Compare commits
15 commits
| Author | SHA1 | Date | |
|---|---|---|---|
| 76a1c17bad | |||
| d62221db85 | |||
| 938455bd7c | |||
| 9695f5a95f | |||
| df457fe625 | |||
| b4e80ed22e | |||
| 63332e09be | |||
| f71eae3c63 | |||
| 85ae1a1918 | |||
| 96325e4c43 | |||
| 16a204faa7 | |||
| 370b15a328 | |||
| 7345619f23 | |||
| bb841ad2a3 | |||
| a495f53751 |
31 changed files with 1308 additions and 718 deletions
3
.gitignore
vendored
3
.gitignore
vendored
|
|
@ -1,3 +1,4 @@
|
|||
.terraform*
|
||||
terraform.tfstate*
|
||||
.env
|
||||
.env
|
||||
kubeconfig*
|
||||
106
01-network.tf
106
01-network.tf
|
|
@ -1,106 +0,0 @@
|
|||
// ------- project 1 - landingzone ------------
|
||||
// This file defines the network setup for the first project landingzone.
|
||||
resource "stackit_network" "wan_network" {
|
||||
project_id = module.project.project_info["project1"].project_id
|
||||
name = "wan_network"
|
||||
ipv4_nameservers = ["1.1.1.1", "8.8.8.8"]
|
||||
ipv4_prefix_length = 24
|
||||
ipv4_prefix = "10.220.0.0/24"
|
||||
routed = true
|
||||
}
|
||||
|
||||
resource "stackit_network" "lan_network1" {
|
||||
project_id = module.project.project_info["project1"].project_id
|
||||
name = "lan_network1"
|
||||
ipv4_prefix_length = 24
|
||||
ipv4_prefix = "10.220.1.0/24"
|
||||
routed = true
|
||||
}
|
||||
|
||||
resource "stackit_network" "lan_network2" {
|
||||
project_id = module.project.project_info["project1"].project_id
|
||||
name = "lan_network2"
|
||||
ipv4_prefix_length = 24
|
||||
ipv4_prefix = "10.220.2.0/24"
|
||||
routed = true
|
||||
}
|
||||
|
||||
resource "stackit_network" "lan_network3" {
|
||||
project_id = module.project.project_info["project1"].project_id
|
||||
name = "lan_network3"
|
||||
ipv4_prefix_length = 24
|
||||
ipv4_prefix = "10.220.3.0/24"
|
||||
routed = false
|
||||
}
|
||||
|
||||
resource "stackit_network_interface" "wan" {
|
||||
project_id = module.project.project_info["project1"].project_id
|
||||
network_id = stackit_network.wan_network.network_id
|
||||
security = false
|
||||
name = "MGMT"
|
||||
ipv4 = "10.220.0.254"
|
||||
|
||||
}
|
||||
|
||||
resource "stackit_network_interface" "lan1" {
|
||||
project_id = module.project.project_info["project1"].project_id
|
||||
network_id = stackit_network.lan_network1.network_id
|
||||
security = false
|
||||
name = "LAN1"
|
||||
}
|
||||
|
||||
resource "stackit_network_interface" "lan2" {
|
||||
project_id = module.project.project_info["project1"].project_id
|
||||
network_id = stackit_network.lan_network2.network_id
|
||||
security = false
|
||||
name = "LAN2"
|
||||
}
|
||||
|
||||
resource "stackit_network_interface" "lan3" {
|
||||
project_id = module.project.project_info["project1"].project_id
|
||||
network_id = stackit_network.lan_network3.network_id
|
||||
security = false
|
||||
name = "LAN3"
|
||||
}
|
||||
|
||||
# ---------- project 2 core ------------------
|
||||
// This file defines the network setup for the second project (core).
|
||||
|
||||
resource "stackit_network" "p2_lan_network1" {
|
||||
project_id = module.project.project_info["project2"].project_id
|
||||
name = "p2_lan_network"
|
||||
ipv4_prefix_length = 24
|
||||
ipv4_prefix = "10.220.5.0/24"
|
||||
routed = true
|
||||
}
|
||||
|
||||
resource "stackit_network_interface" "p2_lan1" {
|
||||
project_id = module.project.project_info["project2"].project_id
|
||||
network_id = stackit_network.p2_lan_network1.network_id
|
||||
security = true
|
||||
name = "P2LAN1"
|
||||
security_group_ids = [ stackit_security_group.example.security_group_id ]
|
||||
}
|
||||
|
||||
|
||||
// ---------- public IPs ------------------
|
||||
// This file defines the public IPs for the projects.
|
||||
resource "stackit_public_ip" "wan_ip" {
|
||||
project_id = module.project.project_info["project1"].project_id
|
||||
network_interface_id = stackit_network_interface.wan.network_interface_id
|
||||
}
|
||||
|
||||
/*resource "stackit_public_ip" "wan_server" {
|
||||
project_id = module.project.project_info["project2"].project_id
|
||||
network_interface_id = stackit_network_interface.p2_wan_interface1.network_interface_id
|
||||
}
|
||||
*/
|
||||
|
||||
// Output the public IPs for both projects
|
||||
output "public_ips" {
|
||||
value = {
|
||||
"wan_ip" = stackit_public_ip.wan_ip.ip
|
||||
//"wan_server" = stackit_public_ip.wan_server.ip
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -1,51 +0,0 @@
|
|||
|
||||
// Security Group and Security Group Rules
|
||||
resource "stackit_security_group" "example" {
|
||||
project_id = module.project.project_info["project2"].project_id
|
||||
name = "test"
|
||||
labels = {
|
||||
"key" = "example"
|
||||
}
|
||||
}
|
||||
|
||||
resource "stackit_security_group_rule" "icmp_ingress" {
|
||||
security_group_id = stackit_security_group.example.security_group_id
|
||||
project_id = module.project.project_info["project2"].project_id
|
||||
direction = "ingress"
|
||||
icmp_parameters = {
|
||||
code = 0
|
||||
type = 8
|
||||
}
|
||||
protocol = {
|
||||
name = "icmp"
|
||||
}
|
||||
}
|
||||
resource "stackit_security_group_rule" "icmp_egress" {
|
||||
project_id = module.project.project_info["project2"].project_id
|
||||
security_group_id = stackit_security_group.example.security_group_id
|
||||
direction = "egress"
|
||||
icmp_parameters = {
|
||||
code = 0
|
||||
type = 8
|
||||
}
|
||||
protocol = {
|
||||
name = "icmp"
|
||||
}
|
||||
}
|
||||
|
||||
resource "stackit_security_group_rule" "ssh_ingress" {
|
||||
security_group_id = stackit_security_group.example.security_group_id
|
||||
project_id = module.project.project_info["project2"].project_id
|
||||
direction = "ingress"
|
||||
|
||||
protocol = {
|
||||
name = "tcp"
|
||||
}
|
||||
port_range = {
|
||||
max = 22
|
||||
min = 22
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
|
@ -1,66 +0,0 @@
|
|||
module "security_groups" {
|
||||
source = "../security-group"
|
||||
|
||||
for_each = var.security_groups
|
||||
|
||||
project_id = var.project_id
|
||||
name = each.value.name
|
||||
description = each.value.description
|
||||
rules = each.value.rules
|
||||
}
|
||||
|
||||
# module "postgres" {
|
||||
# source = "../postgres"
|
||||
|
||||
# for_each = var.postgres_instances
|
||||
|
||||
# project_id = var.project_id
|
||||
# name = each.value.name
|
||||
# ver = each.value.version
|
||||
# flavor = each.value.flavor
|
||||
# storage = each.value.storage
|
||||
# replicas = each.value.replicas
|
||||
# acl = each.value.acl
|
||||
# backup_schedule = each.value.backup_schedule
|
||||
# users = each.value.users
|
||||
# databases = each.value.databases
|
||||
# }
|
||||
|
||||
# module "net" {
|
||||
# source = "../network"
|
||||
|
||||
# for_each = var.routed_networks
|
||||
|
||||
# project_id = var.project_id
|
||||
# name = each.value.name
|
||||
|
||||
# ipv4_nameservers = each.value.ipv4_nameservers
|
||||
# labels = each.value.labels
|
||||
|
||||
# static_ipv4 = each.value.static_ipv4
|
||||
# nic_name = each.value.nic_name
|
||||
# nic_allowed_addresses = each.value.nic_allowed_addresses
|
||||
# nic_labels = each.value.nic_labels
|
||||
# nic_security = each.value.nic_security
|
||||
# nic_security_group_ids = each.value.nic_security_group_ids
|
||||
# }
|
||||
|
||||
# module "ske" {
|
||||
# source = "../ske"
|
||||
|
||||
# for_each = var.ske_clusters
|
||||
|
||||
# project_id = var.project_id
|
||||
# name = each.value.name
|
||||
# kubernetes_version_min = each.value.kubernetes_version_min
|
||||
# node_pools = each.value.node_pools
|
||||
# }
|
||||
|
||||
# module "observability" {
|
||||
# source = "../observability"
|
||||
|
||||
# for_each = var.observability_instances
|
||||
# project_id = var.project_id
|
||||
# name = each.value.name
|
||||
# plan_name = each.value.plan_name
|
||||
# }
|
||||
|
|
@ -1,15 +0,0 @@
|
|||
terraform {
|
||||
required_version = ">= 1.9.0"
|
||||
required_providers {
|
||||
stackit = {
|
||||
source = "stackitcloud/stackit"
|
||||
version = "0.56.0"
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
provider "stackit" {
|
||||
default_region = var.region
|
||||
service_account_token = var.service_account_token
|
||||
enable_beta_resources = true
|
||||
}
|
||||
|
|
@ -1,148 +0,0 @@
|
|||
region = "eu01"
|
||||
service_account_token = ""
|
||||
project_id = ""
|
||||
|
||||
security_groups = {
|
||||
ssh_ingress_group = {
|
||||
name = "ssh-ingress-group"
|
||||
description = "ALLOW SSH ingress"
|
||||
rules = [
|
||||
{ description = "SSH RULE 1"
|
||||
direction = "ingress"
|
||||
ether_type = "IPv4"
|
||||
ip_range = "0.0.0.0/0"
|
||||
protocol = {
|
||||
name = "tcp"
|
||||
}
|
||||
port_range = {
|
||||
min = 22
|
||||
max = 22
|
||||
}
|
||||
},
|
||||
]
|
||||
},
|
||||
|
||||
web_traffic_group = {
|
||||
name = "web-traffic-group"
|
||||
description = "ALLOW WEB TRAFFIC ingress"
|
||||
rules = [
|
||||
{ description = "ALLOW ALL 80"
|
||||
direction = "ingress"
|
||||
ether_type = "IPv4"
|
||||
ip_range = "0.0.0.0/0"
|
||||
protocol = {
|
||||
name = "tcp"
|
||||
}
|
||||
port_range = {
|
||||
min = 80
|
||||
max = 80
|
||||
}
|
||||
},
|
||||
{ description = "ALLOW ALL 443"
|
||||
direction = "ingress"
|
||||
ether_type = "IPv4"
|
||||
ip_range = "0.0.0.0/0"
|
||||
protocol = {
|
||||
name = "tcp"
|
||||
}
|
||||
port_range = {
|
||||
min = 443
|
||||
max = 443
|
||||
}
|
||||
},
|
||||
]
|
||||
},
|
||||
|
||||
}
|
||||
|
||||
postgres_instances = {
|
||||
dev = {
|
||||
name = "pg-test-instance"
|
||||
version = 17
|
||||
flavor = {
|
||||
cpu = 2,
|
||||
ram = 4
|
||||
}
|
||||
storage = {
|
||||
class = "premium-perf6-stackit",
|
||||
size = 20
|
||||
}
|
||||
replicas = 1
|
||||
acl = ["0.0.0.0/0"]
|
||||
backup_schedule = "00 00 * * *"
|
||||
|
||||
users = [
|
||||
{ username = "admin",
|
||||
roles = ["login", "createdb"]
|
||||
},
|
||||
{ username = "testusr",
|
||||
roles = ["login"]
|
||||
}
|
||||
]
|
||||
|
||||
databases = [
|
||||
{
|
||||
name = "test_db",
|
||||
owner = "admin"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
|
||||
routed_networks = {
|
||||
web = {
|
||||
name = "web-net"
|
||||
ipv4_nameservers = ["1.1.1.1", "8.8.8.8"]
|
||||
labels = {
|
||||
env = "prod"
|
||||
}
|
||||
}
|
||||
|
||||
db = {
|
||||
name = "db-net"
|
||||
static_ipv4 = "10.0.2.120"
|
||||
nic_security = false
|
||||
}
|
||||
}
|
||||
|
||||
ske_clusters = {
|
||||
dev = {
|
||||
name = "dev-cluster"
|
||||
kubernetes_version_min = "1.31"
|
||||
node_pools = [
|
||||
{ name = "default"
|
||||
machine_type = "c2.1"
|
||||
availability_zones = ["eu01-1", "eu01-2"]
|
||||
volume_size = 40
|
||||
minimum = 1
|
||||
maximum = 3
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
staging = {
|
||||
name = "staging-cluster"
|
||||
kubernetes_version_min = "1.31"
|
||||
node_pools = [
|
||||
{ name = "general"
|
||||
machine_type = "c2.2"
|
||||
availability_zones = ["eu03-1", "eu03-2"]
|
||||
volume_size = 80
|
||||
minimum = 2
|
||||
maximum = 4
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
|
||||
observability_instances = {
|
||||
starter = {
|
||||
name = "Observability-1"
|
||||
plan_name = "Observability-Starter-EU01"
|
||||
}
|
||||
|
||||
prod = {
|
||||
name = "Observability-2"
|
||||
plan_name = "Observability-Large-EU01"
|
||||
}
|
||||
}
|
||||
|
|
@ -1,101 +0,0 @@
|
|||
variable "region" {
|
||||
description = "Region for the STACKIT Cloud"
|
||||
type = string
|
||||
default = "eu01"
|
||||
}
|
||||
|
||||
variable "project_id" {
|
||||
description = "STACKIT Cloud project ID"
|
||||
type = string
|
||||
}
|
||||
|
||||
variable "service_account_token" {
|
||||
description = "Service account token for authentication"
|
||||
sensitive = true
|
||||
type = string
|
||||
}
|
||||
|
||||
variable "security_groups" {
|
||||
type = map(object({
|
||||
name = optional(string)
|
||||
description = optional(string)
|
||||
rules = list(object({
|
||||
direction = string
|
||||
description = optional(string)
|
||||
ether_type = optional(string)
|
||||
icmp_parameters = optional(object({
|
||||
type = optional(number)
|
||||
code = optional(number)
|
||||
}))
|
||||
ip_range = optional(string)
|
||||
port_range = optional(object({
|
||||
min = number
|
||||
max = number
|
||||
}))
|
||||
protocol = optional(object({
|
||||
name = optional(string)
|
||||
number = optional(number)
|
||||
}))
|
||||
remote_security_group_id = optional(string)
|
||||
}))
|
||||
}))
|
||||
}
|
||||
|
||||
variable "postgres_instances" {
|
||||
type = map(object({
|
||||
name = string
|
||||
version = number
|
||||
flavor = object({ cpu = number, ram = number })
|
||||
storage = object({ class = string, size = number })
|
||||
replicas = number
|
||||
acl = list(string)
|
||||
backup_schedule = string
|
||||
users = list(object({
|
||||
username = string
|
||||
roles = set(string)
|
||||
}))
|
||||
databases = list(object({
|
||||
name = string
|
||||
owner = string
|
||||
}))
|
||||
}))
|
||||
}
|
||||
|
||||
variable "routed_networks" {
|
||||
type = map(object({
|
||||
name = string
|
||||
|
||||
ipv4_nameservers = optional(list(string))
|
||||
labels = optional(map(string))
|
||||
|
||||
static_ipv4 = optional(string)
|
||||
nic_name = optional(string)
|
||||
|
||||
nic_allowed_addresses = optional(list(string))
|
||||
nic_labels = optional(map(string))
|
||||
nic_security = optional(bool)
|
||||
nic_security_group_ids = optional(list(string))
|
||||
}))
|
||||
}
|
||||
|
||||
variable "ske_clusters" {
|
||||
type = map(object({
|
||||
name = string
|
||||
kubernetes_version_min = string
|
||||
node_pools = list(object({
|
||||
name = string
|
||||
machine_type = string
|
||||
availability_zones = list(string)
|
||||
volume_size = number
|
||||
minimum = number
|
||||
maximum = number
|
||||
}))
|
||||
}))
|
||||
}
|
||||
|
||||
variable "observability_instances" {
|
||||
type = map(object({
|
||||
name = string
|
||||
plan_name = string
|
||||
}))
|
||||
}
|
||||
136
main.tf
136
main.tf
|
|
@ -1,30 +1,130 @@
|
|||
# main.tf
|
||||
resource "stackit_network_area" "project_sna" {
|
||||
organization_id = var.organization_id
|
||||
name = var.SNA_name
|
||||
network_ranges = var.SNA_network_ranges
|
||||
transfer_network = var.SNA_transfer_network
|
||||
}
|
||||
|
||||
terraform {
|
||||
| ||||