ["0.0.0.0/0"] | ||||
|     backup_schedule = "00 00 * * *" | ||||
| 
 | ||||
|     users = [ | ||||
|       { username = "admin", | ||||
|         roles    = ["login", "createdb"] | ||||
|       }, | ||||
|       { username = "testusr", | ||||
|         roles    = ["login"] | ||||
|       } | ||||
|     ] | ||||
| 
 | ||||
|     databases = [ | ||||
|       { | ||||
|         name  = "test_db", | ||||
|         owner = "admin" | ||||
|       } | ||||
|     ] | ||||
|   } | ||||
| } | ||||
| 
 | ||||
| routed_networks = { | ||||
|   web = { | ||||
|     name             = "web-net" | ||||
|     ipv4_nameservers = ["1.1.1.1", "8.8.8.8"] | ||||
|     labels = { | ||||
|       env = "prod" | ||||
|     } | ||||
|   } | ||||
| 
 | ||||
|   db = { | ||||
|     name         = "db-net" | ||||
|     static_ipv4  = "10.0.2.120" | ||||
|     nic_security = false | ||||
|   } | ||||
| } | ||||
| 
 | ||||
| ske_clusters = { | ||||
|   dev = { | ||||
|     name                   = "dev-cluster" | ||||
|     kubernetes_version_min = "1.31" | ||||
|     node_pools = [ | ||||
|       { name               = "default" | ||||
|         machine_type       = "c2.1" | ||||
|         availability_zones = ["eu01-1", "eu01-2"] | ||||
|         volume_size        = 40 | ||||
|         minimum            = 1 | ||||
|         maximum            = 3 | ||||
|       } | ||||
|     ] | ||||
|   } | ||||
| 
 | ||||
|   staging = { | ||||
|     name                   = "staging-cluster" | ||||
|     kubernetes_version_min = "1.31" | ||||
|     node_pools = [ | ||||
|       { name               = "general" | ||||
|         machine_type       = "c2.2" | ||||
|         availability_zones = ["eu03-1", "eu03-2"] | ||||
|         volume_size        = 80 | ||||
|         minimum            = 2 | ||||
|         maximum            = 4 | ||||
|       } | ||||
|     ] | ||||
|   } | ||||
| } | ||||
| 
 | ||||
| observability_instances = { | ||||
|   starter = { | ||||
|     name      = "Observability-1" | ||||
|     plan_name = "Observability-Starter-EU01" | ||||
|   } | ||||
| 
 | ||||
|   prod = { | ||||
|     name      = "Observability-2" | ||||
|     plan_name = "Observability-Large-EU01" | ||||
|   } | ||||
|   #       nic_ipv4               = "10.99.0.10" | ||||
|   #       nic_name               = "static-nic" | ||||
|   #       nic_security_group_ids = [""] | ||||
|   #     } | ||||
|   #   } | ||||
|   # } | ||||
| } | ||||
|  | @ -4,98 +4,111 @@ variable "region" { | |||
|   default     = "eu01" | ||||
| } | ||||
| 
 | ||||
| variable "project_id" { | ||||
|   description = "STACKIT Cloud project ID" | ||||
|   type        = string | ||||
| } | ||||
| 
 | ||||
| variable "service_account_token" { | ||||
|   description = "Service account token for authentication" | ||||
|   sensitive   = true | ||||
|   type        = string | ||||
|   default     = "" | ||||
| } | ||||
| 
 | ||||
| variable "security_groups" { | ||||
|   type = map(object({ | ||||
|     name        = optional(string) | ||||
|     description = optional(string) | ||||
|     rules = list(object({ | ||||
|       direction   = string | ||||
|       description = optional(string) | ||||
|       ether_type  = optional(string) | ||||
|       icmp_parameters = optional(object({ | ||||
|         type = optional(number) | ||||
|         code = optional(number) | ||||
|       })) | ||||
|       ip_range = optional(string) | ||||
|       port_range = optional(object({ | ||||
|         min = number | ||||
|         max = number | ||||
|       })) | ||||
|       protocol = optional(object({ | ||||
|         name   = optional(string) | ||||
|         number = optional(number) | ||||
|       })) | ||||
|       remote_security_group_id = optional(string) | ||||
|     })) | ||||
|   })) | ||||
| variable "service_account_key_path" { | ||||
|   type    = string | ||||
|   default = "" | ||||
| } | ||||
| 
 | ||||
| variable "postgres_instances" { | ||||
| variable "projects" { | ||||
|   type = map(object({ | ||||
| 
 | ||||
|     organization_id = string | ||||
|     name            = string | ||||
|     version         = number | ||||
|     flavor          = object({ cpu = number, ram = number }) | ||||
|     storage         = object({ class = string, size = number }) | ||||
|     replicas        = number | ||||
|     acl             = list(string) | ||||
|     backup_schedule = string | ||||
|     users = list(object({ | ||||
|       username = string | ||||
|       roles    = set(string) | ||||
|     })) | ||||
|     databases = list(object({ | ||||
|       name  = string | ||||
|       owner = string | ||||
|     })) | ||||
|   })) | ||||
| } | ||||
|     description     = optional(string) | ||||
|     labels          = optional(map(string)) | ||||
|     project_id      = optional(string) | ||||
|     owner_email     = optional(string) | ||||
| 
 | ||||
| variable "routed_networks" { | ||||
|   type = map(object({ | ||||
|     name = string | ||||
|     security_groups = optional(map(object({ | ||||
|       name        = string | ||||
|       description = optional(string) | ||||
|       rules = list(object({ | ||||
|         description = optional(string) | ||||
|         direction   = string | ||||
|         ether_type  = optional(string) | ||||
|         ip_range    = optional(string) | ||||
|         protocol = optional(object({ | ||||
|           name   = optional(string) | ||||
|           number = optional(number) | ||||
|         })) | ||||
|         port_range = optional(object({ | ||||
|           min = number | ||||
|           max = number | ||||
|         })) | ||||
|         remote_security_group_id = optional(string) | ||||
|       })) | ||||
|     })), {}) | ||||
| 
 | ||||
|     ipv4_nameservers = optional(list(string)) | ||||
|     labels           = optional(map(string)) | ||||
| 
 | ||||
|     static_ipv4 = optional(string) | ||||
|     nic_name    = optional(string) | ||||
| 
 | ||||
|     nic_allowed_addresses  = optional(list(string)) | ||||
|     nic_labels             = optional(map(string)) | ||||
|     nic_security           = optional(bool) | ||||
|     nic_security_group_ids = optional(list(string)) | ||||
|   })) | ||||
| } | ||||
| 
 | ||||
| variable "ske_clusters" { | ||||
|   type = map(object({ | ||||
|     name                   = string | ||||
|     kubernetes_version_min = string | ||||
|     node_pools = list(object({ | ||||
|     networks = optional(map(object({ | ||||
|       name               = string | ||||
|       machine_type       = string | ||||
|       availability_zones = list(string) | ||||
|       volume_size        = number | ||||
|       minimum            = number | ||||
|       maximum            = number | ||||
|     })) | ||||
|   })) | ||||
| } | ||||
|       ipv4_gateway       = optional(string) | ||||
|       ipv4_nameservers   = optional(list(string)) | ||||
|       ipv4_prefix        = optional(string) | ||||
|       ipv4_prefix_length = optional(number) | ||||
|       ipv6_gateway       = optional(string) | ||||
|       ipv6_nameservers   = optional(list(string)) | ||||
|       ipv6_prefix        = optional(string) | ||||
|       ipv6_prefix_length = optional(number) | ||||
|       labels             = optional(map(string)) | ||||
|       no_ipv4_gateway    = optional(bool) | ||||
|       no_ipv6_gateway    = optional(bool) | ||||
|       routed             = optional(bool) | ||||
| 
 | ||||
| variable "observability_instances" { | ||||
|   type = map(object({ | ||||
|     name      = string | ||||
|     plan_name = string | ||||
|       nic_ipv4               = optional(string) | ||||
|       nic_name               = optional(string) | ||||
|       nic_allowed_addresses  = optional(list(string)) | ||||
|       nic_labels             = optional(map(string)) | ||||
|       nic_security           = optional(bool) | ||||
|       nic_security_group_ids = optional(list(string)) | ||||
|     })), {}) | ||||
| 
 | ||||
|     postgres_instances = optional(map(object({ | ||||
|       name    = string | ||||
|       version = number | ||||
|       flavor = object({ | ||||
|         cpu = number, | ||||
|         ram = number | ||||
|       }) | ||||
|       storage = object({ | ||||
|         class = string, | ||||
|         size  = number | ||||
|       }) | ||||
|       replicas        = number | ||||
|       acl             = list(string) | ||||
|       backup_schedule = string | ||||
|       users = list(object({ | ||||
|         username = string | ||||
|         roles    = set(string) | ||||
|       })) | ||||
|       databases = list(object({ | ||||
|         name  = string | ||||
|         owner = string | ||||
|       })) | ||||
|     })), {}) | ||||
| 
 | ||||
|     ske_clusters = optional(map(object({ | ||||
|       name                   = string | ||||
|       kubernetes_version_min = string | ||||
|       node_pools = list(object({ | ||||
|         name               = string | ||||
|         machine_type       = string | ||||
|         availability_zones = list(string) | ||||
|         volume_size        = number | ||||
|         minimum            = number | ||||
|         maximum            = number | ||||
|       })) | ||||
|     })), {}) | ||||
| 
 | ||||
|     observability_instances = optional(map(object({ | ||||
|       name      = string | ||||
|       plan_name = string | ||||
|     })), {}) | ||||
|   })) | ||||
| } | ||||
|  |  | |||
|  | @ -18,7 +18,7 @@ resource "stackit_postgresflex_user" "user" { | |||
|   count = local.user_count | ||||
| 
 | ||||
|   project_id  = var.project_id | ||||
|   instance_id = stackit_postgresflex_instance.this.instance_id | ||||
|   instance_id = var.instance_id != "" ? var.instance_id : stackit_postgresflex_instance.this.instance_id | ||||
|   username    = var.users[count.index].username | ||||
|   roles       = var.users[count.index].roles | ||||
| } | ||||
|  |  | |||
|  | @ -4,6 +4,21 @@ variable "project_id" { | |||
| 
 | ||||
| variable "name" { | ||||
|   type = string | ||||
| 
 | ||||
|   validation { | ||||
|     condition     = length(regexall("^[a-z]([-a-z0-9]*[a-z0-9])?$", var.name)) > 0 | ||||
|     error_message = <<EOT | ||||
|       The name must be a valid DNS-1035 label: | ||||
|       - only lower-case letters, digits or '-' | ||||
|       - must start with a letter | ||||
|       - must end with a letter or digit | ||||
|       EOT | ||||
|   } | ||||
| } | ||||
| 
 | ||||
| variable "instance_id" { | ||||
|   type    = string | ||||
|   default = "" | ||||
| } | ||||
| 
 | ||||
| variable "ver" { | ||||
|  | @ -38,19 +53,34 @@ variable "backup_schedule" { | |||
| } | ||||
| 
 | ||||
| variable "users" { | ||||
|   description = "List of users" | ||||
|   type = list(object({ | ||||
|     username = string | ||||
|     roles    = set(string) | ||||
|   })) | ||||
|   default = [] | ||||
|   validation { | ||||
|     condition     = alltrue([ | ||||
|       for user in var.users : user.username != "admin" | ||||
|     ]) | ||||
|     error_message = "The username 'admin' is reserved and cannot be used." | ||||
|   } | ||||
| } | ||||
| 
 | ||||
| variable "databases" { | ||||
|   description = "List of databases" | ||||
|   type = list(object({ | ||||
|     name  = string | ||||
|     owner = string | ||||
|   })) | ||||
|   default = [] | ||||
|     validation { | ||||
|     condition = alltrue([ | ||||
|       for db in var.databases : length(regexall("^[a-z]([-a-z0-9]*[a-z0-9])?$", db.name)) > 0 | ||||
|     ]) | ||||
|     error_message = <<EOT | ||||
|       The name must be a valid DNS-1035 label: | ||||
|       - only lower-case letters, digits or '-' | ||||
|       - must start with a letter | ||||
|       - must end with a letter or digit | ||||
|       EOT | ||||
|   } | ||||
| } | ||||
|  |  | |||
							
								
								
									
										101
									
								
								project/main.tf
									
									
									
									
									
								
							
							
						
						
									
										101
									
								
								project/main.tf
									
									
									
									
									
								
							|  | @ -1,34 +1,79 @@ | |||
| variable "projects" { | ||||
|   type = map(object({ | ||||
|     name        = string | ||||
|     owner_email = string | ||||
|   })) | ||||
|   default = { | ||||
|     project1 = { | ||||
|       name        = "project-alpha" | ||||
|       owner_email = "michael.sodan@stackit.cloud" | ||||
|     } | ||||
|     project2 = { | ||||
|       name        = "project-beta" | ||||
|       owner_email = "michael.sodan@stackit.cloud" | ||||
|     } | ||||
|   } | ||||
| resource "stackit_resourcemanager_project" "this" { | ||||
|   parent_container_id = var.organization_id | ||||
|   name                = var.name | ||||
|   labels              = var.labels | ||||
|   owner_email         = var.owner_email | ||||
| } | ||||
| 
 | ||||
| resource "stackit_resourcemanager_project" "projects" { | ||||
|   for_each            = var.projects | ||||
|   parent_container_id = var.organization_id # Nutzt jetzt die übergebene Variable | ||||
|   name                = each.value.name | ||||
|   owner_email         = each.value.owner_email | ||||
|   # labels = { ... } # Vorerst entfernt, da stackit_network_area nicht definiert war | ||||
| module "sg" { | ||||
|   source   = "../security-group" | ||||
|   for_each = var.security_groups | ||||
| 
 | ||||
|   project_id  = stackit_resourcemanager_project.this.project_id | ||||
|   name        = each.value.name | ||||
|   description = each.value.description | ||||
|   rules       = each.value.rules | ||||
| } | ||||
| 
 | ||||
| output "project_info" { | ||||
|   value = { | ||||
|     for k, project in stackit_resourcemanager_project.projects : k => { | ||||
|       project_id   = project.project_id | ||||
|       container_id = project.container_id | ||||
|     } | ||||
|   } | ||||
| module "net" { | ||||
|   source   = "../network" | ||||
|   for_each = var.networks | ||||
| 
 | ||||
|   project_id = stackit_resourcemanager_project.this.project_id | ||||
|   name       = each.value.name | ||||
| 
 | ||||
|   ipv4_gateway       = each.value.ipv4_gateway != null ? each.value.ipv4_gateway : null | ||||
|   ipv4_nameservers   = each.value.ipv4_nameservers != [] ? each.value.ipv4_nameservers : [] | ||||
|   ipv4_prefix        = each.value.ipv4_prefix != null ? each.value.ipv4_prefix : null | ||||
|   ipv4_prefix_length = each.value.ipv4_prefix_length != null ? each.value.ipv4_prefix_length : null | ||||
|   ipv6_gateway       = each.value.ipv6_gateway != null ? each.value.ipv6_gateway : null | ||||
|   ipv6_nameservers   = each.value.ipv6_nameservers != [] ? each.value.ipv6_nameservers : [] | ||||
|   ipv6_prefix        = each.value.ipv6_prefix != null ? each.value.ipv6_prefix : null | ||||
|   ipv6_prefix_length = each.value.ipv6_prefix_length != null ? each.value.ipv6_prefix_length : null | ||||
|   labels             = each.value.labels != {} ? each.value.labels : {} | ||||
|   no_ipv4_gateway    = each.value.no_ipv4_gateway | ||||
|   no_ipv6_gateway    = each.value.no_ipv6_gateway | ||||
|   routed             = each.value.routed != null ? each.value.routed : true | ||||
| 
 | ||||
|   nic_ipv4               = each.value.nic_ipv4 | ||||
|   nic_name               = each.value.nic_name != null ? each.value.nic_name : null | ||||
|   nic_allowed_addresses  = each.value.nic_allowed_addresses | ||||
|   nic_labels             = each.value.nic_labels != {} ? each.value.nic_labels : {} | ||||
|   nic_security           = each.value.nic_security | ||||
|   nic_security_group_ids = each.value.nic_security_group_ids | ||||
| } | ||||
| 
 | ||||
| module "pg" { | ||||
|   source   = "../postgres" | ||||
|   for_each = var.postgres_instances | ||||
| 
 | ||||
|   project_id      = stackit_resourcemanager_project.this.project_id | ||||
|   name            = each.value.name | ||||
|   ver             = each.value.version | ||||
|   flavor          = each.value.flavor | ||||
|   storage         = each.value.storage | ||||
|   replicas        = each.value.replicas | ||||
|   acl             = each.value.acl | ||||
|   backup_schedule = each.value.backup_schedule | ||||
|   users           = each.value.users | ||||
|   databases       = each.value.databases | ||||
| } | ||||
| 
 | ||||
| module "ske" { | ||||
|   source   = "../ske" | ||||
|   for_each = var.ske_clusters | ||||
| 
 | ||||
|   project_id             = stackit_resourcemanager_project.this.project_id | ||||
|   name                   = each.value.name | ||||
|   kubernetes_version_min = each.value.kubernetes_version_min | ||||
|   node_pools             = each.value.node_pools | ||||
| } | ||||
| 
 | ||||
| module "obs" { | ||||
|   source   = "../observability" | ||||
|   for_each = var.observability_instances | ||||
| 
 | ||||
|   project_id = stackit_resourcemanager_project.this.project_id | ||||
|   name       = each.value.name | ||||
|   plan_name  = each.value.plan_name | ||||
| } | ||||
|  |  | |||
							
								
								
									
										0
									
								
								project/output.tf
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										0
									
								
								project/output.tf
									
									
									
									
									
										Normal file
									
								
							
							
								
								
									
										9
									
								
								project/providers.tf
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										9
									
								
								project/providers.tf
									
									
									
									
									
										Normal file
									
								
							|  | @ -0,0 +1,9 @@ | |||
| terraform { | ||||
|   required_version = ">= 1.9.0" | ||||
|   required_providers { | ||||
|     stackit = { | ||||
|       source  = "stackitcloud/stackit" | ||||
|       version = "0.56.0" | ||||
|     } | ||||
|   } | ||||
| } | ||||
|  | @ -1,10 +1,140 @@ | |||
| variable "organization_id" { | ||||
|   description = "Empfängt die Container-ID der Organisation vom Root-Modul." | ||||
|   type        = string | ||||
|   type = string | ||||
| } | ||||
| 
 | ||||
| variable "sna_net" { | ||||
|   description = "SNA Transfer Network" | ||||
|   type        = string | ||||
| variable "name" { | ||||
|   type = string | ||||
| } | ||||
| 
 | ||||
| variable "description" { | ||||
|   type    = string | ||||
|   default = null | ||||
| } | ||||
| 
 | ||||
| variable "labels" { | ||||
|   type    = map(string) | ||||
|   default = {} | ||||
| } | ||||
| 
 | ||||
| variable "project_id" { | ||||
|   type    = string | ||||
|   default = null | ||||
| } | ||||
| 
 | ||||
| variable "owner_email" { | ||||
|   type    = string | ||||
|   default = null | ||||
| } | ||||
| 
 | ||||
| variable "security_groups" { | ||||
|   type = map(object({ | ||||
|     name        = string | ||||
|     description = optional(string) | ||||
|     labels      = optional(map(string)) | ||||
|     stateful    = optional(bool) | ||||
|     rules       = list(object({ | ||||
|       description               = optional(string) | ||||
|       direction                 = string | ||||
|       ether_type                = optional(string) | ||||
|       ip_range                  = optional(string) | ||||
|       protocol                  = optional(object({ | ||||
|                                 name   = optional(string) | ||||
|                                 number = optional(number) | ||||
|                               })) | ||||
|       port_range                = optional(object({ | ||||
|                                 min = number | ||||
|                                 max = number | ||||
|                               })) | ||||
|       remote_security_group_id  = optional(string) | ||||
|     })) | ||||
|   })) | ||||
|   default = {} | ||||
| } | ||||
| 
 | ||||
| variable "networks" { | ||||
|   type = map(object({ | ||||
|     name               = string | ||||
|     ipv4_gateway       = optional(string) | ||||
|     ipv4_nameservers   = optional(list(string)) | ||||
|     ipv4_prefix        = optional(string) | ||||
|     ipv4_prefix_length = optional(number) | ||||
|     ipv6_gateway       = optional(string) | ||||
|     ipv6_nameservers   = optional(list(string)) | ||||
|     ipv6_prefix        = optional(string) | ||||
|     ipv6_prefix_length = optional(number) | ||||
|     labels             = optional(map(string)) | ||||
|     no_ipv4_gateway    = optional(bool) | ||||
|     no_ipv6_gateway    = optional(bool) | ||||
|     routed             = optional(bool) | ||||
| 
 | ||||
|     nic_ipv4               = optional(string) | ||||
|     nic_name               = optional(string) | ||||
|     nic_allowed_addresses  = optional(list(string)) | ||||
|     nic_labels             = optional(map(string)) | ||||
|     nic_security           = optional(bool) | ||||
|     nic_security_group_ids = optional(list(string)) | ||||
|   })) | ||||
|   default = {} | ||||
| } | ||||
| 
 | ||||
| variable "postgres_instances" { | ||||
|   type = map(object({ | ||||
|     acl             = list(string) | ||||
|     backup_schedule = string | ||||
| 
 | ||||
|     flavor = object({ | ||||
|       cpu = number | ||||
|       ram = number | ||||
|     }) | ||||
| 
 | ||||
|     name     = string | ||||
|     replicas = number | ||||
| 
 | ||||
|     storage = object({ | ||||
|       class = string | ||||
|       size  = number | ||||
|     }) | ||||
| 
 | ||||
|     version = string | ||||
|     region  = optional(string) | ||||
| 
 | ||||
|     databases = optional(list(object({ | ||||
|       instance_id = optional(string) | ||||
|       name        = string | ||||
|       owner       = string | ||||
|       region      = optional(string) | ||||
|     }))) | ||||
| 
 | ||||
|     users = optional(list(object({ | ||||
|       instance_id = optional(string) | ||||
|       roles       = set(string) | ||||
|       username    = string | ||||
|       region      = optional(string) | ||||
|     }))) | ||||
|   })) | ||||
|   default = {} | ||||
| } | ||||
| 
 | ||||
| variable "ske_clusters" { | ||||
|   type = map(object({ | ||||
|     name                   = string | ||||
|     kubernetes_version_min = string | ||||
|     node_pools             = list(object({ | ||||
|       name               = string | ||||
|       machine_type       = string | ||||
|       availability_zones = list(string) | ||||
|       volume_size        = number | ||||
|       minimum            = number | ||||
|       maximum            = number | ||||
|     })) | ||||
|   })) | ||||
|   default = {} | ||||
| } | ||||
| 
 | ||||
| variable "observability_instances" { | ||||
|   type = map(object({ | ||||
|     name      = string | ||||
|     plan_name = string | ||||
|   })) | ||||
|   default = {} | ||||
| } | ||||
|  |  | |||
							
								
								
									
										34
									
								
								project_old/main.tf
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										34
									
								
								project_old/main.tf
									
									
									
									
									
										Normal file
									
								
							|  | @ -0,0 +1,34 @@ | |||
| variable "projects" { | ||||
|   type = map(object({ | ||||
|     name        = string | ||||
|     owner_email = string | ||||
|   })) | ||||
|   default = { | ||||
|     project1 = { | ||||
|       name        = "project-alpha" | ||||
|       owner_email = "michael.sodan@stackit.cloud" | ||||
|     } | ||||
|     project2 = { | ||||
|       name        = "project-beta" | ||||
|       owner_email = "michael.sodan@stackit.cloud" | ||||
|     } | ||||
|   } | ||||
| } | ||||
| 
 | ||||
| resource "stackit_resourcemanager_project" "projects" { | ||||
|   for_each            = var.projects | ||||
|   parent_container_id = var.organization_id # Nutzt jetzt die übergebene Variable | ||||
|   name                = each.value.name | ||||
|   owner_email         = each.value.owner_email | ||||
|   # labels = { ... } # Vorerst entfernt, da stackit_network_area nicht definiert war | ||||
| } | ||||
| 
 | ||||
| output "project_info" { | ||||
|   value = { | ||||
|     for k, project in stackit_resourcemanager_project.projects : k => { | ||||
|       project_id   = project.project_id | ||||
|       container_id = project.container_id | ||||
|     } | ||||
|   } | ||||
| } | ||||
| 
 | ||||
							
								
								
									
										10
									
								
								project_old/variables.tf
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										10
									
								
								project_old/variables.tf
									
									
									
									
									
										Normal file
									
								
							|  | @ -0,0 +1,10 @@ | |||
| variable "organization_id" { | ||||
|   description = "Empfängt die Container-ID der Organisation vom Root-Modul." | ||||
|   type        = string | ||||
| } | ||||
| 
 | ||||
| variable "sna_net" { | ||||
|   description = "SNA Transfer Network" | ||||
|   type        = string | ||||
| } | ||||
| 
 | ||||
|  | @ -13,7 +13,7 @@ resource "stackit_security_group_rule" "rule" { | |||
| 
 | ||||
|   direction         = var.rules[count.index].direction | ||||
|   project_id        = var.project_id | ||||
|   security_group_id = stackit_security_group.this.id | ||||
|   security_group_id = stackit_security_group.this.security_group_id | ||||
| 
 | ||||
|   description              = var.rules[count.index].description | ||||
|   ether_type               = var.rules[count.index].ether_type | ||||
|  |  | |||
|  | @ -17,7 +17,7 @@ variable "description" { | |||
| variable "rules" { | ||||
|   description = "List of rules to attach to this security-group" | ||||
|   type = list(object({ | ||||
|     direction   = string | ||||
|     direction = string | ||||
|     description = optional(string) | ||||
|     ether_type  = optional(string) | ||||
|     icmp_parameters = optional(object({ | ||||
|  | @ -30,12 +30,12 @@ variable "rules" { | |||
|       max = number | ||||
|     })) | ||||
|     protocol = optional(object({ | ||||
|       name = optional(string) | ||||
|       name   = optional(string) | ||||
|     })) | ||||
|     remote_security_group_id = optional(string) | ||||
|   })) | ||||
|   default = [] | ||||
|   validation { | ||||
|     validation { | ||||
|     condition = alltrue([ | ||||
|       for rule in var.rules : contains(["ingress", "egress"], rule.direction) | ||||
|       # ... need more validations  | ||||
|  |  | |||
		Loading…
	
		Reference in a new issue