STACKIT Custom Platform
This guide explains how to integrate STACKIT as a cloud provider in the meshStack platform, enabling application teams to use STACKIT for deploying workloads while leveraging its European-first, GDPR-compliant infrastructure.
Motivation
The Likvid Bank rely on meshStack to standardize cloud access across teams and ensure compliance with internal and external requirements. By adding STACKIT to the mix, platform teams can offer a secure and reliable cloud provider that aligns perfectly with European data protection standards.
Challenges
- Compliance: Ensure workloads run in a fully GDPR-compliant environment.
- Flexibility: Provide an additional cloud provider choice for application teams alongside other providers in the meshStack marketplace.
- Ease of Use: Make STACKIT easily consumable by integrating it into meshStackâs platform workflows.
Features of STACKIT in meshStack
European Data Sovereignty:
- All workloads are hosted in certified EU data centers (e.g., in Germany or Austria).
Wide Range of Services:
- STACKIT provides virtual machines, Kubernetes clusters, and storage options to meet diverse application needs.
Integrating STACKIT with meshStack
1. Setting up STACKIT
Create a STACKIT Account
- Register via the STACKIT Portal.
Set Up Project Management
- Create a management project in your STACKIT organization.
Configure a Service Account
- Create a service account in the management project and generate a token for your organization.
- Grant the service account sufficient permissions to create tenants in your organization.
2. Configure STACKIT Projects in meshStack
Create a Custom Building Block Definition
- Create a new Building Block Definition with the following configuration:
- Implementation Type: Terraform
- Git Repository URL:
git@github.com:likvid-bank/likvid-cloudfoundation.git - Git Repository Path:
kit/stackit/buildingblocks/projects/buildingblock - Inputs:
api_url: The STACKIT API URL (static source).token: The token from your service account (encrypted).workspace_id: The meshStack workspace identifier (source).project_id: The meshStack project identifier (source).parent_container_id: The parent container for resource organization (static source).users: The User Permissions that grant access to the created STACKIT Projects.- Terraform Backend (AWS):
aws_account_id: AWS account ID for the assume role where the backend was created (part ofversions.tf).AWS_ACCESS_KEY_ID: AWS IAM user access key (environment variable).AWS_SECRET_ACCESS_KEY: AWS IAM user secret access key (environment variable, encrypted).
- Outputs:
tenant_id: The unique ID of the created project in STACKIT (Assignment Type: Platform Tenant ID).stackit_login_link: URL for accessing the STACKIT project.
Set Up a Custom Platform
Create a new Custom Platform called:
stackitConfigure the following parameters:
- Description:
Likvid Bank provides a European cloud solution via meshStack, enabling DSGVO-compliant workload provisioning for state-affiliated institutions. - Web Console URL:
https://portal.stackit.cloud/projects - Support URL:
https://meshcloud.slack.com/archives/C0681JFCUQP - Documentation URL:
https://likvid-bank.github.io/likvid-cloudfoundation/platforms/stackit/bootstrap.html
- Description:
Define Landing Zones for Development and Production environments:
- Development:
likvid stackit dev - Production:
likvid stackit prod
- Development:
3. Publish STACKIT Projects building block
- Navigate to the Landing Zone configuration:
- Link the Building Block Definition
STACKIT Projectsto the Landing Zones for both development and production.
- Link the Building Block Definition
- Publish the Custom Platform:
- Ensure that the platform appears in the meshStack marketplace.
- Submit the platform for administrator review and approval.
Conclusion
By following this guide, Likvid Bank provides a European cloud solution via meshStack, enabling DSGVO-compliant workload provisioning for state-affiliated institutions. It offers a solid foundation for clients, ensuring simplicity, compliance, and top-tier security for sensitive data.