professional-service-best-practices/terraform-modules
14
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
terraform-modules/terraform.tfvars

285 lines
7.9 KiB
HCL
Raw Permalink Blame History

# Your STACKIT organization container ID (must be provided)
organization_id = ""
# -----------------------------------------------------------------------------
# Projects to Create
# -----------------------------------------------------------------------------
Projects_map = {
"projekt-alpha" = {
name = ""
owner_email = ""
},
"projekt-beta" = {
name = ""
owner_email = ""
}
}
# -----------------------------------------------------------------------------
# Service Network Area (SNA) Settings
# -----------------------------------------------------------------------------
# Name to assign to the Service Network Area
SNA_name = ""
# List of CIDR blocks to include in the SNA
SNA_network_ranges = [
{ prefix = "192.168.10.0/24" }
]
# Dedicated transfer network CIDR for internal traffic
SNA_transfer_network = "172.16.0.0/24"
# -----------------------------------------------------------------------------
# Security Groups Definitions
# -----------------------------------------------------------------------------
security_groups = {
ssh_ingress_group = {
name = "ssh-ingress-group"
project_key = "projekt-alpha"
description = "ALLOW SSH ingress"
rules = [
{
description = "SSH RULE 1"
direction = "ingress"
ether_type = "IPv4"
ip_range = "0.0.0.0/0"
protocol = {
name = "tcp"
}
port_range = {
min = 22
max = 22
}
},
]
},
web_traffic_group = {
name = "web-traffic-group"
project_key = "projekt-alpha"
description = "ALLOW WEB TRAFFIC ingress"
rules = [
{
description = "ALLOW ALL 80"
direction = "ingress"
ether_type = "IPv4"
ip_range = "0.0.0.0/0"
protocol = {
name = "tcp"
}
port_range = {
min = 80
max = 80
}
},
{
description = "ALLOW ALL 443"
direction = "ingress"
ether_type = "IPv4"
ip_range = "0.0.0.0/0"
protocol = {
name = "tcp"
}
port_range = {
min = 443
max = 443
}
},
]
},
}
# -----------------------------------------------------------------------------
# PostgreSQL Instances
# -----------------------------------------------------------------------------
postgres_instances = {
# Development instance “dev”
dev = {
name = "pg-test-instance" # Instance name
project_key = "projekt-alpha" # Owning project
version = 17 # PostgreSQL major version
flavor = {
cpu = 2 # vCPU count
ram = 4 # RAM in GB
}
storage = {
class = "premium-perf6-stackit" # Storage performance class
size = 20 # Size in GB
}
replicas = 1 # Number of read replicas
acl = ["0.0.0.0/0"] # CIDR(s) allowed to connect
backup_schedule = "00 00 * * *" # Daily at midnight (cron syntax)
# Database users to create
users = [
{
username = "adminusr"
roles = ["login", "createdb"] # Permissions granted
},
{
username = "testusr"
roles = ["login"]
}
]
# Databases to provision
databases = [
{
name = "testdb"
owner = "admin" # Owner user of the database
}
]
}
}
# -----------------------------------------------------------------------------
# Network Definitions
# -----------------------------------------------------------------------------
networks = {
wan_network = {
name = "wan_network"
project_key = "projekt-beta"
ipv4_nameservers = ["1.1.1.1", "8.8.8.8"] # DNS resolvers
ipv4_prefix_length = 29
ipv4_prefix = "192.168.10.248/29" # Subnet CIDR
routed = true
}
}
# -----------------------------------------------------------------------------
# Observability (Metrics & Logs) Instances
# -----------------------------------------------------------------------------
observability_instances = {
test = {
# Required instance settings
name = "test-observability"
project_key = "projekt-alpha"
plan_name = "Observability-Large-EU01" # Choose from allowed plan list
# Optional network & retention settings
acl = ["192.168.100.10/32", "203.0.113.5/32"]
metrics_retention_days = 30
metrics_retention_days_5m_downsampling = 10
metrics_retention_days_1h_downsampling = 5
# Credentials management
create_credentials = true
credentials_count = 2
# Alert groups for metrics
alertgroups = {
test_group = {
name = "example-alert-group"
interval = "60s"
rules = [
{
alert = "example-alert-name"
expression = "kube_node_status_condition{condition=\"Ready\", status=\"false\"} > 0"
for = "60s"
labels = {
severity = "critical"
}
annotations = {
summary = "example summary"
description = "example description"
}
},
{
alert = "example-alert-name-2"
expression = "kube_node_status_condition{condition=\"Ready\", status=\"false\"} > 0"
for = "1m"
labels = {
severity = "critical"
}
annotations = {
summary = "example summary"
description = "example description"
}
},
]
}
}
# Log-based alert groups
logalertgroups = {
example_log = {
name = "example-log-alert-group"
interval = "60m"
rules = [
{
alert = "example-log-alert-name"
expression = "sum(rate({namespace=\"example\", pod=\"logger\"} |= \"Simulated error message\" [1m])) > 0"
for = "60s"
labels = {
severity = "critical"
}
annotations = {
summary = "example summary"
description = "example description"
}
},
{
alert = "example-log-alert-name-2"
expression = "sum(rate({namespace=\"example\", pod=\"logger\"} |= \"Another error message\" [1m])) > 0"
for = "60s"
labels = {
severity = "critical"
}
annotations = {
summary = "example summary"
description = "example description"
}
},
]
}
}
# Scrape configurations for Prometheus-style scraping
scrapeconfigs = {
example_job = {
name = "example-job"
metrics_path = "/my-metrics"
saml2 = {
enable_url_parameters = true
}
targets = [
{
urls = ["url1", "urls2"]
labels = {
"url1" = "dev"
}
}
]
}
}
}
}
# -----------------------------------------------------------------------------
# SKE (Kubernetes) Clusters
# -----------------------------------------------------------------------------
ske_clusters = {
"dev-cluster" = {
name = "cluster"
kubernetes_version_min = "1.32.5"
project_key = "projekt-alpha"
node_pools = [
{
name = "np"
machine_type = "g1.4"
availability_zones = ["eu01-2"]
minimum = 1
maximum = 2
volume_size = 21
}
]
}
}
Reference in a new issue View git blame Copy permalink