Skip to main content

Templates

Accelerate your cloud journey with our collection of production-ready infrastructure templates, purpose-built for Open Telekom Cloud. Whether you're launching a simple proof of concept or orchestrating a complex, multi-service architecture, these turnkey solutions empower you to deploy with speed, consistency, and confidence. Designed around tools like Terraform, TOSCA and Open Telekom Cloud services as Create Cloud & Resource Formation Service, each template reflects best practices and real-world expertise—helping you reduce setup time, eliminate manual errors, and focus on delivering value. From networking and compute to storage and security, discover a smarter way to build in the cloud.

OpenShift logo
OpenShift
This template deploys a Self-managed OpenShift Container Platform on Open Telekom Cloud with worker nodes in one availability zone. To deploy worker nodes in three availability zones, use the template OpenStack HA.
Cloud Create
OpenShift HA logo
OpenShift HA
This template deploys a Self-managed OpenShift Container Platform on Open Telekom Cloud with master and worker nodes in 3 availability zones.
Cloud Create
Bastion Host logo
Bastion Host
This template demonstrates the usecase of the bastion host and the NAT gateway. The bastion host is used as a jump-host to access the private compute via the Admin Network. The private compute has the network port in the Data Network as the default port for outgoing traffic. The NAT gateway is used for SNAT outgoing traffic from the private compute.
Cloud Create
Prometheus logo
Prometheus
This template creates a Prometheus monitoring system with Prometheus server (v2.54.1), Grafana (v11.2.2), node exporter (v1.8.2), and alertmanager (v0.27.0).
Cloud Create
NextCloud logo
NextCloud
This template deploys NextCloud app (version 28) on Open Telekom Cloud using Object Storage and Relational Database Service as the storage back-end and the MySQL Server, respectively.
Cloud Create
P2S VPN logo
P2S VPN
Deploy and maintain Point-to-Site OpenVPN connections on Open Telekom Cloud using Terraform + Ansible. Provision VPC, ECS instance, security groups (SSH/UDP), and private DNS in one go. Automate OpenVPN/EasyRSA installation, firewall hardening, and user certificate lifecycle (create, revoke, package). Built-in backup/restore workflows ensure seamless operational continuity.
TerraformAnsible
ACME logo
Partner Template
ACME
Automate ACME SSL/TLS certificate issuance and renewal on Open Telekom Cloud. Automatically provision a DNS Admin user, enforce 30-day key rotation, and orchestrate DNS-01 challenges. Support wildcard/SAN certs with ECDSA/RSA key options and configurable renewal thresholds for scalable, compliant HTTPS.
Terraform
CCE logo
Partner Template
CCE
Provision a production-grade Open Telekom Cloud Container Engine (CCE) cluster with a single Terraform module. Seamlessly integrate VPC/subnets, node pools with autoscaling, and optional high availability. Customize cluster version, node flavors, storage, and addons for resilient, scalable container workloads.
Terraform
CCE GPU Node Pool logo
Partner Template
CCE GPU Node Pool
Provision a production-grade CCE cluster on Open Telekom Cloud with a single Terraform module. Automate VPC/subnet setup, node pools with autoscaling, and optional multi-AZ high availability. Customize Kubernetes version, node flavors, storage classes, and addon integrations. Simplify scalable, resilient container orchestration with end-to-end infrastructure automation.
Terraform
CRD Installer logo
Partner Template
CRD Installer
Automate extraction and deployment of Kubernetes CRDs from Helm charts into your OTC cluster. Preload cert-manager, Traefik, Kyverno, Prometheus CRDs—or add custom charts—with version overrides.
Terraform
CTS logo
Partner Template
CTS
Provision OTC Cloud Trace Service with a secure, encrypted OBS bucket and CTS tracker. Customize data retention (default 180 days), object prefixes, and optional trace analysis. Leverage built-in KMS key management for compliant encryption. Automate trace collection and storage with a single Terraform module.
Terraform
Dedicated ELB logo
Partner Template
Dedicated ELB
Deploy a dedicated ELB instance with public and private IPs (including EIP) on Open Telekom Cloud via Terraform. Automate availability zone, subnet, network, and bandwidth provisioning with selectable L4/L7 load-balancer flavors. Expose ELB ID, private/public IP outputs, and apply custom tags for seamless infrastructure governance.
Terraform
Enterprise VPN Connection logo
Partner Template
Enterprise VPN Connection
Orchestrate OTC Enterprise VPN gateway and IPSec connections with Terraform. Configure IPsec tunnels (static/policy/BGP) with customizable IKE/IPsec policies, DPD, NQA, and HA modes (active-active/standby). Automate remote gateway and PSK provisioning along with multi-tunnel orchestration. Export connection details for secure, scalable on-premises connectivity.
Terraform
Enterprise VPN Gateway logo
Partner Template
Enterprise VPN Gateway
Automate deployment of Open Telekom Cloud Enterprise VPN gateways with Terraform. Customize gateway name, bandwidth, description, IKE/IPsec policies, BGP settings, and HA mode. Enable active-active or standby high availability for resilient connectivity. Expose gateway IDs, IP addresses, and status outputs for seamless integration.
Terraform
EVS logo
Partner Template
EVS
Automate encrypted EVS volume provisioning on Open Telekom Cloud with a single Terraform module. Define multiple volumes across availability zones with custom specs (size, type, device) and unified tags. Generate and manage KMS keys by prefix, exposing a map of volume resources for seamless orchestration.
Terraform
Jumphosts logo
Partner Template
Jumphosts
Deploy a secure SSH jumphost on Open Telekom Cloud via Terraform. Automate VPC/subnet, ECS instance with boot volume, floating IP, and security group rules. Enable cloud-init customization, host key persistence, and optional KMS disk encryption. Expose public/private IPs and security group ID for seamless integration.
Terraform
Keycloak SSO (OIDC) logo
Partner Template
Keycloak SSO (OIDC)
Provision Keycloak as an OIDC SSO identity provider for Open Telekom Cloud with a single Terraform module. Automatically create a Keycloak OpenID client, default scopes, and OTC identity_provider resource with JSON-driven claim mappings for users and groups. Supports custom domain, realm, endpoint configuration and outputs the OTC SSO URL for seamless integration.
Terraform
Keycloak SSO (SAML) logo
Partner Template
Keycloak SSO (SAML)
Provision Keycloak as an SAML SSO identity provider for Open Telekom Cloud with a single Terraform module. Automatically create a Keycloak OpenID client, default scopes, and OTC identity_provider resource with JSON-driven claim mappings for users and groups. Supports custom domain, realm, endpoint configuration and outputs the OTC SSO URL for seamless integration.
Terraform
ELB logo
Partner Template
ELB
Provision scalable L4/L7 load balancers on Open Telekom Cloud with Terraform. Create listeners, pools, health monitors, and backend members with customizable protocols, ports, and session persistence. Enable SSL termination, cross-AZ deployment, autoscaling, and tagging for end-to-end traffic management.
Terraform
Restricted OBS Bucket logo
Partner Template
Restricted OBS Bucket
Provision a KMS-SSE encrypted OBS bucket with a dedicated access user scoped to that bucket on OTC. Automatically create the user, group, roles, and KMS key, with optional versioning, force-destroy, and tagging. Expose bucket name plus scoped access and secret keys for secure, compliant object storage.
Terraform
OBS Secrets Reader logo
Partner Template
OBS Secrets Reader
Read JSON-formatted secrets from an encrypted OBS bucket on Open Telekom Cloud. Automatically fetch and parse your secrets file, exposing values as Terraform outputs. Works with KMS-SSE encryption and scoped IAM credentials for secure, in-Terraform secret retrieval.
Terraform
OBS Secrets Writer logo
Partner Template
OBS Secrets Writer
Automate writing JSON-formatted secrets to an encrypted OBS bucket on Open Telekom Cloud. Provision or reuse a KMS-SSE bucket with scoped IAM credentials, versioning, and force-destroy options. Serialize Terraform variables into a secrets file and upload via OBS object. Output bucket details and object path for seamless consumption by downstream modules.
Terraform
Private DNS logo
Partner Template
Private DNS
Manage private DNS in Open Telekom Cloud with a single Terraform module. Automate creation of DNS zones, VPC zone associations, and recordsets (A, CNAME, MX, TXT, SRV). Customize TTLs, tags, and forwarding rules for secure, scalable internal name resolution.
Terraform
Projects logo
Partner Template
Projects
Optimize tenant project lifecycle on Open Telekom Cloud with Terraform. Automate creation, deletion, and quota configuration—including service enablement and custom resource limits. Assign users, roles, and tags, exposing project IDs and credentials for integrated access management.
Terraform
Public DNS logo
Partner Template
Public DNS
Manage public DNS zones on Open Telekom Cloud with a single Terraform module. Automate creation of zones, recordsets (A, AAAA, CNAME, MX, TXT, SRV), and optional reverse DNS entries. Customize TTLs, tags, and forwarding policies for resilient, high-performance domain resolution. Enable self-service domain management with minimal operational overhead.
Terraform
RDS logo
Partner Template
RDS
Provision managed MySQL, PostgreSQL, or SQL Server instances on Open Telekom Cloud with Terraform. Customize engine version, compute/storage specs, HA replicas, backup retention, and KMS-encrypted volumes. Integrate monitoring, security groups, optional EIP, and output endpoints and credentials for seamless app integration.
Terraform
SFS logo
Partner Template
SFS
Provision and manage Scalable File Service (SFS) volumes with KMS encryption and automated CBR backups via a single Terraform module. Create SFS Turbo shares, security groups, and backup vault/policies with customizable retention and iCal-based trigger schedules. Configure availability zone, VPC/subnet, volume size/type, and KMS key lifecycle for resilient, secure file storage.
Terraform
SNAT logo
Partner Template
SNAT
Provision a dedicated NAT gateway with SNAT rules to enable internet egress from your VPC subnets. Customize gateway bandwidth, size, and target networks using subnet IDs or CIDRs. Defaults to its own subnet if no networks specified and outputs the allocated EIP for seamless integration.
Terraform
Encrypted Terraform Remote State logo
Partner Template
Encrypted Terraform Remote State
Provision an encrypted OBS bucket for Terraform remote state on Open Telekom Cloud with a single module. Encrypt the bucket using a KMS key, enforce prevent_destroy for immutability, and output a ready-to-use backend configuration. It streamlines secure, compliant state management at scale.
Terraform
VPC/Subnet logo
Partner Template
VPC/Subnet
Deploy a VPC with multiple subnets on Open Telekom Cloud using a single Terraform module. Customize your CIDR block, DNS server list, and tags uniformly across all subnets. Automatically output the VPC and subnet objects for seamless integration and scalable network foundations.
Terraform
WAF logo
Partner Template
WAF
Protect web apps with OTC WAF, automating DNS CNAME record, WAF domain and certificate resources via Terraform. Configure backend server endpoints, enforce TLSv1.2 or v1.1 with customizable cipher suites, and opt-in client/server insecure modes. Leverage default or custom WAF policies for Layer-7 threat mitigation and bot protection in code-driven deployments.
Terraform