feat: add module3-6

2025-04-28 13:11:47 +02:00 · 2025-04-28 13:11:47 +02:00 · a4b002dc61
commit a4b002dc61
parent 6d6273a33b
95 changed files with 1848 additions and 1 deletions
--- a/module4/tf/.terraform.lock.hcl
+++ b/module4/tf/.terraform.lock.hcl
@ -0,0 +1,25 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/stackitcloud/stackit" {
+  version     = "0.50.0"
+  constraints = "0.50.0"
+  hashes = [
+    "h1:uU8/DLvW8tEty0PI2sUMem43IDNSrncHuLaXaEYdGFk=",
+    "zh:0dde99e7b343fa01f8eefc378171fb8621bedb20f59157d6cc8e3d46c738105f",
+    "zh:219d678bc471b3f5030724dcdde6be3f3fa63e911b7c7a0f446b0a0b4e5f48e7",
+    "zh:4cd09155a09e320b0b68db4ba2971564f3d147c19ad991d6b7e731e26034d91c",
+    "zh:507c1e24432f0d455ac8b628c37ee20db62e89a6e85508568c2820ba52404786",
+    "zh:5aa10bfc4baad277a2bc746c83fca19911bb95a5e8821dd46f333bc621cbb453",
+    "zh:67b55ad1135ca12997b0928cb67973b11ea196299e0cf66e3e0145faec762644",
+    "zh:6d1d108edcd6794a8839d849e6ea48699875e22afeea7edd38bee3dd56dea7e8",
+    "zh:7473c28b3781c0d00294d985bd067e753a419ca8e379f91a8f6f2ce4663566ee",
+    "zh:8d234b24734f950f986322a5f084ca23bfd9b3d9fb7742b54404171cfcabc99e",
+    "zh:af0804ea918648600cc6300dffce8a7b9115d30dc88db10f962b8e596d1465e1",
+    "zh:b557940dc6387dc4cce8b100981ccaadac6bc4e6b50c566baf148d67939f8f2e",
+    "zh:d477f77ce6f807d60069c1efcfa20607088ae7ab91d22805331a7634d84c2d1c",
+    "zh:d95086e2338ceed511e798a2acc6d5cefdfff1a14f7b47b2d29b4ebc36b77a3a",
+    "zh:ea0d8d5c9cf7d5871a54dd4786c378dfd9d10416f3c4d0ea4776465e8c562e10",
+    "zh:f96af7b89dc99745f6a22c0ca2aedb18e10273251b8cbac9e2b1011c68c3c3f9",
+  ]
+}
--- a/module4/tf/README.md
+++ b/module4/tf/README.md
@ -0,0 +1,37 @@
+# Terraform
+
+## Create service account
+
+* Install CLI tool: https://github.com/stackitcloud/stackit-cli/blob/main/INSTALLATION.md
+* `stackit auth login`
+* `stackit project list`
+* `stackit config set --project-id PROJECTx-IDyy-zzzz-aaaa-DUMMYbbbbbbb`
+* `stackit service-account create --name terraform`
+* `stackit service-account list`
+
+* `stackit service-account key create --email terraform-vsPzcS7@sa.stackit.cloud > sa_key.json`
+* `stackit service-account key list --email terraform-vsPzcS7@sa.stackit.cloud`
+
+* `stackit project member add terraform-vsPzcS7@sa.stackit.cloud --role editor`
+
+## S3 Backend for tfstate
+
+`stackit object-storage enable`
+
+Note: The name must be globally unique. Use only lowercase letters, numbers or hyphens. The name should be at least 3 and at most 63 characters long.
+
+Lets use something kinda random, to have a higher chance of catching an free bucket name:
+
+* `stackit object-storage bucket create tfstate-bucket-g5el`
+* `stackit object-storage credentials-group create --name terraform-state`
+* `stackit object-storage credentials create --credentials-group-id CREDGROU-Pxxx-IDzz-aaaa-DUMMYbbbbbbb`
+
+* `terraform init --backend-config=./config.s3.tfbackend`
+
+Now we can start using Terraform.
+
+## Connect to created SKE cluster
+
+* `stackit ske cluster list`
+* `stackit ske kubeconfig create scrumlr --login`
+* `--login` ensures that authentication is performed with the stackit CLI and very short-lived credentials are used in the background, without this flag the credentials are static and and usually have a longer lifetime. If the credentials are obtained without the `--login` flag, they must be renewed manually.
--- a/module4/tf/config.s3.tfbackend.example
+++ b/module4/tf/config.s3.tfbackend.example
@ -0,0 +1,7 @@
+# Replace keys and bucket name here and rename this file to config.s3.tfbackend
+secret_key = "xxx"
+access_key = "yyy"
+bucket = "tfstate-bucket-SUFFIX"
+
+# The key can be left as it is, but can also be customized as desired (before the terraform init)
+key = "scrumlr.tfstate"
--- a/module4/tf/dns.tf
+++ b/module4/tf/dns.tf
@ -0,0 +1,5 @@
+resource "stackit_dns_zone" "scrumlr" {
+  project_id = var.project_id
+  dns_name   = var.dns_name
+  name       = "Scrumlr Zone"
+}
--- a/module4/tf/main.tf
+++ b/module4/tf/main.tf
@ -0,0 +1,36 @@
+terraform {
+  required_providers {
+    stackit = {
+      source  = "stackitcloud/stackit"
+      version = "0.50.0"
+    }
+  }
+  backend "s3" {
+
+    # Secrets and config outsourced to config.s3.tfbackend file, which is included in .gitignore
+    # See also: https://developer.hashicorp.com/terraform/language/backend#partial-configuration
+    # terraform init --backend-config=./config.s3.tfbackend
+    #bucket = "tfstate-bucket-SUFFIX"
+    #key    = "scrumlr.tfstate"
+    #secret_key                  = "SECRETKEY"
+    #access_key                  = "ACCESSKEY"
+
+    endpoints = {
+      s3 = "https://object.storage.eu01.onstackit.cloud"
+    }
+    region = "eu01"
+
+    # Also use remote locking
+    use_lockfile = true
+
+    # AWS specific checks must be skipped as they do not work on STACKIT.
+    skip_credentials_validation = true
+    skip_region_validation      = true
+    skip_s3_checksum            = true
+    skip_requesting_account_id  = true
+  }
+}
+provider "stackit" {
+  default_region           = "eu01"
+  service_account_key_path = "sa_key.json"
+}
--- a/module4/tf/postgres.tf
+++ b/module4/tf/postgres.tf
@ -0,0 +1,42 @@
+resource "stackit_postgresflex_instance" "scrumlr" {
+  project_id      = var.project_id
+  name            = "scrumlr"
+  acl             = stackit_ske_cluster.scrumlr.egress_address_ranges
+  backup_schedule = "00 00 * * *"
+  flavor = {
+    cpu = 2
+    ram = 4
+  }
+  replicas = 3
+  storage = {
+    class = "premium-perf6-stackit"
+    size  = 5
+  }
+  version = 17
+}
+
+resource "stackit_postgresflex_user" "scrumlr" {
+  project_id  = var.project_id
+  instance_id = stackit_postgresflex_instance.scrumlr.instance_id
+  username    = "scrumlr"
+  roles       = ["login", "createdb"]
+}
+
+resource "stackit_postgresflex_database" "scrumlr" {
+  project_id  = var.project_id
+  instance_id = stackit_postgresflex_instance.scrumlr.instance_id
+  owner       = stackit_postgresflex_user.scrumlr.username
+  name        = "scrumlr"
+}
+
+output "postgres_dsn" {
+  value = format(
+    "postgres://%s:%s@%s:%d/%s",
+    stackit_postgresflex_user.scrumlr.username,
+    stackit_postgresflex_user.scrumlr.password,
+    stackit_postgresflex_user.scrumlr.host,
+    stackit_postgresflex_user.scrumlr.port,
+    stackit_postgresflex_database.scrumlr.name
+  )
+  sensitive = true
+}
--- a/module4/tf/ske.tf
+++ b/module4/tf/ske.tf
@ -0,0 +1,28 @@
+resource "stackit_ske_cluster" "scrumlr" {
+  project_id             = var.project_id
+  name                   = "scrumlr"
+  kubernetes_version_min = "1.31.7"
+  node_pools = [
+    {
+      name               = "scrumlrpool"
+      machine_type       = "c1.3"
+      os_name            = "flatcar"
+      minimum            = "3"
+      maximum            = "3"
+      availability_zones = ["eu01-1", "eu01-2", "eu01-3"]
+      volume_type        = "storage_premium_perf2"
+    }
+  ]
+  maintenance = {
+    enable_kubernetes_version_updates    = true
+    enable_machine_image_version_updates = true
+    start                                = "01:00:00Z"
+    end                                  = "02:00:00Z"
+  }
+  extensions = {
+    dns = {
+      enabled = true
+      zones = [stackit_dns_zone.scrumlr.dns_name]
+    }
+  }
+}
--- a/module4/tf/terraform.tfvars.example
+++ b/module4/tf/terraform.tfvars.example
@ -0,0 +1,2 @@
+project_id = "PROJECTx-IDyy-zzzz-aaaa-DUMMYbbbbbbb" # CHANGE-ME
+dns_name   = "CHANGE-ME.stackit.gg" # CHANGE-ME
--- a/module4/tf/variables.tf
+++ b/module4/tf/variables.tf
@ -0,0 +1,9 @@
+variable "project_id" {
+  description = "The STACKIT project ID"
+  type        = string
+}
+
+variable "dns_name" {
+  description = "DNS name for generated Zone"
+  type        = string
+}