stackit-dev-tools/terraform-provider-stackitprivatepreview
3
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat: mssql alpha instance (#2)

Browse source 
* fix: remove unused attribute types and functions from backup models

* fix: update API client references to use sqlserverflexalpha package

* fix: update package references to use sqlserverflexalpha and modify user data source model

* fix: add sqlserverflexalpha user data source to provider

* fix: add sqlserverflexalpha user resource and update related functionality

* chore: add stackit_sqlserverflexalpha_user resource and instance_id variable

* fix: refactor sqlserverflexalpha user resource and enhance schema with status and default_database

---------

Co-authored-by: Andre Harms <andre.harms@stackit.cloud>
Co-authored-by: Marcel S. Henselin <marcel.henselin@stackit.cloud>
This commit is contained in:
Marcel S. Henselin 2025-12-19 08:56:46 +01:00 committed by GitHub
parent df25ceffd4
commit 5381516661
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
385 changed files with 1431 additions and 14841 deletions
Download patch file Download diff file Expand all files Collapse all files

91
docs/guides/aws_provider_s3_stackit.md
View file

@ -1,91 +0,0 @@
---
page_title: "Using AWS Provider for STACKIT Object Storage (S3 compatible)"
---
# Using AWS Provider for STACKIT Object Storage (S3 compatible)
## Overview
This guide outlines the process of utilizing the [AWS Terraform Provider](https://registry.terraform.io/providers/hashicorp/aws/latest/docs) alongside the STACKIT provider to create and manage STACKIT Object Storage (S3 compatible) resources.
## Steps
1. **Configure STACKIT Provider**
First, configure the STACKIT provider to connect to the STACKIT services.
```hcl
provider "stackit" {
default_region = "eu01"
}
```
2. **Define STACKIT Object Storage Bucket**
Create a STACKIT Object Storage Bucket and obtain credentials for the AWS provider.
```hcl
resource "stackit_objectstorage_bucket" "example" {
project_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
name = "example"
}
resource "stackit_objectstorage_credentials_group" "example" {
project_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
name = "example-credentials-group"
}
resource "stackit_objectstorage_credential" "example" {
project_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
credentials_group_id = stackit_objectstorage_credentials_group.example.credentials_group_id
expiration_timestamp = "2027-01-02T03:04:05Z"
}
```
3. **Configure AWS Provider**
Configure the AWS provider to connect to the STACKIT Object Storage bucket.
```hcl
provider "aws" {
region = "eu01"
skip_credentials_validation = true
skip_region_validation = true
skip_requesting_account_id = true
access_key = stackit_objectstorage_credential.example.access_key
secret_key = stackit_objectstorage_credential.example.secret_access_key
endpoints {
s3 = "https://object.storage.eu01.onstackit.cloud"
}
}
```
4. **Use the Provider to Manage Objects or Policies**
```hcl
resource "aws_s3_object" "test_file" {
bucket = stackit_objectstorage_bucket.example.name
key = "hello_world.txt"
source = "files/hello_world.txt"
content_type = "text/plain"
etag = filemd5("files/hello_world.txt")
}
resource "aws_s3_bucket_policy" "allow_public_read_access" {
bucket = stackit_objectstorage_bucket.example.name
policy = <<EOF
{
"Statement": [
{
"Sid": "Public GET",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "urn:sgws:s3:::example/*"
}
]
}
EOF
}
```

83
docs/guides/kubernetes_provider_ske.md
View file

@ -1,83 +0,0 @@
---
page_title: "Using Kubernetes Provider with STACKIT SKE"
---
# Using Kubernetes Provider with STACKIT SKE
## Overview
This guide outlines the process of utilizing the [HashiCorp Kubernetes provider](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs) alongside the STACKIT provider to create and manage resources in a STACKIT SKE Cluster.
## Steps
1. **Configure STACKIT Provider**
First, configure the STACKIT provider to connect to the STACKIT services.
```hcl
provider "stackit" {
default_region = "eu01"
}
```
2. **Create STACKIT SKE Cluster**
Define and create the STACKIT SKE cluster resource with the necessary specifications.
```hcl
resource "stackit_ske_cluster" "ske_cluster_01" {
project_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
name = "example-cluster"
kubernetes_version_min = "1.31"
node_pools = [
{
name = "example-node-pool"
machine_type = "g2i.4"
minimum = 1
maximum = 2
availability_zones = ["eu01-1"]
os_version_min = "3815.2.5"
os_name = "flatcar"
volume_size = 32
volume_type = "storage_premium_perf6"
}
]
}
```
3. **Define STACKIT SKE Kubeconfig**
Create a resource to obtain the kubeconfig for the newly created STACKIT SKE cluster.
```hcl
resource "stackit_ske_kubeconfig" "ske_kubeconfig_01" {
project_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
cluster_name = stackit_ske_cluster.ske_cluster_01.name
refresh = true
}
```
4. **Configure Kubernetes Provider**
Use the kubeconfig from the STACKIT SKE cluster to configure the Kubernetes provider.
```hcl
provider "kubernetes" {
host = yamldecode(stackit_ske_kubeconfig.ske_kubeconfig_01.kube_config).clusters[0].cluster.server
client_certificate = base64decode(yamldecode(stackit_ske_kubeconfig.ske_kubeconfig_01.kube_config).users[0].user["client-certificate-data"])
client_key = base64decode(yamldecode(stackit_ske_kubeconfig.ske_kubeconfig_01.kube_config).users[0].user["client-key-data"])
cluster_ca_certificate = base64decode(yamldecode(stackit_ske_kubeconfig.ske_kubeconfig_01.kube_config).clusters[0].cluster["certificate-authority-data"])
}
```
5. **Define Kubernetes Resources**
Now you can start defining Kubernetes resources that you want to manage. Here is an example of creating a Kubernetes Namespace.
```hcl
resource "kubernetes_namespace" "dev" {
metadata {
name = "dev"
}
}
```

35
docs/guides/opting_into_beta_resources.md
View file

@ -1,35 +0,0 @@
---
page_title: "Configuring Beta Resources in the STACKIT Terraform Provider"
---
# Configuring Beta Resources in the STACKIT Terraform Provider
## Overview
This guide explains how to opt into beta resources within the STACKIT Terraform provider. Beta resources are new services and features from STACKIT that are still in development and might not yet have a stable API.
Opting into beta functionality allows users to experiment with new features and services before their official release, without compromising the stability of other resources and the provider itself. However, it's important to remember that beta resources may not be as stable as fully released counterparts, so use them with caution and provide feedback to help improve these services.
## The Process of Opting into the Beta
To use beta resources in the STACKIT Terraform provider, you have two options:
### Option 1: Provider Configuration
Set the `enable_beta_resources` option in the provider configuration. This is a boolean attribute that can be either `true` or `false`.
```hcl
provider "stackit" {
default_region = "eu01"
enable_beta_resources = true
}
```
### Option 2: Environment Variable
Set the `STACKIT_TF_ENABLE_BETA_RESOURCES` environment variable to `"true"` or `"false"`. Other values will be ignored and will produce a warning.
```sh
export STACKIT_TF_ENABLE_BETA_RESOURCES=true
```
-> The environment variable takes precedence over the provider configuration option. This means that if the `STACKIT_TF_ENABLE_BETA_RESOURCES` environment variable is set to a valid value (`"true"` or `"false"`), it will override the `enable_beta_resources` option specified in the provider configuration.

251
docs/guides/scf_cloudfoundry.md
View file

@ -1,251 +0,0 @@
---
page_title: "How to provision Cloud Foundry using Terraform"
---
# How to provision Cloud Foundry using Terraform
## Objective
This tutorial demonstrates how to provision Cloud Foundry resources by
integrating the STACKIT Terraform provider with the Cloud Foundry Terraform
provider. The STACKIT Terraform provider will create a managed Cloud Foundry
organization and set up a technical "org manager" user with
`organization_manager` permissions. These credentials, along with the Cloud
Foundry API URL (retrieved dynamically from a platform data resource), are
passed to the Cloud Foundry Terraform provider to manage resources within the
new organization.
### Output
This configuration creates a Cloud Foundry organization, mirroring the structure
created via the portal. It sets up three distinct spaces: `dev`, `qa`, and
`prod`. The configuration assigns, a specified user the `organization_manager`
and `organization_user` roles at the organization level, and the
`space_developer` role in each space.
### Scope
This tutorial covers the interaction between the STACKIT Terraform provider and
the Cloud Foundry Terraform provider. It assumes you are familiar with:
- Setting up a STACKIT project and configuring the STACKIT Terraform provider
with a service account (see the general STACKIT documentation for details).
- Basic Terraform concepts, such as variables and locals.
This document does not cover foundational topics or every feature of the Cloud
Foundry Terraform provider.
### Example configuration
The following Terraform configuration provisions a Cloud Foundry organization
and related resources using the STACKIT Terraform provider and the Cloud Foundry
Terraform provider:
```
terraform {
required_providers {
stackit = {
source = "stackitcloud/stackit"
}
cloudfoundry = {
source = "cloudfoundry/cloudfoundry"
}
}
}
variable "project_id" {
type = string
description = "Id of the Project"
}
variable "org_name" {
type = string
description = "Name of the Organization"
}
variable "admin_email" {
type = string
description = "Users who are granted permissions"
}
provider "stackit" {
default_region = "eu01"
}
resource "stackit_scf_organization" "scf_org" {
name = var.org_name
project_id = var.project_id
}
data "stackit_scf_platform" "scf_platform" {
project_id = var.project_id
platform_id = stackit_scf_organization.scf_org.platform_id
}
resource "stackit_scf_organization_manager" "scf_manager" {
project_id = var.project_id
org_id = stackit_scf_organization.scf_org.org_id
}
provider "cloudfoundry" {
api_url = data.stackit_scf_platform.scf_platform.api_url
user = stackit_scf_organization_manager.scf_manager.username
password = stackit_scf_organization_manager.scf_manager.password
}
locals {
spaces = ["dev", "qa", "prod"]
}
resource "cloudfoundry_org_role" "org_user" {
username = var.admin_email
type = "organization_user"
org = stackit_scf_organization.scf_org.org_id
}
resource "cloudfoundry_org_role" "org_manager" {
username = var.admin_email
type = "organization_manager"
org = stackit_scf_organization.scf_org.org_id
}
resource "cloudfoundry_space" "spaces" {
for_each = toset(local.spaces)
name = each.key
org = stackit_scf_organization.scf_org.org_id
}
resource "cloudfoundry_space_role" "space_developer" {
for_each = toset(local.spaces)
username = var.admin_email
type = "space_developer"
depends_on = [cloudfoundry_org_role.org_user]
space = cloudfoundry_space.spaces[each.key].id
}
```
## Explanation of configuration
### STACKIT provider configuration
```
provider "stackit" {
default_region = "eu01"
}
```
The STACKIT Cloud Foundry Application Programming Interface (SCF API) is
regionalized. Each region operates independently. Set `default_region` in the
provider configuration, to specify the region for all resources, unless you
override it for individual resources. You must also provide access data for the
relevant STACKIT project for the provider to function.
For more details, see
the:[STACKIT Terraform Provider documentation.](https://registry.terraform.io/providers/stackitcloud/stackit/latest/docs)
### stackit_scf_organization.scf_org resource
```
resource "stackit_scf_organization" "scf_org" {
name = var.org_name
project_id = var.project_id
}
```
This resource provisions a Cloud Foundry organization, which acts as the
foundational container in the Cloud Foundry environment. Each Cloud Foundry
provider configuration is scoped to a specific organization. The organizations
name, defined by a variable, must be unique across the platform. The
organization is created within a designated STACKIT project, which requires the
STACKIT provider to be configured with the necessary permissions for that
project.
### stackit_scf_organization_manager.scf_manager resource
```
resource "stackit_scf_organization_manager" "scf_manager" {
project_id = var.project_id
org_id = stackit_scf_organization.scf_org.org_id
}
```
This resource creates a technical user in the Cloud Foundry organization with
the organization_manager permission. The user is linked to the organization and
is automatically deleted when the organization is removed.
### stackit_scf_platform.scf_platform data source
```
data "stackit_scf_platform" "scf_platform" {
project_id = var.project_id
platform_id = stackit_scf_organization.scf_org.platform_id
}
```
This data source retrieves properties of the Cloud Foundry platform where the
organization is provisioned. It does not create resources, but provides
information about the existing platform.
### Cloud Foundry provider configuration
```
provider "cloudfoundry" {
api_url = data.stackit_scf_platform.scf_platform.api_url
user = stackit_scf_organization_manager.scf_manager.username
password = stackit_scf_organization_manager.scf_manager.password
}
```
The Cloud Foundry provider is configured to manage resources in the new
organization. The provider uses the API URL from the `stackit_scf_platform` data
source and authenticates using the credentials of the technical user created by
the `stackit_scf_organization_manager` resource.
For more information, see the:
[Cloud Foundry Terraform Provider documentation.](https://registry.terraform.io/providers/cloudfoundry/cloudfoundry/latest/docs)
## Deploy resources
Follow these steps to initialize your environment and provision Cloud Foundry
resources using Terraform.
### Initialize Terraform
Run the following command to initialize the working directory and download the
required provider plugins:
```
terraform init
```
### Create the organization manager user
Run this command to provision the organization and technical user needed to
initialize the Cloud Foundry Terraform provider. This step is required only
during the initial setup. For later changes, you do not need the -target flag.
```
terraform apply -target stackit_scf_organization_manager.scf_manager
```
### Apply the full configuration
Run this command to provision all resources defined in your Terraform
configuration within the Cloud Foundry organization:
```
terraform apply
```
## Verify the deployment
Verify that your Cloud Foundry resources are provisioned correctly. Use the
following Cloud Foundry CLI commands to check applications, services, and
routes:
- `cf apps`
- `cf services`
- `cf routes`
For more information, see the
[Cloud Foundry documentation](https://docs.cloudfoundry.org/) and the
[Cloud Foundry CLI Reference Guide](https://cli.cloudfoundry.org/).

267
docs/guides/ske_kube_state_metric_alerts.md
View file

@ -1,267 +0,0 @@
---
page_title: "Alerting with Kube-State-Metrics in STACKIT Observability"
---
# Alerting with Kube-State-Metrics in STACKIT Observability
## Overview
This guide explains how to configure the STACKIT Observability product to send alerts using metrics gathered from kube-state-metrics.
1. **Set Up Providers**
Begin by configuring the STACKIT and Kubernetes providers to connect to the STACKIT services.
```hcl
provider "stackit" {
default_region = "eu01"
}
provider "kubernetes" {
host = yamldecode(stackit_ske_kubeconfig.example.kube_config).clusters.0.cluster.server
client_certificate = base64decode(yamldecode(stackit_ske_kubeconfig.example.kube_config).users.0.user.client-certificate-data)
client_key = base64decode(yamldecode(stackit_ske_kubeconfig.example.kube_config).users.0.user.client-key-data)
cluster_ca_certificate = base64decode(yamldecode(stackit_ske_kubeconfig.example.kube_config).clusters.0.cluster.certificate-authority-data)
}
provider "helm" {
kubernetes {
host = yamldecode(stackit_ske_kubeconfig.example.kube_config).clusters.0.cluster.server
client_certificate = base64decode(yamldecode(stackit_ske_kubeconfig.example.kube_config).users.0.user.client-certificate-data)
client_key = base64decode(yamldecode(stackit_ske_kubeconfig.example.kube_config).users.0.user.client-key-data)
cluster_ca_certificate = base64decode(yamldecode(stackit_ske_kubeconfig.example.kube_config).clusters.0.cluster.certificate-authority-data)
}
}
```
2. **Create SKE Cluster and Kubeconfig Resource**
Set up a STACKIT SKE Cluster and generate the associated kubeconfig resource.
```hcl
resource "stackit_ske_cluster" "example" {
project_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
name = "example"
kubernetes_version_min = "1.31"
node_pools = [
{
name = "standard"
machine_type = "c1.4"
minimum = "3"
maximum = "9"
max_surge = "3"
availability_zones = ["eu01-1", "eu01-2", "eu01-3"]
os_version_min = "4081.2.1"
os_name = "flatcar"
volume_size = 32
volume_type = "storage_premium_perf6"
}
]
maintenance = {
enable_kubernetes_version_updates = true
enable_machine_image_version_updates = true
start = "01:00:00Z"
end = "02:00:00Z"
}
}
resource "stackit_ske_kubeconfig" "example" {
project_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
cluster_name = stackit_ske_cluster.example.name
refresh = true
}
```
3. **Create Observability Instance and Credentials**
Establish a STACKIT Observability instance and its credentials to handle alerts.
```hcl
locals {
alert_config = {
route = {
receiver = "EmailStackit",
repeat_interval = "1m",
continue = true
}
receivers = [
{
name = "EmailStackit",
email_configs = [
{
to = "<email>"
}
]
}
]
}
}
resource "stackit_observability_instance" "example" {
project_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
name = "example"
plan_name = "Observability-Large-EU01"
alert_config = local.alert_config
}
resource "stackit_observability_credential" "example" {
project_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
instance_id = stackit_observability_instance.example.instance_id
}
```
4. **Install Prometheus Operator**
Use the Prometheus Helm chart to install kube-state-metrics and transfer metrics to the STACKIT Observability instance. Customize the helm values as needed for your deployment.
```yaml
# helm values
# save as prom-values.tftpl
prometheus:
enabled: true
agentMode: true
prometheusSpec:
enableRemoteWriteReceiver: true
scrapeInterval: 60s
evaluationInterval: 60s
replicas: 1
storageSpec:
volumeClaimTemplate:
spec:
storageClassName: premium-perf4-stackit
accessModes: ['ReadWriteOnce']
resources:
requests:
storage: 80Gi
remoteWrite:
- url: ${metrics_push_url}
queueConfig:
batchSendDeadline: '5s'
# both values need to be configured according to your observability plan
capacity: 30000
maxSamplesPerSend: 3000
writeRelabelConfigs:
- sourceLabels: ['__name__']
regex: 'apiserver_.*|etcd_.*|prober_.*|storage_.*|workqueue_(work|queue)_duration_seconds_bucket|kube_pod_tolerations|kubelet_.*|kubernetes_feature_enabled|instance_scrape_target_status'
action: 'drop'
- sourceLabels: ['namespace']
regex: 'example'
action: 'keep'
basicAuth:
username:
key: username
name: ${secret_name}
password:
key: password
name: ${secret_name}
grafana:
enabled: false
defaultRules:
create: false
alertmanager:
enabled: false
nodeExporter:
enabled: true
kube-state-metrics:
enabled: true
customResourceState:
enabled: true
collectors:
- deployments
- pods
```
```hcl
resource "kubernetes_namespace" "monitoring" {
metadata {
name = "monitoring"
}
}
resource "kubernetes_secret" "argus_prometheus_authorization" {
metadata {
name = "argus-prometheus-credentials"
namespace = kubernetes_namespace.monitoring.metadata[0].name
}
data = {
username = stackit_observability_credential.example.username
password = stackit_observability_credential.example.password
}
}
resource "helm_release" "prometheus_operator" {
name = "prometheus-operator"
repository = "https://prometheus-community.github.io/helm-charts"
chart = "kube-prometheus-stack"
version = "60.1.0"
namespace = kubernetes_namespace.monitoring.metadata[0].name
values = [
templatefile("prom-values.tftpl", {
metrics_push_url = stackit_observability_instance.example.metrics_push_url
secret_name = kubernetes_secret.argus_prometheus_authorization.metadata[0].name
})
]
}
```
5. **Create Alert Group**
Define an alert group with a rule to notify when a pod is running in the "example" namespace.
```hcl
resource "stackit_observability_alertgroup" "example" {
project_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
instance_id = stackit_observability_instance.example.instance_id
name = "TestAlertGroup"
interval = "2h"
rules = [
{
alert = "SimplePodCheck"
expression = "sum(kube_pod_status_phase{phase=\"Running\", namespace=\"example\"}) > 0"
for = "60s"
labels = {
severity = "critical"
},
annotations = {
summary = "Test Alert is working"
description = "Test Alert"
}
},
]
}
```
6. **Deploy Test Pod**
Deploy a test pod; doing so should trigger an email notification, as the deployment satisfies the conditions defined in the alert group rule. In a real-world scenario, you would typically configure alerts to monitor pods for error states instead.
```hcl
resource "kubernetes_namespace" "example" {
metadata {
name = "example"
}
}
resource "kubernetes_pod" "example" {
metadata {
name = "nginx"
namespace = kubernetes_namespace.example.metadata[0].name
labels = {
app = "nginx"
}
}
spec {
container {
image = "nginx:latest"
name = "nginx"
}
}
}
```

199
docs/guides/ske_log_alerts.md
View file

@ -1,199 +0,0 @@
---
page_title: "SKE Log Alerts with STACKIT Observability"
---
# SKE Log Alerts with STACKIT Observability
## Overview
This guide walks you through setting up log-based alerting in STACKIT Observability using Promtail to ship Kubernetes logs.
1. **Set Up Providers**
Begin by configuring the STACKIT and Kubernetes providers to connect to the STACKIT services.
```hcl
provider "stackit" {
region = "eu01"
}
provider "kubernetes" {
host = yamldecode(stackit_ske_kubeconfig.example.kube_config).clusters.0.cluster.server
client_certificate = base64decode(yamldecode(stackit_ske_kubeconfig.example.kube_config).users.0.user.client-certificate-data)
client_key = base64decode(yamldecode(stackit_ske_kubeconfig.example.kube_config).users.0.user.client-key-data)
cluster_ca_certificate = base64decode(yamldecode(stackit_ske_kubeconfig.example.kube_config).clusters.0.cluster.certificate-authority-data)
}
provider "helm" {
kubernetes {
host = yamldecode(stackit_ske_kubeconfig.example.kube_config).clusters.0.cluster.server
client_certificate = base64decode(yamldecode(stackit_ske_kubeconfig.example.kube_config).users.0.user.client-certificate-data)
client_key = base64decode(yamldecode(stackit_ske_kubeconfig.example.kube_config).users.0.user.client-key-data)
cluster_ca_certificate = base64decode(yamldecode(stackit_ske_kubeconfig.example.kube_config).clusters.0.cluster.certificate-authority-data)
}
}
```
2. **Create SKE Cluster and Kubeconfig Resource**
Set up a STACKIT SKE Cluster and generate the associated kubeconfig resource.
```hcl
resource "stackit_ske_cluster" "example" {
project_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
name = "example"
kubernetes_version_min = "1.31"
node_pools = [
{
name = "standard"
machine_type = "c1.4"
minimum = "3"
maximum = "9"
max_surge = "3"
availability_zones = ["eu01-1", "eu01-2", "eu01-3"]
os_version_min = "4081.2.1"
os_name = "flatcar"
volume_size = 32
volume_type = "storage_premium_perf6"
}
]
maintenance = {
enable_kubernetes_version_updates = true
enable_machine_image_version_updates = true
start = "01:00:00Z"
end = "02:00:00Z"
}
}
resource "stackit_ske_kubeconfig" "example" {
project_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
cluster_name = stackit_ske_cluster.example.name
refresh = true
}
```
3. **Create Observability Instance and Credentials**
Establish a STACKIT Observability instance and its credentials to handle alerts.
```hcl
locals {
alert_config = {
route = {
receiver = "EmailStackit",
repeat_interval = "1m",
continue = true
}
receivers = [
{
name = "EmailStackit",
email_configs = [
{
to = "<email>"
}
]
}
]
}
}
resource "stackit_observability_instance" "example" {
project_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
name = "example"
plan_name = "Observability-Large-EU01"
alert_config = local.alert_config
}
resource "stackit_observability_credential" "example" {
project_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
instance_id = stackit_observability_instance.example.instance_id
}
```
4. **Install Promtail**
Deploy Promtail via Helm to collect logs and forward them to the STACKIT Observability Loki endpoint.
```hcl
resource "helm_release" "promtail" {
name = "promtail"
repository = "https://grafana.github.io/helm-charts"
chart = "promtail"
namespace = kubernetes_namespace.monitoring.metadata.0.name
version = "6.16.4"
values = [
<<-EOF
config:
clients:
# To find the Loki push URL, navigate to the observability instance in the portal and select the API tab.
- url: "https://${stackit_observability_credential.example.username}:${stackit_observability_credential.example.password}@<your-loki-push-url>/instances/${stackit_observability_instance.example.instance_id}/loki/api/v1/push"
EOF
]
}
```
5. **Create Alert Group**
Create a log alert that triggers when a specific pod logs an error message.
```hcl
resource "stackit_observability_logalertgroup" "example" {
project_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
instance_id = stackit_observability_instance.example.instance_id
name = "TestLogAlertGroup"
interval = "1m"
rules = [
{
alert = "SimplePodLogAlertCheck"
expression = "sum(rate({namespace=\"example\", pod=\"logger\"} |= \"Simulated error message\" [1m])) > 0"
for = "60s"
labels = {
severity = "critical"
},
annotations = {
summary : "Test Log Alert is working"
description : "Test Log Alert"
},
},
]
}
```
6. **Deploy Test Pod**
Launch a pod that emits simulated error logs. This should trigger the alert if everything is set up correctly.
```hcl
resource "kubernetes_namespace" "example" {
metadata {
name = "example"
}
}
resource "kubernetes_pod" "logger" {
metadata {
name = "logger"
namespace = kubernetes_namespace.example.metadata[0].name
labels = {
app = "logger"
}
}
spec {
container {
name = "logger"
image = "bash"
command = [
"bash",
"-c",
<<EOF
while true; do
sleep $(shuf -i 1-3 -n 1)
echo "ERROR: $(date) - Simulated error message $(shuf -i 1-100 -n 1)" 1>&2
done
EOF
]
}
}
}
```

255
docs/guides/stackit_cdn_with_custom_domain.md
View file

@ -1,255 +0,0 @@
---
page_title: "Using STACKIT CDN to service static files from an HTTP Origin with STACKIT CDN"
---
# Using STACKIT CDN to service static files from an HTTP Origin with STACKIT CDN
This guide will walk you through the process of setting up a STACKIT CDN distribution to serve static files from a
generic HTTP origin using Terraform. This is a common use case for developers who want to deliver content with low
latency and high data transfer speeds.
---
## Prerequisites
Before you begin, make sure you have the following:
* A **STACKIT project** and a user account with the necessary permissions for the CDN.
* A **Service Account Key**: you can read about creating one here: [Create a Service Account Key
](https://docs.stackit.cloud/platform/access-and-identity/service-accounts/how-tos/manage-service-account-keys/)
---
## Step 1: Configure the Terraform Provider
First, you need to configure the STACKIT provider in your Terraform configuration. Create a file named `main.tf` and add
the following code. This block tells Terraform to download and use the STACKIT provider.
```terraform
terraform {
required_providers {
stackit = {
source = "stackitcloud/stackit"
}
}
}
variable "service_account_key" {
type = string
description = "Your STACKIT service account key."
sensitive = true
default = "path/to/sa-key.json"
}
variable "project_id" {
type = string
default = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" # Your project ID
}
provider "stackit" {
# The STACKIT provider is configured using the defined variables.
default_region = "eu01"
service_account_key_path = var.service_account_key
}
```
## Step 2: Create the DNS Zone
The first resource you'll create is the DNS zone, which will manage the records for your domain.
```terraform
resource "stackit_dns_zone" "example_zone" {
project_id = var.project_id
name = "My DNS zone"
dns_name = "myapp.runs.onstackit.cloud"
contact_email = "aa@bb.ccc"
type = "primary"
}
```
## Step 3: Create the CDN Distribution
Next, define the CDN distribution. This is the core service that will cache and serve your content from its origin.
```terraform
resource "stackit_cdn_distribution" "example_distribution" {
project_id = var.project_id
config = {
# Define the backend configuration
backend = {
type = "http"
# Replace with the URL of your HTTP origin
origin_url = "https://your-origin-server.com"
}
# The regions where content will be hosted
regions = ["EU", "US", "ASIA", "AF", "SA"]
blocked_countries = []
}
}
```
## Step 4: Create the DNS CNAME Record
Finally, create the **CNAME record** to point your custom domain to the CDN. This step must come after the CDN is
created because it needs the CDN's unique domain name as its target.
```terraform
resource "stackit_dns_record_set" "cname_record" {
project_id = stackit_dns_zone.example_zone.project_id
zone_id = stackit_dns_zone.example_zone.zone_id
# This is the custom domain name which will be added to your zone
name = "cdn"
type = "CNAME"
ttl = 3600
# Points to the CDN distribution's unique domain.
# Notice the added dot at the end of the domain name to point to a FQDN.
records = ["${stackit_cdn_distribution.example_distribution.domains[0].name}."]
}
```
This record directs traffic from your custom domain to the STACKIT CDN infrastructure.
## Step 5: Add a Custom Domain to the CDN
To provide a user-friendly URL, associate a custom domain (like `cdn.myapp.runs.onstackit.cloud`) with your
distribution.
```terraform
resource "stackit_cdn_custom_domain" "example_custom_domain" {
project_id = stackit_cdn_distribution.example_distribution.project_id
distribution_id = stackit_cdn_distribution.example_distribution.distribution_id
# Creates "cdn.myapp.runs.onstackit.cloud" dynamically
name = "${stackit_dns_record_set.cname_record.name}.${stackit_dns_zone.example_zone.dns_name}"
}
```
This resource links the subdomain you created in the previous step to the CDN distribution.
## Complete Terraform Configuration
Here is the complete `main.tf` file, which follows the logical order of operations.
```terraform
# This configuration file sets up a complete STACKIT CDN distribution
# with a custom domain managed by STACKIT DNS.
# -----------------------------------------------------------------------------
# PROVIDER CONFIGURATION
# -----------------------------------------------------------------------------
terraform {
required_providers {
stackit = {
source = "stackitcloud/stackit"
}
}
}
variable "service_account_key" {
type = string
description = "Your STACKIT service account key."
sensitive = true
default = "path/to/sa-key.json"
}
variable "project_id" {
type = string
description = "Your STACKIT project ID."
default = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
}
provider "stackit" {
# The STACKIT provider is configured using the defined variables.
default_region = "eu01"
service_account_key_path = var.service_account_key
}
# -----------------------------------------------------------------------------
# DNS ZONE RESOURCE
# -----------------------------------------------------------------------------
# The DNS zone manages all records for your domain.
# It's the first resource to be created.
# -----------------------------------------------------------------------------
resource "stackit_dns_zone" "example_zone" {
project_id = var.project_id
name = "My DNS zone"
dns_name = "myapp.runs.onstackit.cloud"
contact_email = "aa@bb.ccc"
type = "primary"
}
# -----------------------------------------------------------------------------
# CDN DISTRIBUTION RESOURCE
# -----------------------------------------------------------------------------
# This resource defines the CDN, its origin, and caching regions.
# -----------------------------------------------------------------------------
resource "stackit_cdn_distribution" "example_distribution" {
project_id = var.project_id
config = {
# Define the backend configuration
backend = {
type = "http"
# Replace with the URL of your HTTP origin
origin_url = "https://your-origin-server.com"
}
# The regions where content will be hosted
regions = ["EU", "US", "ASIA", "AF", "SA"]
blocked_countries = []
}
}
# -----------------------------------------------------------------------------
# CUSTOM DOMAIN AND DNS RECORD
# -----------------------------------------------------------------------------
# These resources link your CDN to a user-friendly custom domain and create
# the necessary DNS record to route traffic.
# -----------------------------------------------------------------------------
resource "stackit_dns_record_set" "cname_record" {
project_id = stackit_dns_zone.example_zone.project_id
zone_id = stackit_dns_zone.example_zone.zone_id
# This is the custom domain name which will be added to your zone
name = "cdn"
type = "CNAME"
ttl = 3600
# Points to the CDN distribution's unique domain.
# The dot at the end makes it a fully qualified domain name (FQDN).
records = ["${stackit_cdn_distribution.example_distribution.domains[0].name}."]
}
resource "stackit_cdn_custom_domain" "example_custom_domain" {
project_id = stackit_cdn_distribution.example_distribution.project_id
distribution_id = stackit_cdn_distribution.example_distribution.distribution_id
# Creates "cdn.myapp.runs.onstackit.cloud" dynamically
name = "${stackit_dns_record_set.cname_record.name}.${stackit_dns_zone.example_zone.dns_name}"
}
# -----------------------------------------------------------------------------
# OUTPUTS
# -----------------------------------------------------------------------------
# This output will display the final custom URL after `terraform apply` is run.
# -----------------------------------------------------------------------------
output "custom_cdn_url" {
description = "The final custom domain URL for the CDN distribution."
value = "https://${stackit_cdn_custom_domain.example_custom_domain.name}"
}
```

15
docs/guides/stackit_org_service_account.md
View file

@ -1,15 +0,0 @@
---
page_title: "Creating projects in empty organization via Terraform"
---
# Creating projects in empty organization via Terraform
Consider the following situation: You're starting with an empty STACKIT organization and want to create projects
in this organization using the `stackit_resourcemanager_project` resource. Unfortunately it's not possible to create
a service account on organization level which can be used for authentication in the STACKIT Terraform provider.
The following steps will help you to get started:
1. Using the STACKIT portal, create a dummy project in your organization which will hold your service account, let's name it e.g. "dummy-service-account-project".
2. In this "dummy-service-account-project", create a service account. Create and save a service account key to use for authentication for the STACKIT Terraform provider later as described in the docs. Now copy the e-mail address of the service account you just created.
3. Here comes the important part: Navigate to your organization, open it and select "Access". Click on the "Grant access" button and paste the e-mail address of your service account. Be careful to grant the service account enough permissions to create projects in your organization, e.g. by assigning the "owner" role to it.
*This problem was brought up initially in [this](https://github.com/stackitcloud/terraform-provider-stackit/issues/855) issue on GitHub.*

163
docs/guides/using_loadbalancer_with_observability.md
View file

@ -1,163 +0,0 @@
---
page_title: "Using the STACKIT Loadbalancer together with STACKIT Observability"
---
# Using the STACKIT Loadbalancer together with STACKIT Observability
## Overview
This guide explains how to configure the STACKIT Loadbalancer product to send metrics and logs to a STACKIT Observability instance.
1. **Set Up Providers**
Begin by configuring the STACKIT provider to connect to the STACKIT services.
```hcl
provider "stackit" {
default_region = "eu01"
}
```
2. **Create an Observability instance**
Establish a STACKIT Observability instance and its credentials.
```hcl
resource "stackit_observability_instance" "observability01" {
project_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
name = "example-instance"
plan_name = "Observability-Monitoring-Medium-EU01"
acl = ["0.0.0.0/0"]
metrics_retention_days = 90
metrics_retention_days_5m_downsampling = 90
metrics_retention_days_1h_downsampling = 90
}
resource "stackit_observability_credential" "observability01-credential" {
project_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
instance_id = stackit_observability_instance.observability01.instance_id
}
```
3. **Create STACKIT Loadbalancer credentials reference**
Create a STACKIT Loadbalancer credentials which will be used in the STACKIT Loadbalancer resource as a reference.
```hcl
resource "stackit_loadbalancer_observability_credential" "example" {
project_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
display_name = "example-credentials"
username = stackit_observability_credential.observability01-credential.username
password = stackit_observability_credential.observability01-credential.password
}
```
4. **Create the STACKIT Loadbalancer**
```hcl
# Create a network
resource "stackit_network" "example_network" {
project_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
name = "example-network"
ipv4_nameservers = ["8.8.8.8"]
ipv4_prefix = "192.168.0.0/25"
labels = {
"key" = "value"
}
routed = true
}
# Create a network interface
resource "stackit_network_interface" "nic" {
project_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
network_id = stackit_network.example_network.network_id
}
# Create a public IP for the load balancer
resource "stackit_public_ip" "public-ip" {
project_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
lifecycle {
ignore_changes = [network_interface_id]
}
}
# Create a key pair for accessing the server instance
resource "stackit_key_pair" "keypair" {
name = "example-key-pair"
# set the path of your public key file here
public_key = chomp(file("/home/bob/.ssh/id_ed25519.pub"))
}
# Create a server instance
resource "stackit_server" "boot-from-image" {
project_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
name = "example-server"
boot_volume = {
size = 64
source_type = "image"
source_id = "59838a89-51b1-4892-b57f-b3caf598ee2f" // Ubuntu 24.04
}
availability_zone = "eu01-1"
machine_type = "g2i.1"
keypair_name = stackit_key_pair.keypair.name
network_interfaces = [
stackit_network_interface.nic.network_interface_id
]
}
# Create a load balancer
resource "stackit_loadbalancer" "example" {
project_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
name = "example-load-balancer"
target_pools = [
{
name = "example-target-pool"
target_port = 80
targets = [
{
display_name = stackit_server.boot-from-image.name
ip = stackit_network_interface.nic.ipv4
}
]
active_health_check = {
healthy_threshold = 10
interval = "3s"
interval_jitter = "3s"
timeout = "3s"
unhealthy_threshold = 10
}
}
]
listeners = [
{
display_name = "example-listener"
port = 80
protocol = "PROTOCOL_TCP"
target_pool = "example-target-pool"
}
]
networks = [
{
network_id = stackit_network.example_network.network_id
role = "ROLE_LISTENERS_AND_TARGETS"
}
]
external_address = stackit_public_ip.public-ip.ip
options = {
private_network_only = false
observability = {
logs = {
# uses the load balancer credential from the last step
credentials_ref = stackit_loadbalancer_observability_credential.example.credentials_ref
# uses the observability instance from step 1
push_url = stackit_observability_instance.observability01.logs_push_url
}
metrics = {
# uses the load balancer credential from the last step
credentials_ref = stackit_loadbalancer_observability_credential.example.credentials_ref
# uses the observability instance from step 1
push_url = stackit_observability_instance.observability01.metrics_push_url
}
}
}
}
```

83
docs/guides/vault_secrets_manager.md
View file

@ -1,83 +0,0 @@
---
page_title: "Using Vault Provider with STACKIT Secrets Manager"
---
# Using Vault Provider with STACKIT Secrets Manager
## Overview
This guide outlines the process of utilizing the [HashiCorp Vault provider](https://registry.terraform.io/providers/hashicorp/vault) alongside the STACKIT provider to write secrets in the STACKIT Secrets Manager. The guide focuses on secrets from STACKIT Cloud resources but can be adapted for any secret.
## Steps
1. **Configure STACKIT Provider**
```hcl
provider "stackit" {
default_region = "eu01"
}
```
2. **Create STACKIT Secrets Manager Instance**
```hcl
resource "stackit_secretsmanager_instance" "example" {
project_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
name = "example-instance"
}
```
3. **Define STACKIT Secrets Manager User**
```hcl
resource "stackit_secretsmanager_user" "example" {
project_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
instance_id = stackit_secretsmanager_instance.example.instance_id
description = "Example user"
write_enabled = true
}
```
4. **Configure Vault Provider**
```hcl
provider "vault" {
address = "https://prod.sm.eu01.stackit.cloud"
skip_child_token = true
auth_login_userpass {
username = stackit_secretsmanager_user.example.username
password = stackit_secretsmanager_user.example.password
}
}
```
5. **Define Terraform Resource (Example: Observability Monitoring Instance)**
```hcl
resource "stackit_observability_instance" "example" {
project_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
name = "example-instance"
plan_name = "Observability-Monitoring-Medium-EU01"
}
```
6. **Store Secret in Vault**
```hcl
resource "vault_kv_secret_v2" "example" {
mount = stackit_secretsmanager_instance.example.instance_id
name = "my-secret"
cas = 1
delete_all_versions = true
data_json = jsonencode(
{
grafana_password = stackit_observability_instance.example.grafana_initial_admin_password,
other_secret = ...,
}
)
}
```
## Note
This example can be adapted for various resources within the provider as well as any other Secret the user wants to set in the Secrets Manager instance. Adapting this examples means replacing the Observability Monitoring Grafana password with the appropriate value.