From ab8b13b9022f33ec1044f31b4c23a50b5fab9e82 Mon Sep 17 00:00:00 2001 From: "Matthew C. Morgan" Date: Fri, 11 Oct 2024 02:07:54 -0400 Subject: [PATCH 1/4] module --- README.md | 7 +++--- aws_data.tf | 7 ++++++ main.tf | 65 ++++++++++++++++++++--------------------------------- 3 files changed, 35 insertions(+), 44 deletions(-) diff --git a/README.md b/README.md index 4552b2e..5116629 100644 --- a/README.md +++ b/README.md @@ -29,14 +29,14 @@ Change logs are auto-generated with commitizen. ## Modules -No modules. +| Name | Source | Version | +|------|--------|---------| +| [cluster\_domain\_cname](#module\_cluster\_domain\_cname) | git@github.e.it.census.gov:terraform-modules/aws-dns//cname | n/a | ## Resources | Name | Type | |------|------| -| [aws_route53_record.entry](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) | resource | -| [aws_route53_record.entry_heritage](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) | resource | | [aws_route53_vpc_association_authorization.self_zone_east](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_vpc_association_authorization) | resource | | [aws_route53_vpc_association_authorization.self_zone_west](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_vpc_association_authorization) | resource | | [aws_route53_zone.cluster_domain](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_zone) | resource | @@ -48,6 +48,7 @@ No modules. | [aws_lb.lb](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/lb) | data source | | [aws_vpc.dummy_vpc](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/vpc) | data source | | [aws_vpc.eks_vpc](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/vpc) | data source | +| [aws_vpc_dhcp_options.options](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/vpc_dhcp_options) | data source | | [kubernetes_service.istio_ingressgateway](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/data-sources/service) | data source | ## Inputs diff --git a/aws_data.tf b/aws_data.tf index 7bfda66..dd53245 100644 --- a/aws_data.tf +++ b/aws_data.tf @@ -5,6 +5,13 @@ data "aws_vpc" "eks_vpc" { } } +data "aws_vpc_dhcp_options" "options" { + filter { + name = "vpc-id" + values = [local.vpc_id] + } +} + data "aws_caller_identity" "current" {} data "aws_arn" "current" { diff --git a/main.tf b/main.tf index fb4beda..4e0c1ee 100644 --- a/main.tf +++ b/main.tf @@ -7,38 +7,12 @@ #------------------------------------------------- locals { - defaults = { - enable_ptr = { - cname = false - a = false - aaaa = false - txt = false - host = true - ptr = true - } - heritage_label = "terraform" - heritage_prefix = { - cname = "_txt" - a = "" - aaaa = "" - txt = "_txt" - host = "" - ptr = "" - } - } - base_heritage_tags = [ - format("heritage=%v", local.defaults.heritage_label), - format("%v/account_id=%v", local.defaults.heritage_label, data.aws_caller_identity.current.account_id), - format("%v/region=%v", local.defaults.heritage_label, local.region), - format("%v/create_time=%d", local.defaults.heritage_label, time_static.timestamp.unix) - ] cluster_domain_description = format("%v EKS Cluster DNS Zone", var.cluster_name) cluster_domain_name = format("%v.%v", var.cluster_name, local.vpc_domain_name) - default_heritage_prefix = lookup(local.defaults.heritage_prefix, local.record_type, "") != "" ? format("%v.", local.defaults.heritage_prefix[local.record_type]) : "" is_shared_vpc = data.aws_vpc.eks_vpc.owner_id != data.aws_caller_identity.current.account_id - record_type = "cname" region = var.region vpc_domain_name = var.vpc_domain_name + vpc_id = data.aws_vpc.eks_vpc.id } resource "time_static" "timestamp" {} @@ -122,18 +96,27 @@ resource "aws_route53_zone_association" "self_zone_west" { # Cluster DNS CNAME MAPPED TO INGRESS NLB ################################################################### -resource "aws_route53_record" "entry" { - name = "*.${local.cluster_domain_name}" - records = [data.aws_lb.lb.dns_name] - ttl = 900 - type = "CNAME" - zone_id = aws_route53_zone.cluster_domain.zone_id -} - -resource "aws_route53_record" "entry_heritage" { - name = format("%v%v", local.default_heritage_prefix, "*.${local.cluster_domain_name}") - records = [join(",", local.base_heritage_tags)] - ttl = 900 - type = "TXT" - zone_id = aws_route53_zone.cluster_domain.zone_id +# resource "aws_route53_record" "entry" { +# name = "*.${local.cluster_domain_name}" +# records = [data.aws_lb.lb.dns_name] +# ttl = 900 +# type = "CNAME" +# zone_id = aws_route53_zone.cluster_domain.zone_id +# } + +# resource "aws_route53_record" "entry_heritage" { +# name = format("%v%v", local.default_heritage_prefix, "*.${local.cluster_domain_name}") +# records = [join(",", local.base_heritage_tags)] +# ttl = 900 +# type = "TXT" +# zone_id = aws_route53_zone.cluster_domain.zone_id +# } + +module "cluster_domain_cname" { + # tflint-ignore: terraform_module_pinned_source + source = "git@github.e.it.census.gov:terraform-modules/aws-dns//cname" + + name = format("%v.%v", var.cluster_name, data.aws_vpc_dhcp_options.options.domain_name) + values = data.aws_lb.lb.dns_name + zone = aws_route53_zone.cluster_domain.zone_id } From b86b02608ecbecf61fbdd54d1bbea8b60ebb163a Mon Sep 17 00:00:00 2001 From: "Matthew C. Morgan" Date: Fri, 11 Oct 2024 02:13:38 -0400 Subject: [PATCH 2/4] vpc-id another way --- README.md | 3 +-- aws_data.tf | 7 ------- main.tf | 5 ++--- 3 files changed, 3 insertions(+), 12 deletions(-) diff --git a/README.md b/README.md index 5116629..73b47cb 100644 --- a/README.md +++ b/README.md @@ -31,7 +31,7 @@ Change logs are auto-generated with commitizen. | Name | Source | Version | |------|--------|---------| -| [cluster\_domain\_cname](#module\_cluster\_domain\_cname) | git@github.e.it.census.gov:terraform-modules/aws-dns//cname | n/a | +| [cname\_cluster\_domain](#module\_cname\_cluster\_domain) | git@github.e.it.census.gov:terraform-modules/aws-dns//cname | n/a | ## Resources @@ -48,7 +48,6 @@ Change logs are auto-generated with commitizen. | [aws_lb.lb](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/lb) | data source | | [aws_vpc.dummy_vpc](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/vpc) | data source | | [aws_vpc.eks_vpc](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/vpc) | data source | -| [aws_vpc_dhcp_options.options](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/vpc_dhcp_options) | data source | | [kubernetes_service.istio_ingressgateway](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/data-sources/service) | data source | ## Inputs diff --git a/aws_data.tf b/aws_data.tf index dd53245..7bfda66 100644 --- a/aws_data.tf +++ b/aws_data.tf @@ -5,13 +5,6 @@ data "aws_vpc" "eks_vpc" { } } -data "aws_vpc_dhcp_options" "options" { - filter { - name = "vpc-id" - values = [local.vpc_id] - } -} - data "aws_caller_identity" "current" {} data "aws_arn" "current" { diff --git a/main.tf b/main.tf index 4e0c1ee..a0d2cc6 100644 --- a/main.tf +++ b/main.tf @@ -12,7 +12,6 @@ locals { is_shared_vpc = data.aws_vpc.eks_vpc.owner_id != data.aws_caller_identity.current.account_id region = var.region vpc_domain_name = var.vpc_domain_name - vpc_id = data.aws_vpc.eks_vpc.id } resource "time_static" "timestamp" {} @@ -112,11 +111,11 @@ resource "aws_route53_zone_association" "self_zone_west" { # zone_id = aws_route53_zone.cluster_domain.zone_id # } -module "cluster_domain_cname" { +module "cname_cluster_domain" { # tflint-ignore: terraform_module_pinned_source source = "git@github.e.it.census.gov:terraform-modules/aws-dns//cname" - name = format("%v.%v", var.cluster_name, data.aws_vpc_dhcp_options.options.domain_name) + name = format("%v.%v", var.cluster_name, local.cluster_domain_name) values = data.aws_lb.lb.dns_name zone = aws_route53_zone.cluster_domain.zone_id } From f3ceabed67ddd20dfcaa991649e65b48929c3f16 Mon Sep 17 00:00:00 2001 From: "Matthew C. Morgan" Date: Fri, 11 Oct 2024 02:17:56 -0400 Subject: [PATCH 3/4] star --- main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/main.tf b/main.tf index a0d2cc6..94f29a6 100644 --- a/main.tf +++ b/main.tf @@ -115,7 +115,7 @@ module "cname_cluster_domain" { # tflint-ignore: terraform_module_pinned_source source = "git@github.e.it.census.gov:terraform-modules/aws-dns//cname" - name = format("%v.%v", var.cluster_name, local.cluster_domain_name) + name = format("%v.%v", "*", local.cluster_domain_name) values = data.aws_lb.lb.dns_name zone = aws_route53_zone.cluster_domain.zone_id } From efaf198641050f346f3d5edfefce3b3ead9553fc Mon Sep 17 00:00:00 2001 From: "Matthew C. Morgan" Date: Fri, 11 Oct 2024 02:20:54 -0400 Subject: [PATCH 4/4] cleanup --- main.tf | 16 ---------------- 1 file changed, 16 deletions(-) diff --git a/main.tf b/main.tf index 94f29a6..e3aa51e 100644 --- a/main.tf +++ b/main.tf @@ -95,22 +95,6 @@ resource "aws_route53_zone_association" "self_zone_west" { # Cluster DNS CNAME MAPPED TO INGRESS NLB ################################################################### -# resource "aws_route53_record" "entry" { -# name = "*.${local.cluster_domain_name}" -# records = [data.aws_lb.lb.dns_name] -# ttl = 900 -# type = "CNAME" -# zone_id = aws_route53_zone.cluster_domain.zone_id -# } - -# resource "aws_route53_record" "entry_heritage" { -# name = format("%v%v", local.default_heritage_prefix, "*.${local.cluster_domain_name}") -# records = [join(",", local.base_heritage_tags)] -# ttl = 900 -# type = "TXT" -# zone_id = aws_route53_zone.cluster_domain.zone_id -# } - module "cname_cluster_domain" { # tflint-ignore: terraform_module_pinned_source source = "git@github.e.it.census.gov:terraform-modules/aws-dns//cname"