terraform-provider-stackitprivatepreview/examples/resources/stackit_loadbalancer/resource.tf

# Create a network
resource "stackit_network" "example_network" {
  project_id       = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
  name             = "example-network"
  ipv4_nameservers = ["8.8.8.8"]
  ipv4_prefix      = "192.168.0.0/25"
  labels = {
    "key" = "value"
  }
  routed = true
}

# Create a network interface
resource "stackit_network_interface" "nic" {
  project_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
  network_id = stackit_network.example_network.network_id
}

# Create a public IP for the load balancer
resource "stackit_public_ip" "public-ip" {
  project_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
  lifecycle {
    ignore_changes = [network_interface_id]
  }
}

# Create a key pair for accessing the server instance
resource "stackit_key_pair" "keypair" {
  name       = "example-key-pair"
  public_key = chomp(file("path/to/id_rsa.pub"))
}

# Create a server instance
resource "stackit_server" "boot-from-image" {
  project_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
  name       = "example-server"
  boot_volume = {
    size        = 64
    source_type = "image"
    source_id   = "59838a89-51b1-4892-b57f-b3caf598ee2f" // Ubuntu 24.04
  }
  availability_zone = "xxxx-x"
  machine_type      = "g2i.1"
  keypair_name      = stackit_key_pair.keypair.name
  network_interfaces = [
    stackit_network_interface.nic.network_interface_id
  ]
}

# Create a load balancer
resource "stackit_loadbalancer" "example" {
  project_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
  name       = "example-load-balancer"
  plan_id    = "p10"
  target_pools = [
    {
      name        = "example-target-pool"
      target_port = 80
      targets = [
        {
          display_name = stackit_server.boot-from-image.name
          ip           = stackit_network_interface.nic.ipv4
        }
      ]
      active_health_check = {
        healthy_threshold   = 10
        interval            = "3s"
        interval_jitter     = "3s"
        timeout             = "3s"
        unhealthy_threshold = 10
      }
    }
  ]
  listeners = [
    {
      display_name = "example-listener"
      port         = 80
      protocol     = "PROTOCOL_TCP"
      target_pool  = "example-target-pool"
    }
  ]
  networks = [
    {
      network_id = stackit_network.example_network.network_id
      role       = "ROLE_LISTENERS_AND_TARGETS"
    }
  ]
  external_address = stackit_public_ip.public-ip.ip
  options = {
    private_network_only = false
  }
}

# This example demonstrates an advanced setup where the Load Balancer is in one
# network and the target server is in another. This requires manual
# security group configuration using the `disable_security_group_assignment`
# and `security_group_id` attributes.

# We create two separate networks: one for the load balancer and one for the target.
resource "stackit_network" "lb_network" {
  project_id       = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
  name             = "lb-network-example"
  ipv4_prefix      = "192.168.1.0/24"
  ipv4_nameservers = ["8.8.8.8"]
}

resource "stackit_network" "target_network" {
  project_id       = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
  name             = "target-network-example"
  ipv4_prefix      = "192.168.2.0/24"
  ipv4_nameservers = ["8.8.8.8"]
}

resource "stackit_public_ip" "example" {
  project_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
}

resource "stackit_loadbalancer" "example" {
  project_id       = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
  name             = "example-advanced-lb"
  external_address = stackit_public_ip.example.ip

  # Key setting for manual mode: disables automatic security group handling.
  disable_security_group_assignment = true

  networks = [{
    network_id = stackit_network.lb_network.network_id
    role       = "ROLE_LISTENERS_AND_TARGETS"
  }]

  listeners = [{
    port        = 80
    protocol    = "PROTOCOL_TCP"
    target_pool = "cross-network-pool"
  }]

  target_pools = [{
    name        = "cross-network-pool"
    target_port = 80
    targets = [{
      display_name = stackit_server.example.name
      ip           = stackit_network_interface.nic.ipv4
    }]
  }]
}

# Create a new security group to be assigned to the target server.
resource "stackit_security_group" "target_sg" {
  project_id  = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
  name        = "target-sg-for-lb-access"
  description = "Allows ingress traffic from the example load balancer."
}

# Create a rule to allow traffic FROM the load balancer.
# This rule uses the computed `security_group_id` of the load balancer.
resource "stackit_security_group_rule" "allow_lb_ingress" {
  project_id        = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
  security_group_id = stackit_security_group.target_sg.security_group_id
  direction         = "ingress"
  protocol = {
    name = "tcp"
  }

  # This is the crucial link: it allows traffic from the LB's security group.
  remote_security_group_id = stackit_loadbalancer.example.security_group_id

  port_range = {
    min = 80
    max = 80
  }
}

resource "stackit_server" "example" {
  project_id        = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
  name              = "example-remote-target"
  machine_type      = "g2i.2"
  availability_zone = "eu01-1"

  boot_volume = {
    source_type = "image"
    source_id   = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
    size        = 10
  }

  network_interfaces = [
    stackit_network_interface.nic.network_interface_id
  ]
}

resource "stackit_network_interface" "nic" {
  project_id         = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
  network_id         = stackit_network.target_network.network_id
  security_group_ids = [stackit_security_group.target_sg.security_group_id]
}
# End of advanced example

# Only use the import statement, if you want to import an existing loadbalancer
import {
  to = stackit_loadbalancer.import-example
  id = "${var.project_id},${var.region},${var.loadbalancer_name}"
}