# Your STACKIT organization container ID (must be provided) organization_id = "" # ----------------------------------------------------------------------------- # Projects to Create # ----------------------------------------------------------------------------- Projects_map = { "projekt-alpha" = { name = "" owner_email = "" }, "projekt-beta" = { name = "" owner_email = "" } } # ----------------------------------------------------------------------------- # Service Network Area (SNA) Settings # ----------------------------------------------------------------------------- # Name to assign to the Service Network Area SNA_name = "" # List of CIDR blocks to include in the SNA SNA_network_ranges = [ { prefix = "192.168.10.0/24" } ] # Dedicated transfer network CIDR for internal traffic SNA_transfer_network = "172.16.0.0/24" # ----------------------------------------------------------------------------- # Security Groups Definitions # ----------------------------------------------------------------------------- security_groups = { ssh_ingress_group = { name = "ssh-ingress-group" project_key = "projekt-alpha" description = "ALLOW SSH ingress" rules = [ { description = "SSH RULE 1" direction = "ingress" ether_type = "IPv4" ip_range = "0.0.0.0/0" protocol = { name = "tcp" } port_range = { min = 22 max = 22 } }, ] }, web_traffic_group = { name = "web-traffic-group" project_key = "projekt-alpha" description = "ALLOW WEB TRAFFIC ingress" rules = [ { description = "ALLOW ALL 80" direction = "ingress" ether_type = "IPv4" ip_range = "0.0.0.0/0" protocol = { name = "tcp" } port_range = { min = 80 max = 80 } }, { description = "ALLOW ALL 443" direction = "ingress" ether_type = "IPv4" ip_range = "0.0.0.0/0" protocol = { name = "tcp" } port_range = { min = 443 max = 443 } }, ] }, } # ----------------------------------------------------------------------------- # PostgreSQL Instances # ----------------------------------------------------------------------------- postgres_instances = { # Development instance “dev” dev = { name = "pg-test-instance" # Instance name project_key = "projekt-alpha" # Owning project version = 17 # PostgreSQL major version flavor = { cpu = 2 # vCPU count ram = 4 # RAM in GB } storage = { class = "premium-perf6-stackit" # Storage performance class size = 20 # Size in GB } replicas = 1 # Number of read replicas acl = ["0.0.0.0/0"] # CIDR(s) allowed to connect backup_schedule = "00 00 * * *" # Daily at midnight (cron syntax) # Database users to create users = [ { username = "adminusr" roles = ["login", "createdb"] # Permissions granted }, { username = "testusr" roles = ["login"] } ] # Databases to provision databases = [ { name = "testdb" owner = "admin" # Owner user of the database } ] } } # ----------------------------------------------------------------------------- # Network Definitions # ----------------------------------------------------------------------------- networks = { wan_network = { name = "wan_network" project_key = "projekt-beta" ipv4_nameservers = ["1.1.1.1", "8.8.8.8"] # DNS resolvers ipv4_prefix_length = 29 ipv4_prefix = "192.168.10.248/29" # Subnet CIDR routed = true } } # ----------------------------------------------------------------------------- # Observability (Metrics & Logs) Instances # ----------------------------------------------------------------------------- observability_instances = { test = { # Required instance settings name = "test-observability" project_key = "projekt-alpha" plan_name = "Observability-Large-EU01" # Choose from allowed plan list # Optional network & retention settings acl = ["192.168.100.10/32", "203.0.113.5/32"] metrics_retention_days = 30 metrics_retention_days_5m_downsampling = 10 metrics_retention_days_1h_downsampling = 5 # Credentials management create_credentials = true credentials_count = 2 # Alert groups for metrics alertgroups = { test_group = { name = "example-alert-group" interval = "60s" rules = [ { alert = "example-alert-name" expression = "kube_node_status_condition{condition=\"Ready\", status=\"false\"} > 0" for = "60s" labels = { severity = "critical" } annotations = { summary = "example summary" description = "example description" } }, { alert = "example-alert-name-2" expression = "kube_node_status_condition{condition=\"Ready\", status=\"false\"} > 0" for = "1m" labels = { severity = "critical" } annotations = { summary = "example summary" description = "example description" } }, ] } } # Log-based alert groups logalertgroups = { example_log = { name = "example-log-alert-group" interval = "60m" rules = [ { alert = "example-log-alert-name" expression = "sum(rate({namespace=\"example\", pod=\"logger\"} |= \"Simulated error message\" [1m])) > 0" for = "60s" labels = { severity = "critical" } annotations = { summary = "example summary" description = "example description" } }, { alert = "example-log-alert-name-2" expression = "sum(rate({namespace=\"example\", pod=\"logger\"} |= \"Another error message\" [1m])) > 0" for = "60s" labels = { severity = "critical" } annotations = { summary = "example summary" description = "example description" } }, ] } } # Scrape configurations for Prometheus-style scraping scrapeconfigs = { example_job = { name = "example-job" metrics_path = "/my-metrics" saml2 = { enable_url_parameters = true } targets = [ { urls = ["url1", "urls2"] labels = { "url1" = "dev" } } ] } } } } # ----------------------------------------------------------------------------- # SKE (Kubernetes) Clusters # ----------------------------------------------------------------------------- ske_clusters = { "dev-cluster" = { name = "cluster" kubernetes_version_min = "1.32.5" project_key = "projekt-alpha" node_pools = [ { name = "np" machine_type = "g1.4" availability_zones = ["eu01-2"] minimum = 1 maximum = 2 volume_size = 21 } ] } }