Merge pull request #1 from SCT-Engineering/initial

dns module init
SCT-Engineering · Sep 20, 2024 · 8864dd1 · 8864dd1
2 parents 8e7f700 + b5220b5
commit 8864dd1
Show file tree

Hide file tree

Showing 10 changed files with 259 additions and 184 deletions.
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -37,7 +37,7 @@ repos:
 
 # Terraform Hooks
 - repo: https://github.com/antonbabenko/pre-commit-terraform
-  rev: v1.92.0 # Get the latest from: https://github.com/antonbabenko/pre-commit-terraform/releases
+  rev: v1.96.1 # Get the latest from: https://github.com/antonbabenko/pre-commit-terraform/releases
   hooks:
     - id: terraform_fmt
       args:
@@ -94,6 +94,6 @@ repos:
     #     - --hook-config=--parallelism-ci-cpu-cores=2
 
 - repo: https://github.com/ljnsn/cz-conventional-gitmoji
-  rev: v0.3.2
+  rev: v0.3.3
   hooks:
     - id: conventional-gitmoji
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,34 +0,0 @@
-## 0.1.0 (2024-08-02)
-
-### ✨ Features
-
-- **main.tf**: added adot, snapshot-controller, and updated docs
-- **amazon-cloudwatch-observability**: add cloudwatch addon instead of cloudwatch module
-
-### 🐛🚑️ Fixes
-
-- **main.tf**: no adot avail for 1.30
-- **main.tf**: remove operators due to timing issues
-- **main.tf**: add time_sleep before operators create
-- **main.tf**: removed invalied property >>> ⏰ 1m
-- **main.tf**: add short sleep after kube update
-- **main.tf**: update depends_on
-- **main.tf**: fix irsa_role ref from update >>> ⏰ 5m
-- **irsa_roles.tf**: use cannonical module ref
-- **irsa_roles.tf**: update vars from module
-- **dns_zones.tf**: added cluster name tag to vpc
-- **dummy-vpc**: add filter and tag for dummy-vpc
-
-### 💚👷 CI & Build
-
-- **.cz.yaml**: update commitizen to use scm for version
-- **cz**: update cz to use scm for version
-- **test.yml**: added test.yml to demonstrate how commitizen and pre-commit-hooks work >>> ⏰ 15m
-- **.github/dependabot.yml**: add dependabot for terraform
-- **.cz.yaml**: add commitizen config file >>> ⏰ 2h
-
-### 📝💡 Documentation
-
-- update resource counts on apply/destroy
-- **changelog**: moved old changelog to changelog.md
-- **CHANGELOG.md**: added a changelog by running cz ch >>> ⏰ 15m

diff --git a/README.md b/README.md
diff --git a/aws_data.tf b/aws_data.tf
@@ -0,0 +1,23 @@
+data "aws_vpc" "eks_vpc" {
+  filter {
+    name   = "tag:Name"
+    values = [var.vpc_name]
+  }
+}
+
+data "aws_caller_identity" "current" {}
+
+data "aws_arn" "current" {
+  arn = data.aws_caller_identity.current.arn
+}
+
+#---
+# dummy vpc, so we can associate the zone to this account
+#---
+data "aws_vpc" "dummy_vpc" {
+  count = !(var.shared_vpc_label == null || var.shared_vpc_label == "") ? 1 : 0
+  filter {
+    name   = "tag:Name"
+    values = ["vpc0-dummy"]
+  }
+}
diff --git a/dns-providers.tf b/dns-providers.tf
@@ -0,0 +1,28 @@
+#-------------------------------------------------
+# Providers for Cross Account DNS Action
+#-------------------------------------------------
+provider "aws" {
+  alias  = "route53_main_east"
+  region = var.region_map["east"]
+  assume_role {
+    role_arn     = format("arn:%v:iam::%v:role/r-inf-terraform-route53", data.aws_arn.current.partition, var.route53_endpoints["route53_main"].account_id)
+    session_name = var.os_username
+  }
+}
+
+provider "aws" {
+  alias  = "route53_main_west"
+  region = var.region_map["west"]
+  assume_role {
+    role_arn     = format("arn:%v:iam::%v:role/r-inf-terraform-route53", data.aws_arn.current.partition, var.route53_endpoints["route53_main"].account_id)
+    session_name = var.os_username
+  }
+}
+
+provider "aws" {
+  alias = "self"
+  assume_role {
+    role_arn     = format("arn:%v:iam::%v:role/r-inf-terraform-route53", data.aws_arn.current.partition, data.aws_caller_identity.current.account_id)
+    session_name = var.os_username
+  }
+}
diff --git a/main.tf b/main.tf
@@ -0,0 +1,81 @@
+#-------------------------------------------------
+# DNS Zone for EKS
+#-------------------------------------------------
+
+#-------------------------------------------------
+# Locals
+#-------------------------------------------------
+
+locals {
+  cluster_domain_description = format("%v EKS Cluster DNS Zone", var.cluster_name)
+  cluster_domain_name        = format("%v.%v", var.cluster_name, local.vpc_domain_name)
+  region                     = var.region
+  vpc_domain_name            = var.vpc_domain_name
+}
+
+#-------------------------------------------------
+# cluster_domain dns zone
+#-------------------------------------------------
+
+resource "aws_route53_zone" "cluster_domain" {
+  name          = local.cluster_domain_name
+  comment       = local.cluster_domain_description
+  force_destroy = false
+
+  vpc {
+    vpc_id     = !(var.shared_vpc_label == null || var.shared_vpc_label == "") ? try(data.aws_vpc.dummy_vpc[0].id, null) : data.aws_vpc.eks_vpc.id
+    vpc_region = local.region
+  }
+
+  lifecycle {
+    ignore_changes = [vpc]
+    precondition {
+      condition     = (var.shared_vpc_label == null || var.shared_vpc_label == "") || (!(var.shared_vpc_label == null || var.shared_vpc_label == "") && !(var.vpc_domain_name == null || var.vpc_domain_name == ""))
+      error_message = "var.vpc_domain_name must be provided when shared VPCs are in use."
+    }
+  }
+
+  tags = merge(
+    var.tags,
+    { "Name" = local.cluster_domain_name },
+  )
+}
+
+#---
+# cluster domain associations with central networking account
+# east region
+#---
+module "route53_cluster_domain_east" {
+
+  count = local.region == "us-gov-east-1" && !(var.shared_vpc_label == null || var.shared_vpc_label == "") ? 1 : 0
+  providers = {
+    aws.self = aws.self
+    aws.peer = aws.route53_main_east
+  }
+
+  source   = "git@github.e.it.census.gov:terraform-modules/aws-vpc-setup.git//route53-zone-association/zone?ref=tf-upgrade"
+  region   = "us-gov-east-1"
+  vpc_id   = data.aws_vpc.eks_vpc.id
+  zone_ids = try([aws_route53_zone.cluster_domain.zone_id])
+
+  tags = var.tags
+}
+
+#-------------------------------------------------
+# west region
+#-------------------------------------------------
+module "route53_cluster_domain_west" {
+
+  count = local.region == "us-gov-west-1" && !(var.shared_vpc_label == null || var.shared_vpc_label == "") ? 1 : 0
+  providers = {
+    aws.self = aws.self
+    aws.peer = aws.route53_main_west
+  }
+
+  source   = "git@github.e.it.census.gov:terraform-modules/aws-vpc-setup.git//route53-zone-association/zone?ref=tf-upgrade"
+  region   = "us-gov-west-1"
+  vpc_id   = data.aws_vpc.eks_vpc.id
+  zone_ids = [aws_route53_zone.cluster_domain.zone_id]
+
+  tags = var.tags
+}
diff --git a/outputs.tf b/outputs.tf
@@ -0,0 +1,32 @@
+################################################################################
+# Module information
+################################################################################
+
+output "module_name" {
+  description = "The name of this module."
+  value       = local.module_name
+}
+
+output "module_version" {
+  description = "The version of this module."
+  value       = local.module_version
+}
+
+################################################################################
+# Networking information
+################################################################################
+
+output "cluster_domain" {
+  description = "DNS Zone Name"
+  value       = aws_route53_zone.cluster_domain.name
+}
+
+output "cluster_domain_id" {
+  description = "DNS Zone ID"
+  value       = aws_route53_zone.cluster_domain.zone_id
+}
+
+output "cluster_domain_ns" {
+  description = "DNS Zone Nameservers"
+  value       = aws_route53_zone.cluster_domain.name_servers
+}
diff --git a/requirements.tf b/requirements.tf
@@ -0,0 +1,10 @@
+terraform {
+  required_version = ">= 1.5"
+
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 5.14.0"
+    }
+  }
+}
diff --git a/variables.tf b/variables.tf
@@ -0,0 +1,73 @@
+###################################################################
+# cluster variables
+###################################################################
+
+variable "cluster_name" {
+  description = "EKS cluster name name component used through out the EKS cluster describing its purpose (ex: dice-dev)"
+  type        = string
+}
+
+###################################################################
+# account variables
+###################################################################
+
+variable "vpc_name" {
+  description = "Define the VPC name that will be used by this cluster"
+  type        = string
+}
+
+variable "vpc_domain_name" {
+  description = "The DNS domain name of the vpc the cluster is in."
+  type        = string
+}
+
+###################################################################
+# Common variables
+###################################################################
+
+variable "tags" {
+  description = "AWS Tags to apply to appropriate resources"
+  type        = map(string)
+  default     = {}
+}
+
+variable "region" {
+  description = "AWS config region"
+  type        = string
+  default     = ""
+}
+
+variable "os_username" {
+  description = "OS username from environment variable, ideally as $USER"
+  type        = string
+  default     = null
+}
+
+###################################################################
+# DNS variables
+###################################################################
+
+variable "shared_vpc_label" {
+  description = "Label to use for shared VPC for flowlogs and other things"
+  type        = string
+  default     = null
+}
+
+variable "region_map" {
+  description = "AWS region map"
+  type        = map(string)
+  default     = { "east" : "us-gov-east-1", "west" : "us-gov-west-1" }
+}
+
+variable "route53_endpoints" {
+  description = "Map of target route53 endpoints (for inbound) central VPCs"
+  type        = map(map(string))
+  default = {
+    route53_main = {
+      "account_id"    = "269244441389"
+      "alias"         = "lab-gov-network-nonprod"
+      "us-gov-east-1" = "vpc-070595c5b133243dd"
+      "us-gov-west-1" = "vpc-08b7b4db6a5ddf9c1"
+    }
+  }
+}
diff --git a/version.tf b/version.tf
@@ -0,0 +1,4 @@
+locals {
+  module_name    = "tfmod-eks-dns"
+  module_version = "0.0.1"
+}