# ----------------------------------------------------------------------------- # STACKIT Cloud: Core Configuration Variables # ----------------------------------------------------------------------------- # Provider region where STACKIT services will be deployed variable "region" { description = "Provider region for STACKIT Cloud" type = string default = "eu01" } # Token for service account authentication (sensitive) variable "service_account_token" { description = "Service account token for authentication" sensitive = true type = string default = null } # ----------------------------------------------------------------------------- # Subscriber Network Area (SNA) & Project Settings # ----------------------------------------------------------------------------- # ID of the STACKIT organization container variable "organization_id" { description = "STACKIT organization container ID" type = string } # Local path to the JSON key for the service account variable "service_account_key_path" { description = "Path to service account JSON key" type = string default = "/Users/schlenz/.stackit/sa.json" } # Fallback region for resources if none specified variable "default_region" { description = "Default region fallback for created resources" type = string default = "eu01" } # Name for the Service Network Area (SNA) variable "SNA_name" { description = "Name of the Service Network Area to create" type = string } # List of CIDR prefixes for the Service Network Area network ranges variable "SNA_network_ranges" { description = "CIDR list for the Service Network Area" type = list(object({ prefix = string })) } # CIDR block used for transfer network within the SNA variable "SNA_transfer_network" { description = "Transfer network CIDR for the SNA" type = string } # Map of project keys to project definitions (name and owner email) variable "Projects_map" { description = "Map of STACKIT projects to create" type = map(object({ name = string owner_email = string })) } # Default labels applied to resources where supported variable "labels" { description = "Default labels to apply where supported" type = map(string) default = {} } # Security group definitions, including rules and associations variable "security_groups" { description = "Map of security group definitions" type = map(object({ name = optional(string) project_key = string description = optional(string) rules = list(object({ direction = string # e.g., ingress or egress description = optional(string) # description of the rule ether_type = optional(string) # IPv4 or IPv6 icmp_parameters = optional(object({ # ICMP type/code when applicable type = optional(number) code = optional(number) })) ip_range = optional(string) # source/destination IP range port_range = optional(object({ # TCP/UDP port range min = number max = number })) protocol = optional(object({ # protocol name/number name = optional(string) number = optional(number) })) remote_security_group_id = optional(string) # reference another group })) })) } # ----------------------------------------------------------------------------- # PostgreSQL Database Instances # ----------------------------------------------------------------------------- # Definitions for PostgreSQL instances (name, sizing, ACLs, users, and databases) variable "postgres_instances" { description = "Map of PostgreSQL instances to create" type = map(object({ name = string project_key = string version = number flavor = object({ cpu = number, ram = number }) storage = object({ class = string, size = number }) replicas = number acl = list(string) # allowed IP CIDRs backup_schedule = string # cron-like schedule users = list(object({ # DB users and their roles username = string roles = set(string) })) databases = list(object({ # databases to create name = string owner = string })) })) } # ----------------------------------------------------------------------------- # Virtual Networks per Project # ----------------------------------------------------------------------------- # Network definitions, including IPv4/IPv6 settings, labels, and NICs variable "networks" { description = "Map of network definitions per project" type = map(object({ name = string project_key = string # IPv4 configuration ipv4_gateway = optional(string) ipv4_nameservers = optional(list(string)) ipv4_prefix = optional(string) ipv4_prefix_length = optional(number) # IPv6 configuration ipv6_gateway = optional(string) ipv6_nameservers = optional(list(string)) ipv6_prefix = optional(string) ipv6_prefix_length = optional(number) # Additional flags and resource labels labels = optional(map(string)) no_ipv4_gateway = optional(bool) no_ipv6_gateway = optional(bool) routed = optional(bool) # Network interface cards (NICs) definitions nics = optional(map(object({ nic_ipv4 = optional(string) nic_name = string nic_allowed_addresses = optional(list(string)) nic_labels = optional(map(string)) nic_security = optional(bool) nic_security_group_ids = optional(list(string)) nic_security_group_names = optional(list(string)) }))) })) default = {} } # ----------------------------------------------------------------------------- # SKE Kubernetes Clusters # ----------------------------------------------------------------------------- # Configuration for SKE clusters, node pools, and optional extensions variable "ske_clusters" { description = "Map of SKE cluster definitions" type = map(object({ name = string project_key = string kubernetes_version_min = optional(string) # Scheduled cluster hibernations hibernations = optional(list(object({ start = string # local time window start end = string # local time window end timezone = optional(string) # timezone of the schedule }))) # Maintenance window settings maintenance = optional(object({ enable_kubernetes_version_updates = bool enable_machine_image_version_updates = bool start = string end = string })) # Cluster extensions (ACL, Argus monitoring) extensions = optional(object({ acl = optional(object({ enabled = bool allowed_cidrs = list(string) })) argus = optional(object({ enabled = bool argus_instance_id = string })) })) # Node pool definitions (machine types, scaling, labels, taints) node_pools = list(object({ name = string machine_type = string availability_zones = list(string) minimum = number maximum = number allow_system_components = optional(bool) cri = optional(string) labels = optional(map(string)) max_surge = optional(number) max_unavailable = optional(number) os_name = optional(string) os_version_min = optional(string) volume_size = optional(number) volume_type = optional(string) taints = optional(list(object({ effect = string key = string value = optional(string) }))) })) })) default = {} } # ----------------------------------------------------------------------------- # Observability Instances (Monitoring & Alerting) # ----------------------------------------------------------------------------- # Definitions for Observability service instances and alert configurations variable "observability_instances" { description = "Map of Observability instances to create" type = map(object({ name = string project_key = string plan_name = string # e.g., Observability-Medium-EU01 # Retention and ACL settings acl = optional(list(string)) metrics_retention_days = optional(number) metrics_retention_days_5m_downsampling = optional(number) metrics_retention_days_1h_downsampling = optional(number) alert_config = optional(any) parameters = optional(map(string)) # Credential generation settings create_credentials = optional(bool, true) credentials_count = optional(number, 1) # Alert group definitions alertgroups = optional(map(object({ name = string interval = optional(string) rules = list(object({ alert = string expression = string for = optional(string) labels = optional(map(string)) annotations = optional(map(string)) })) })), {}) # Log alert group definitions logalertgroups = optional(map(object({ name = string interval = optional(string) rules = list(object({ alert = string expression = string for = optional(string) labels = optional(map(string)) annotations = optional(map(string)) })) })), {}) # Scrape configuration for metrics collection scrapeconfigs = optional(map(object({ name = string metrics_path = string targets = list(object({ urls = list(string) labels = optional(map(string)) })) basic_auth = optional(object({ username = string password = string })) saml2 = optional(object({ enable_url_parameters = optional(bool) })) sample_limit = optional(number) scheme = optional(string) scrape_interval = optional(string) scrape_timeout = optional(string) })), {}) })) default = {} validation { condition = alltrue([ for k, v in var.observability_instances : contains([ "Observability-Medium-EU01", "Observability-Monitoring-XL-EU01", "Observability-Large-EU01", "Observability-Monitoring-Basic-EU01", "Observability-Monitoring-Large-EU01", "Observability-Basic-EU01", "Observability-Monitoring-Medium-EU01", "Observability-Monitoring-XXL-EU01", "Observability-Metrics-Endpoint-100k-EU01", "Observability-Frontend-Starter-EU01", "Observability-Monitoring-Starter-EU01", "Observability-Starter-EU01", ], v.plan_name) ]) error_message = <<-EOM One or more observability_instances specify an invalid plan_name. See the provider error output for supported plans. Allowed: Observability-Medium-EU01 Observability-Monitoring-XL-EU01 Observability-Large-EU01 Observability-Monitoring-Basic-EU01 Observability-Monitoring-Large-EU01 Observability-Basic-EU01 Observability-Monitoring-Medium-EU01 Observability-Monitoring-XXL-EU01 Observability-Metrics-Endpoint-100k-EU01 Observability-Frontend-Starter-EU01 Observability-Monitoring-Starter-EU01 Observability-Starter-EU01 EOM } }