Init

README.md

@@ -0,0 +1,10 @@
+# Terraform modules for STACKIT resources
+
+## Overview
+
+You can find general overview of Terraform in [ITDOC](https://itdoc.schwarz/display/STACKIT/Terraform+overview) 
+
+## How to use
+
+You can find examples in README.md of each module folder, e.g. for [Redis](./redis/README.md)
+

create-secret/providers.tf

@@ -0,0 +1,9 @@
+provider "vault" {
+  address          = "https://prod.sm.eu01.stackit.cloud"
+  skip_child_token = true
+
+  auth_login_userpass {
+    username = var.secret_manager_username 
+    password = var.secret_manager_password
+  }
+}

create-secret/secret.tf

@@ -0,0 +1,7 @@
+resource "vault_kv_secret_v2" "this" {
+  mount               = var.secret_manager_instance_id
+  name                = var.secrets_path
+  cas                 = 1
+  delete_all_versions = true
+  data_json           = jsonencode(var.secret_data)
+}

create-secret/variables.tf

@@ -0,0 +1,29 @@
+# Secret Manager 
+variable "secret_manager_instance_id" {
+  description = "instance id of the secret mangert to store credentials"
+  type        = string
+  default = ""
+}
+
+variable "secret_manager_username" {
+  description = "username of the secret mangert to store credentials"
+  type        = string
+  sensitive   = true
+}
+
+variable "secret_manager_password" {
+  description = "password of the secret mangert to store credentials"
+  type        = string
+  sensitive   = true
+}
+
+variable "secrets_path" {
+  description = "path in secret manager to store the postgres credentials"
+  type        = string
+  default = ""
+}
+
+variable "secret_data" {
+  description = "Secret data in JSON format"
+  type = map(string)
+}

mongodb/mongodb.tf

@@ -0,0 +1,48 @@
+// MongoDB Instance
+resource "stackit_mongodbflex_instance" "this" {
+  project_id      = var.stackit_project_id
+  name            = var.mongodb_instance_name
+  acl             = var.mongodb_instance_acl
+  backup_schedule = var.mongodb_instance_backup_schedule
+  flavor          = var.mongodb_instance_flavor
+  options         = var.mongodb_instance_options
+  replicas        = var.mongodb_instance_replicas
+  storage         = var.mongodb_instance_storage
+  version         = var.mongodb_instance_version
+}
+
+// MongoDB User
+resource "stackit_mongodbflex_user" "this" {
+  project_id  = var.stackit_project_id
+  instance_id = stackit_mongodbflex_instance.this.instance_id
+  username    = var.mongodb_user_name
+  roles       = var.mongodb_user_roles
+  database    = var.mongodb_user_database
+}
+
+# // Configure Secret Manager Provider
+# provider "vault" {
+#   address          = "https://prod.sm.eu01.stackit.cloud"
+#   skip_child_token = true
+#   auth_login_userpass {
+#     username = var.secret_manager_username
+#     password = var.secret_manager_password
+#   }
+# }
+
+# // Store MongoDB Credentials in Secret Manager
+# resource "vault_kv_secret_v2" "mongodb_cred_save" {
+#   mount               = var.secret_manager_instance_id
+#   name                = var.mongodb_secrets_path
+#   cas                 = 1
+#   delete_all_versions = true
+#   data_json = jsonencode(
+#     {
+#       username = stackit_mongodbflex_user.mongodb_user.username,
+#       password = stackit_mongodbflex_user.mongodb_user.password,
+#       host     = stackit_mongodbflex_user.mongodb_user.host,
+#       port     = stackit_mongodbflex_user.mongodb_user.port,
+#       uri      = stackit_mongodbflex_user.mongodb_user.uri
+#     }
+#   )
+# }

mongodb/outputs.tf

@@ -0,0 +1,29 @@
+
+# MongoDB Instance
+output "mongodb_instance_id" {
+  value = stackit_mongodbflex_instance.this.instance_id
+}
+
+# MongoDB User
+output "mongodb_host" {
+  value = stackit_mongodbflex_user.this.host
+}
+
+output "mongodb_password" {
+  value     = stackit_mongodbflex_user.this.password
+  sensitive = true
+}
+
+output "mongodb_port" {
+  value = stackit_mongodbflex_user.this.port
+}
+
+output "mongodb_uri" {
+  #value = format("mongodb://%s:%s@%s:%s/%s", stackit_mongodbflex_user.this.username, stackit_mongodbflex_user.this.password, stackit_mongodbflex_instance.mongodb_instance.host, stackit_mongodbflex_instance.mongodb_instance.port
+  value     = stackit_mongodbflex_user.this.uri
+  sensitive = true
+}
+
+output "mongodb_user_id" {
+  value = stackit_mongodbflex_user.this.user_id
+}

mongodb/providers.tf

@@ -0,0 +1,8 @@
+terraform {
+  required_providers {
+    stackit = {
+      source  = "stackitcloud/stackit"
+      version = "~> 0.50.0"
+    }
+  }
+}

mongodb/variables.tf

@@ -0,0 +1,68 @@
+# STACKIT Project
+variable "stackit_project_id" {
+  description = "ID of the stackit Project"
+  type        = string
+}
+# MongoDB Instance
+variable "mongodb_instance_name" {
+  description = "name of the mongodb instance"
+  type        = string
+}
+
+variable "mongodb_instance_acl" {
+  description = "access control list for mongodb"
+  type        = list(string)
+}
+
+variable "mongodb_instance_backup_schedule" {
+  description = "backup schedule for mongodb as crontab expression"
+  type        = string
+}
+
+variable "mongodb_instance_flavor" {
+  description = "resources for mongodb"
+  type = object({
+    cpu = number
+    ram = number
+  })
+}
+
+variable "mongodb_instance_options" {
+  description = "options for mongodb"
+  type = object({
+    type = string
+  })
+}
+
+variable "mongodb_instance_replicas" {
+  description = "number of replicas for mongodb"
+  type        = number
+}
+
+variable "mongodb_instance_storage" {
+  description = "storage for mongodb"
+  type = object({
+    class = string
+    size  = number
+  })
+}
+
+variable "mongodb_instance_version" {
+  description = "version of the mongodb instance"
+  type        = string
+}
+
+# MongoDB User
+variable "mongodb_user_name" {
+  description = "(optional) name of the user"
+  type        = string
+}
+variable "mongodb_user_roles" {
+  description = "Database access levels for the user. Some of the possible values are: [read, readWrite, readWriteAnyDatabase]"
+  type        = list(string)
+}
+
+variable "mongodb_user_database" {
+  description = "name of the database for user to gain access to."
+  type        = string
+}

objectstorage/objectstorage.tf

@@ -0,0 +1,15 @@
+resource "stackit_objectstorage_bucket" "this" {
+  name       = var.objectstorage_bucket_name
+  project_id = var.stackit_project_id
+}
+
+resource "stackit_objectstorage_credentials_group" "this" {
+  name       = var.objectstorage_credentials_group_name
+  project_id = var.stackit_project_id
+}
+
+resource "stackit_objectstorage_credential" "this" {
+  depends_on = [stackit_objectstorage_credentials_group.this]
+  credentials_group_id = stackit_objectstorage_credentials_group.this.credentials_group_id
+  project_id           = var.stackit_project_id
+}

objectstorage/outputs.tf

@@ -0,0 +1,15 @@
+output "objectstorage_access_key" {
+  value = stackit_objectstorage_credential.this.access_key
+}
+
+output "objectstorage_secret_access_key" {
+  value = stackit_objectstorage_credential.this.secret_access_key
+}
+
+output "objectstorage_url_path_style" {
+  value = stackit_objectstorage_bucket.this.url_path_style
+}
+
+output "objectstorage_url_virtual_hosted_style" {
+  value = stackit_objectstorage_bucket.this.url_virtual_hosted_style
+}

objectstorage/providers.tf

@@ -0,0 +1,8 @@
+terraform {
+  required_providers {
+    stackit = {
+      source  = "stackitcloud/stackit"
+      version = "~> 0.50.0"
+    }
+  }
+}

objectstorage/variables.tf

@@ -0,0 +1,19 @@
+variable "stackit_project_id" {
+  description = "ID of the STACKIT Portal Project"
+  type        = string
+}
+
+variable "objectstorage_bucket_name" {
+  description = "Name of the bucket which will be used in object storage"
+  type        = string
+}
+
+variable "objectstorage_region" {
+  description = "Name of the resource region"
+  type = string
+}
+
+variable "objectstorage_credentials_group_name" {
+  description = "Name of the credentials group where access keys will be stored"
+  type = string
+}

observability/alerts.tf

@@ -0,0 +1,49 @@
+locals {
+  basic_auth = base64encode("${stackit_observability_credential.observability_credentials.username}:${stackit_observability_credential.observability_credentials.password}")
+}
+
+resource "local_sensitive_file" "alert_configs" {
+  content = templatefile("../../monitoring/alerts/dev/alertconfigs.json", {
+    msTeamWebhook = var.msTeamWebhook
+  })
+  filename = ".temp/alertconfigs.json"
+}
+
+resource "null_resource" "alert_configs" {
+  triggers = {
+    config = local_sensitive_file.alert_configs.content_sha1
+    url    = var.observability_url
+  }
+  provisioner "local-exec" {
+    command = <<EOT
+    curl -X PUT "${var.observability_url}/${stackit_observability_instance.observability.instance_id}/alertconfigs" \
+    -d @${local_sensitive_file.alert_configs.filename} \
+    -H "Authorization: Basic ${local.basic_auth}" \
+    -H "Content-Type: application/json" \
+    --fail
+    EOT
+  }
+}
+
+resource "local_file" "alert_groups" {
+  content = templatefile("../../monitoring/alerts/dev/alertgroups.json", {
+
+  })
+  filename = ".temp/alertgroups.json"
+}
+
+resource "null_resource" "alert_groups" {
+  triggers = {
+    config = local_file.alert_groups.content_sha1
+    url    = var.observability_url
+  }
+  provisioner "local-exec" {
+    command = <<EOT
+    curl -X PUT "${var.observability_url}/${stackit_observability_instance.observability.instance_id}/alertgroups" \
+    -d @${local_file.alert_groups.filename} \
+    -H "Authorization: Basic ${local.basic_auth}" \
+    -H "Content-Type: application/json" \
+    --fail
+    EOT
+  }
+}

observability/dashboards.tf

@@ -0,0 +1,17 @@
+// Grafan Dashboards
+resource "grafana_folder" "gitops-poc" {
+  title = "gitOps-PoC"
+  uid   = "gitops-poc-uid"
+}
+
+// ToDo: Create a Dashboard ForEach File
+
+resource "grafana_dashboard" "argocd" {
+  folder = grafana_folder.gitops-poc.uid
+  config_json = file("../../monitoring/dashboards/dev/argocd-dashbaord.json")
+}
+
+resource "grafana_dashboard" "k8s" {
+  folder = grafana_folder.gitops-poc.uid
+  config_json = file("../../monitoring/dashboards/dev/k8s-dashboard.json")
+}

observability/observability.tf

@@ -0,0 +1,36 @@
+// Observability Instance
+resource "stackit_observability_instance" "observability" {
+  project_id                             = var.stackit_project_id
+  name                                   = var.instance_name
+  plan_name                              = var.service_plan
+}
+
+// Observability Credentials
+resource "stackit_observability_credential" "observability_credentials" {
+  project_id  = var.stackit_project_id
+  instance_id = stackit_observability_instance.observability.instance_id
+}
+
+// Configure Secret Manager Provider
+provider "vault" {
+  address          = "https://prod.sm.eu01.stackit.cloud"
+  skip_child_token = true
+  auth_login_userpass {
+    username = var.secret_manager_username 
+    password = var.secret_manager_password
+  }
+}
+
+// Store Observability Credentials in Secret Manager
+resource "vault_kv_secret_v2" "secret_manager_cred_save" {
+  mount               = var.secret_manager_instance_id 
+  name                = "observability"
+  cas                 = 1
+  delete_all_versions = true
+  data_json = jsonencode(
+    {
+     username = stackit_observability_credential.observability_credentials.username,
+     password = stackit_observability_credential.observability_credentials.password
+    }
+  )
+}

observability/outputs.tf

@@ -0,0 +1,27 @@
+output "obervability-username" {
+  value     = stackit_observability_credential.observability_credentials.username
+  sensitive = true
+}
+
+output "obervability-password" {
+  value     = stackit_observability_credential.observability_credentials.password
+  sensitive = true
+}
+
+output "observability-instance-id" {
+  value     = stackit_observability_instance.observability.instance_id
+}
+
+output "grafana-password" {
+  value     = stackit_observability_instance.observability.grafana_initial_admin_password
+  sensitive = true
+}
+
+output "grafana-username" {
+  value     = stackit_observability_instance.observability.grafana_initial_admin_user
+  sensitive = true
+}
+
+output "grafana-url" {
+  value     = stackit_observability_instance.observability.grafana_url
+}

observability/providers.tf

@@ -0,0 +1,12 @@
+terraform {
+  required_providers {
+    stackit = {
+      source  = "stackitcloud/stackit"
+      version = "0.43.3"
+    }
+    grafana = {
+      source = "grafana/grafana"
+      version = "3.22.0"
+    }
+  }
+}

observability/variables.tf

@@ -0,0 +1,43 @@
+variable "stackit_project_id" {
+  description = "ID of the stackit Project"
+  type        = string
+}
+
+variable "instance_name" {
+  description = "name of the observability instance"
+  type        = string
+}
+
+variable "service_plan" {
+  description = "serviceplan of the observability instance"
+  type        = string
+}
+
+variable "secret_manager_instance_id" {
+  description = "instance id of the secret mangert to store credentials"
+  type        = string
+}
+
+variable "secret_manager_username" {
+  description = "username of the secret mangert to store credentials"
+  type        = string
+  sensitive   = true
+}
+
+variable "secret_manager_password" {
+  description = "password of the secret mangert to store credentials"
+  type        = string
+  sensitive   = true
+}
+
+
+variable "msTeamWebhook" {
+  description = "webhook for msTeams alert channel"
+  type        = string
+  sensitive   = true
+}
+
+variable "observability_url" {
+  description = "observability api url to push configs"
+  type        = string
+}

postgres/outputs.tf

@@ -0,0 +1,41 @@
+# Postgres Instance Output
+output "postgres_instance_id" {
+  value = stackit_postgresflex_instance.this.instance_id
+}
+ 
+ # Postgres Database Output
+ output "postgres_database_id" {
+   value = stackit_postgresflex_database.this.database_id
+ }
+
+# Postgres User Output
+output "postgres_host" {
+  value = stackit_postgresflex_user.this.host
+}
+
+output "postgres_password" {
+  value     = stackit_postgresflex_user.this.password
+  sensitive = true
+}
+
+output "postgres_user" {
+  value = stackit_postgresflex_user.this.username
+}
+
+output "postgres_port" {
+  value = stackit_postgresflex_user.this.port
+}
+
+output "postgres_db_name" {
+  value = stackit_postgresflex_database.this.name
+}
+
+output "postgres_uri" {
+  value     = stackit_postgresflex_user.this.uri
+  sensitive = true
+}
+
+output "postgres_user_id" {
+  value = stackit_postgresflex_user.this.user_id
+}
+

postgres/postgres.tf

@@ -0,0 +1,29 @@
+// Postgres Instance
+resource "stackit_postgresflex_instance" "this" {
+  project_id      = var.stackit_project_id
+  name            = var.postgres_instance_name
+  acl             = var.postgres_instance_acl
+  backup_schedule = var.postgres_instance_backup_schedule
+  flavor          = var.postgres_instance_flavor
+  replicas        = var.postgres_instance_replicas
+  storage         = var.postgres_instance_storage
+  version         = var.postgres_instance_version
+}
+
+// Postgres User 
+resource "stackit_postgresflex_user" "this" {
+  depends_on = [ stackit_postgresflex_instance.this ]
+  project_id  = var.stackit_project_id
+  instance_id = stackit_postgresflex_instance.this.instance_id
+  username    = var.postgres_db_user_name
+  roles       = var.postgres_db_user_roles
+}
+
+// Postgres Database
+resource "stackit_postgresflex_database" "this" {
+  depends_on = [ stackit_postgresflex_user.this ]
+  project_id  = var.stackit_project_id
+  instance_id = stackit_postgresflex_instance.this.instance_id
+  name        = var.postgres_db_name
+  owner       = var.postgres_db_user_name
+}

postgres/providers.tf

@@ -0,0 +1,8 @@
+terraform {
+  required_providers {
+    stackit = {
+      source  = "stackitcloud/stackit"
+      version = "~> 0.50.0"
+    }
+  }
+}

postgres/variables.tf

@@ -0,0 +1,76 @@
+# STACKIT Project
+variable "stackit_project_id" {
+  description = "ID of the stackit Project"
+  type        = string
+}
+
+# Postgres Instance Config
+variable "postgres_instance_name" {
+  description = "postgres instance name"
+  type        = string
+}
+
+# variable "postegres_instance_id" {
+#   description = "postgres instance id"
+#   type = string  
+# }
+
+variable "postgres_instance_replicas" {
+  description = "number of replicas for postgres instance"
+  type        = number
+}
+
+variable "postgres_instance_flavor" {
+  description = "resources for postgres"
+  type = object({
+    cpu = number
+    ram = number
+  })
+}
+
+variable "postgres_instance_storage" {
+  description = "storage definition for postgres instance"
+  type = object({
+    class = string # note: value can be any of (premium-perfX-stackit) where X = (2,4,6,8,10,12). Higher number is faster
+    size  = number
+  })
+}
+
+variable "postgres_instance_acl" {
+  description = "acl for postgres instance"
+  type        = list(string)
+  default     = ["193.148.160.0/19", "45.129.40.0/21"] # todo: revisit IP list and set VPN IP range as default 
+}
+
+variable "postgres_instance_backup_schedule" {
+  description = "backup schedule as crontab for postgres instance"
+  type        = string
+  default     = "00 02 * * *" # todo: set default based on your needs
+}
+
+variable "postgres_instance_version" {
+  description = "postgres version for instance"
+  type        = string
+}
+
+variable "postgres_instance_region" {
+  description = "region for postgres instance"
+  type        = string
+}
+
+# Postgres User Configs
+variable "postgres_db_user_name" {
+  description = "username and owner for postgres db"
+  type        = string
+}
+
+variable "postgres_db_user_roles" {
+  description = "List of database access levels for the user. Supported values are: login, createdb."
+  type        = list(string)
+}
+
+# Postgres Database Configs
+variable "postgres_db_name" {
+  description = "db name inside the instance"
+  type        = string
+}

rabbitmq/outputs.tf

@@ -0,0 +1,37 @@
+output "rabbitmq_username" {
+  value     = stackit_rabbitmq_credential.this.username
+  sensitive = true
+}
+
+output "rabbitmq_password" {
+  value     = stackit_rabbitmq_credential.this.password
+  sensitive = true
+}
+
+output "rabbitmq_uri" {
+  value     = stackit_rabbitmq_credential.this.uri
+  sensitive = true
+}
+
+output "rabbitmq_host" {
+  value = stackit_rabbitmq_credential.this.host
+}
+
+output "rabbitmq_http_api_uri" {
+  value = stackit_rabbitmq_credential.this.http_api_uri
+}
+
+output "rabbitmq_port" {
+  value = stackit_rabbitmq_credential.this.port
+}
+
+output "rabbitmq_management" {
+  value = stackit_rabbitmq_credential.this.management
+}
+
+output "rabbitmq_dashboard_url" {
+  value = stackit_rabbitmq_instance.this.dashboard_url
+}
+output "rabbitmq_instance_id" {
+  value = stackit_rabbitmq_instance.this.instance_id
+}

rabbitmq/providers.tf

@@ -0,0 +1,8 @@
+terraform {
+  required_providers {
+    stackit = {
+      source  = "stackitcloud/stackit"
+      version = "~> 0.50.0"
+    }
+  }
+}

rabbitmq/rabbitmq.tf

@@ -0,0 +1,23 @@
+
+// RabbitMQ Instance
+resource "stackit_rabbitmq_instance" "this" {
+  project_id = var.stackit_project_id
+  name       = var.instance_name
+  version    = var.rabbitmq_version
+  plan_name  = var.service_plan
+  parameters = merge(
+    var.rabbitmq_parameters.sgw_acl != null ? { sgw_acl = var.rabbitmq_parameters.sgw_acl } : {},
+    var.rabbitmq_parameters.consumer_timeout != null ? { consumer_timeout = var.rabbitmq_parameters.consumer_timeout } : {},
+    var.rabbitmq_parameters.plugins != null ? { plugins = var.rabbitmq_parameters.plugins } : {},
+    var.rabbitmq_parameters.enable_monitoring  != null ? { enable_monitoring  = var.rabbitmq_parameters.enable_monitoring  } : {}
+  )
+}
+
+
+
+// RabbitMQ Credentials
+resource "stackit_rabbitmq_credential" "this" {
+  project_id  = var.stackit_project_id
+  instance_id = stackit_rabbitmq_instance.this.instance_id
+}
+

rabbitmq/variables.tf

@@ -0,0 +1,94 @@
+
+variable "stackit_project_id" {
+  description = "ID of the stackit Project"
+  type        = string
+}
+
+variable "instance_name" {
+  description = "name of the rabbitmq instance"
+  type        = string
+}
+
+variable "service_plan" {
+  description = "serviceplan of the rabbitmq instance"
+  type        = string
+}
+
+variable "rabbitmq_version" {
+  description = "version of the rabbitmq instance"
+  type        = string
+}
+
+variable "rabbitmq_parameters" {
+  description = "Optional advanced Rabbitmq parameters"
+  type = object({
+    sgw_acl                   = optional(string)
+    enable_monitoring         = optional(bool)
+    consumer_timeout          = optional(number)
+    plugins                   = optional(list(string))
+  })
+}
+
+#// Optional parameters
+#variable "rabbitmq_consumer_timeout" {
+#  description = "The timeout for the consumer in milliseconds."
+#  type        = number
+#}
+#
+#variable "rabbitmq_enable_monitoring" {
+#  description = "Enable monitoring for the RabbitMQ instance."
+#  type        = bool
+#}
+#
+#variable "rabbitmq_sgw_acl" {
+#  description = "Comma separated list of IP networks in CIDR notation which are allowed to access this instance."
+#  type        = string
+#}
+#variable "rabbitmq_plugins" {
+#  description = "A list of plugins to install on the RabbitMQ instance."
+#  type        = list(string)
+#}
+#variable "graphite" {
+#    description = "Graphite server URL (host and port). If set, monitoring with Graphite will be enabled."
+#    type        = string
+#}
+#
+#variable "max_disk_threshold" {
+#    description = "Maximum disk usage threshold in MB. If the disk usage exceeds this threshold, the RabbitMQ instance will be stopped."
+#    type        = number
+#}
+#
+#variable "metrics_frequency" {
+#    description = "The frequency in seconds at which metrics are emitted."
+#    type        = number
+#}
+#
+#variable "metrics_prefix" {
+#    description = "The prefix for the metrics. Could be useful when using Graphite monitoring to prefix the metrics with a certain value, like an API key."
+#    type        = string  
+#}
+#
+#variable "monitoring_instance_id" {
+#    description = "The ID of the STACKIT monitoring instance."
+#    type        = string
+#}
+#
+#variable "roles" {
+#    description = "A list of roles to assign to the RabbitMQ instance."
+#    type        = list(string)  
+#}
+#
+#variable "syslog" {
+#    description = "List of syslog servers to send logs to. Syslog server URL (host and port). If set, logging with Syslog will be enabled."
+#    type        = list(string)
+#}
+#
+#variable "tls_ciphers" {
+#    description = "Comma separated list of TLS ciphers to use for secure connections."
+#    type        = list(string)
+#}
+#
+#variable "tls_protocol" {
+#    description = "TLS protocol to use for secure connections."
+#    type        = string
+#}

redis/README.md

@@ -0,0 +1,24 @@
+# Terraform module to deploy Redis instance
+
+## Example for main.tf
+
+```tf
+locals {
+  stackit_project_id = "fb06b3bf-70b6-45bf-b1a4-e84708b26f92"
+  region             = "eu01"
+  env                = "dev"
+}
+
+module "redis" {
+  source     = "git::https://stackit-hackathon-2025.git.qa.onstackit.cloud/commerce-platform/hackdays-common-infra-poc//terraform/modules/redis"
+  stackit_project_id = local.stackit_project_id
+  redis_name         = "test-redis"
+  redis_version      = "7"
+  redis_plan_name    = "stackit-redis-1.4.10-single"
+
+  redis_parameters = {
+    enable_monitoring       = false
+    down_after_milliseconds = 30000
+  }
+}
+```

redis/outputs.tf

@@ -0,0 +1,29 @@
+output "redis_id" {
+  value       = stackit_redis_instance.this.id
+  description = "Redis instance ID"
+}
+
+output "redis_host" {
+  value       = stackit_redis_instance.this.dashboard_url
+  description = "Redis dashboard URL (may contain connection info)"
+}
+
+output "redis_username" {
+  value       = stackit_redis_credential.this.username
+  description = "Redis username"
+}
+
+output "redis_password" {
+  value       = stackit_redis_credential.this.password
+  description = "Redis password"
+}
+
+output "redis_port" {
+  value       = stackit_redis_credential.this.port
+  description = "Redis port"
+}
+
+output "redis_uri" {
+  value       = stackit_redis_credential.this.uri
+  description = "Redis URI"
+}

redis/providers.tf

@@ -0,0 +1,9 @@
+terraform {
+  required_providers {
+    stackit = {
+      source  = "stackitcloud/stackit"
+      version = "~> 0.50.0"
+
+    }
+  }
+}

redis/redis.tf

@@ -0,0 +1,24 @@
+// Redis instance
+
+resource "stackit_redis_instance" "this" {
+  project_id = var.stackit_project_id
+  name       = var.redis_name
+  version    = var.redis_version
+  plan_name  = var.redis_plan_name
+
+  parameters = merge(
+    {
+      enable_monitoring       = var.redis_parameters.enable_monitoring
+      down_after_milliseconds = var.redis_parameters.down_after_milliseconds
+    },
+    var.redis_parameters.sgw_acl != null ? { sgw_acl = var.redis_parameters.sgw_acl } : {},
+    var.redis_parameters.syslog  != null ? { syslog  = var.redis_parameters.syslog  } : {}
+  )
+}
+
+// Redis Credentials
+resource "stackit_redis_credential" "this" {
+  project_id  = var.stackit_project_id
+  instance_id = stackit_redis_instance.this.instance_id
+}
+

redis/variables.tf

@@ -0,0 +1,29 @@
+variable "stackit_project_id" {
+  type        = string
+  description = "STACKIT project ID"
+}
+
+variable "redis_name" {
+  type        = string
+  description = "Redis instance name"
+}
+
+variable "redis_version" {
+  type        = string
+  description = "Redis version (e.g. 7)"
+}
+
+variable "redis_plan_name" {
+  type        = string
+  description = "Redis plan name (e.g. stackit-redis-1.4.10-single)"
+}
+
+variable "redis_parameters" {
+  description = "Optional advanced Redis parameters"
+  type = object({
+    sgw_acl                 = optional(string)
+    enable_monitoring       = bool
+    down_after_milliseconds = number
+    syslog                  = optional(list(string))
+  })
+}

secrets-manager/outputs.tf

@@ -0,0 +1,13 @@
+output "sm_instance" {
+  value = stackit_secretsmanager_instance.secret_manager.instance_id
+}
+
+output "sm_user" {
+  value     = stackit_secretsmanager_user.secret_manager_user.username
+  sensitive = true
+}
+
+output "sm_pw" {
+  value     = stackit_secretsmanager_user.secret_manager_user.password
+  sensitive = true
+}

secrets-manager/providers.tf

@@ -0,0 +1,8 @@
+terraform {
+  required_providers {
+    stackit = {
+      source  = "stackitcloud/stackit"
+      version = "0.43.3"
+    }
+  }
+}

secrets-manager/secrets-manager.tf

@@ -0,0 +1,40 @@
+// Create STACKIT Secrets Manager Instance
+resource "stackit_secretsmanager_instance" "secret_manager" {
+  project_id = var.stackit_project_id
+  name       = var.secret_manager_name
+}
+
+// Define STACKIT Secrets Manager User
+resource "stackit_secretsmanager_user" "secret_manager_user" {
+  depends_on = [ stackit_secretsmanager_instance.secret_manager ]
+  project_id    = var.stackit_project_id
+  instance_id   = stackit_secretsmanager_instance.secret_manager.instance_id
+  description   = var.secret_manager_user_desc
+  write_enabled = var.secret_manager_user_write_enabled
+}
+
+// Configure Secret Manager Provider
+provider "vault" {
+  address          = "https://prod.sm.eu01.stackit.cloud"
+  skip_child_token = true
+
+  auth_login_userpass {
+    username = stackit_secretsmanager_user.secret_manager_user.username
+    password = stackit_secretsmanager_user.secret_manager_user.password
+  }
+}
+
+// Store Secret Manager Credentaisl in Secret Manager
+resource "vault_kv_secret_v2" "secret_manager_cred_save" {
+  depends_on = [ stackit_secretsmanager_instance.secret_manager ]
+  mount               = stackit_secretsmanager_instance.secret_manager.instance_id
+  name                = "secret-manager/users/editor"
+  cas                 = 1
+  delete_all_versions = true
+  data_json = jsonencode(
+    {
+     username = stackit_secretsmanager_user.secret_manager_user.username,
+     password = stackit_secretsmanager_user.secret_manager_user.password
+    }
+  )
+}

secrets-manager/variables.tf

@@ -0,0 +1,19 @@
+variable "stackit_project_id" {
+  description = "ID of the stackit Project"
+  type        = string
+}
+
+variable "secret_manager_name" {
+  description = "the name of the secret manager instance"
+  type        = string
+}
+
+variable "secret_manager_user_desc" {
+  description = "role description for the secret manager user"
+  type        = string
+}
+
+variable "secret_manager_user_write_enabled" {
+  description = "gives user write permissions"
+  type        = bool
+}

ske-cluster/README.md

@@ -0,0 +1,38 @@
+# Module for creating SKE cluster
+
+## Example
+
+```main.tf
+
+# SKE Cluster
+module "ske-cluster" {
+  source                      = "git::https://stackit-hackathon-2025.git.qa.onstackit.cloud/commerce-platform/hackdays-common-infra-poc//terraform/modules/ske-cluster"
+  stackit_project_id          = local.stackit_project_id
+  ske_cluster_name            = "example-cluster"
+  ske_node_pools = [  
+      {
+      name               = "example-pool"
+      machine_type       = "c1.2"
+      minimum            = "2"
+      maximum            = "3"
+      availability_zones = ["eu01-3"]
+    }
+  ]
+  ske_maintenance = {
+    enable_kubernetes_version_updates    = true
+    enable_machine_image_version_updates = true
+    start                                = "01:00:00Z"
+    end                                  = "02:00:00Z"
+  }
+}
+module "save-kubeconfig-sm" {
+  source                      = "git::https://stackit-hackathon-2025.git.qa.onstackit.cloud/commerce-platform/hackdays-common-infra-poc//terraform/modules/create-secret"
+  secret_manager_instance_id  = local.secret_manager_instance_id
+  secret_manager_username     = var.secret_manager_username
+  secret_manager_password     = var.secret_manager_password
+  secrets_path                = "kubernetes/example-cluster"
+  secret_data = {
+    kubeconfig         = module.ske-cluster.ske_kubeconfig
+  }
+}
+```

ske-cluster/outputs.tf

@@ -0,0 +1,4 @@
+output "ske_kubeconfig" {
+  value     = stackit_ske_kubeconfig.this.kube_config
+  sensitive = true
+}

ske-cluster/providers.tf

@@ -0,0 +1,8 @@
+terraform {
+  required_providers {
+    stackit = {
+      source  = "stackitcloud/stackit"
+      version = "~> 0.50.0"
+    }
+  }
+}

ske-cluster/ske-cluster.tf

@@ -0,0 +1,23 @@
+// SKE Cluster
+resource "stackit_ske_cluster" "this" {
+  project_id              = var.stackit_project_id
+  name                    = var.ske_cluster_name
+  maintenance             = var.ske_maintenance
+  node_pools              = var.ske_node_pools
+  #]
+  #extensions = {
+  #  argus = {
+  #    enabled           = true
+   #   argus_instance_id = var.observability-instance-id
+  #  }
+  #}
+}
+
+// Kubeconfig
+resource "stackit_ske_kubeconfig" "this" {
+  depends_on   = [stackit_ske_cluster.this]
+  project_id   = var.stackit_project_id
+  cluster_name = stackit_ske_cluster.this.name
+  refresh      = true
+  expiration   = "15552000" # 6 months
+}

ske-cluster/variables.tf

@@ -0,0 +1,36 @@
+variable "stackit_project_id" {
+  description = "ID of the stackit Project"
+  type        = string
+}
+
+variable "ske_cluster_name" {
+  description = "the cluster name"
+  type        = string
+}
+
+variable "ske_node_pools" {
+  description = "list of node pools for kubernetes cluster"
+  type = list(object({
+    name               = string
+    machine_type       = string
+    minimum            = number
+    maximum            = number
+    availability_zones = list(string)
+  }))
+}
+
+variable "ske_maintenance" {
+  description = "maintenance configuration"
+  type = object({
+    enable_kubernetes_version_updates    = bool
+    enable_machine_image_version_updates = bool
+    start                                = string
+    end                                  = string
+  })
+}
+
+#variable "observability-instance-id" {
+#  description = "instance id of the observability instance for cluster monitoring"
+#  type        = string
+#  
+#}