diff --git a/README.md b/README.md
index 9521572..2b64e8a 100644
--- a/README.md
+++ b/README.md
@@ -13,15 +13,19 @@ Change logs are auto-generated with commitizen.
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.5 |
| [aws](#requirement\_aws) | >= 5.14.0 |
+| [kubernetes](#requirement\_kubernetes) | >= 2.23.0 |
+| [time](#requirement\_time) | >= 0.9 |
## Providers
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | 5.68.0 |
-| [aws.route53\_main\_east](#provider\_aws.route53\_main\_east) | 5.68.0 |
-| [aws.route53\_main\_west](#provider\_aws.route53\_main\_west) | 5.68.0 |
-| [aws.self](#provider\_aws.self) | 5.68.0 |
+| [aws](#provider\_aws) | 5.70.0 |
+| [aws.route53\_main\_east](#provider\_aws.route53\_main\_east) | 5.70.0 |
+| [aws.route53\_main\_west](#provider\_aws.route53\_main\_west) | 5.70.0 |
+| [aws.self](#provider\_aws.self) | 5.70.0 |
+| [kubernetes](#provider\_kubernetes) | 2.32.0 |
+| [time](#provider\_time) | 0.12.1 |
## Modules
@@ -31,15 +35,20 @@ No modules.
| Name | Type |
|------|------|
+| [aws_route53_record.entry](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) | resource |
+| [aws_route53_record.entry_heritage](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) | resource |
| [aws_route53_vpc_association_authorization.self_zone_east](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_vpc_association_authorization) | resource |
| [aws_route53_vpc_association_authorization.self_zone_west](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_vpc_association_authorization) | resource |
| [aws_route53_zone.cluster_domain](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_zone) | resource |
| [aws_route53_zone_association.self_zone_east](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_zone_association) | resource |
| [aws_route53_zone_association.self_zone_west](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_zone_association) | resource |
+| [time_static.timestamp](https://registry.terraform.io/providers/hashicorp/time/latest/docs/resources/static) | resource |
| [aws_arn.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/arn) | data source |
| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
+| [aws_lb.lb](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/lb) | data source |
| [aws_vpc.dummy_vpc](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/vpc) | data source |
| [aws_vpc.eks_vpc](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/vpc) | data source |
+| [kubernetes_service.istio_ingressgateway](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/data-sources/service) | data source |
## Inputs
diff --git a/aws_data.tf b/aws_data.tf
index 92d996a..e3e0caa 100644
--- a/aws_data.tf
+++ b/aws_data.tf
@@ -20,4 +20,16 @@ data "aws_vpc" "dummy_vpc" {
name = "tag:Name"
values = ["vpc0-dummy"]
}
-}
\ No newline at end of file
+}
+
+data "kubernetes_service" "istio_ingressgateway" {
+ metadata {
+ name = "istio-ingressgateway"
+ namespace = "istio-system"
+ }
+}
+
+data "aws_lb" "lb" {
+ count = local.is_gateway_active ? 1 : 0
+ name = split("-", data.kubernetes_service.istio_ingressgateway.status[0].load_balancer[0].ingress[0].hostname)[0]
+}
diff --git a/main.tf b/main.tf
index 6ce4bb6..e410f9e 100644
--- a/main.tf
+++ b/main.tf
@@ -7,7 +7,7 @@
#-------------------------------------------------
locals {
- _defaults = {
+ defaults = {
enable_ptr = {
cname = false
a = false
@@ -26,28 +26,23 @@ locals {
ptr = ""
}
}
-}
-
-locals {
base_heritage_tags = [
- format("heritage=%v", local._defaults.heritage_label),
- format("%v/account_id=%v", local._defaults.heritage_label, data.aws_caller_identity.current.account_id),
- format("%v/region=%v", local._defaults.heritage_label, local.region),
- format("%v/create_time=%d", local._defaults.heritage_label, time_static.timestamp.unix)
+ format("heritage=%v", local.defaults.heritage_label),
+ format("%v/account_id=%v", local.defaults.heritage_label, data.aws_caller_identity.current.account_id),
+ format("%v/region=%v", local.defaults.heritage_label, local.region),
+ format("%v/create_time=%d", local.defaults.heritage_label, time_static.timestamp.unix)
]
- # heritage_tags = [for k, v in {} : format("%v/%v=%v", local._defaults.heritage_label, k, v)]
-}
-locals {
cluster_domain_description = format("%v EKS Cluster DNS Zone", var.cluster_name)
cluster_domain_name = format("%v.%v", var.cluster_name, local.vpc_domain_name)
- region = var.region
- is_shared_vpc = data.aws_vpc.eks_vpc.owner_id != data.aws_caller_identity.current.account_id
- vpc_domain_name = var.vpc_domain_name
- record_type = "cname"
- ttl = 900
+ default_heritage_prefix = lookup(local.defaults.heritage_prefix, local.record_type, "") != "" ? format("%v.", local.defaults.heritage_prefix[local.record_type]) : ""
+
+ is_gateway_active = data.kubernetes_service.istio-ingressgateway.status != null
- default_heritage_prefix = lookup(local._defaults.heritage_prefix, local.record_type, "") != "" ? format("%v.", lookup(local._defaults.heritage_prefix, local.record_type)) : ""
+ is_shared_vpc = data.aws_vpc.eks_vpc.owner_id != data.aws_caller_identity.current.account_id
+ record_type = "cname"
+ region = var.region
+ vpc_domain_name = var.vpc_domain_name
}
resource "time_static" "timestamp" {}
@@ -85,22 +80,21 @@ resource "aws_route53_zone" "cluster_domain" {
# east region
#---
resource "aws_route53_vpc_association_authorization" "self_zone_east" {
- depends_on = [aws_route53_zone.cluster_domain]
- count = local.region == "us-gov-east-1" && local.is_shared_vpc ? 1 : 0
+ count = local.region == "us-gov-east-1" && local.is_shared_vpc ? 1 : 0
provider = aws.self
- zone_id = aws_route53_zone.cluster_domain.zone_id
- vpc_region = "us-gov-east-1"
vpc_id = data.aws_vpc.eks_vpc.id
+ vpc_region = "us-gov-east-1"
+ zone_id = aws_route53_zone.cluster_domain.zone_id
}
resource "aws_route53_zone_association" "self_zone_east" {
- provider = aws.route53_main_east
- count = local.region == "us-gov-east-1" && local.is_shared_vpc ? 1 : 0
+ count = local.region == "us-gov-east-1" && local.is_shared_vpc ? 1 : 0
- zone_id = aws_route53_zone.cluster_domain.zone_id
+ provider = aws.route53_main_east
vpc_id = data.aws_vpc.eks_vpc.id
vpc_region = "us-gov-east-1"
+ zone_id = aws_route53_zone.cluster_domain.zone_id
depends_on = [aws_route53_vpc_association_authorization.self_zone_east]
}
@@ -109,22 +103,21 @@ resource "aws_route53_zone_association" "self_zone_east" {
# west region
#-------------------------------------------------
resource "aws_route53_vpc_association_authorization" "self_zone_west" {
- depends_on = [aws_route53_zone.cluster_domain]
- count = local.region == "us-gov-west-1" && local.is_shared_vpc ? 1 : 0
+ count = local.region == "us-gov-west-1" && local.is_shared_vpc ? 1 : 0
provider = aws.self
- zone_id = aws_route53_zone.cluster_domain.zone_id
- vpc_region = "us-gov-west-1"
vpc_id = data.aws_vpc.eks_vpc.id
+ vpc_region = "us-gov-west-1"
+ zone_id = aws_route53_zone.cluster_domain.zone_id
}
resource "aws_route53_zone_association" "self_zone_west" {
- provider = aws.route53_main_west
- count = local.region == "us-gov-west-1" && local.is_shared_vpc ? 1 : 0
+ count = local.region == "us-gov-west-1" && local.is_shared_vpc ? 1 : 0
- zone_id = aws_route53_zone.cluster_domain.zone_id
+ provider = aws.route53_main_west
vpc_id = data.aws_vpc.eks_vpc.id
vpc_region = "us-gov-west-1"
+ zone_id = aws_route53_zone.cluster_domain.zone_id
depends_on = [aws_route53_vpc_association_authorization.self_zone_west]
}
@@ -134,19 +127,17 @@ resource "aws_route53_zone_association" "self_zone_west" {
###################################################################
resource "aws_route53_record" "entry" {
- zone_id = aws_route53_zone.cluster_domain.zone_id
name = "*.${local.cluster_domain_name}"
- type = upper(local.record_type)
- ttl = local.ttl
- records = [var.istio_ingress_lb]
+ records = [data.aws_lb.lb[0].dns_name]
+ ttl = 900
+ type = "CNAME"
+ zone_id = aws_route53_zone.cluster_domain.zone_id
}
resource "aws_route53_record" "entry_heritage" {
- zone_id = aws_route53_zone.cluster_domain.zone_id
name = format("%v%v", local.default_heritage_prefix, "*.${local.cluster_domain_name}")
-
- type = "TXT"
- ttl = local.ttl
- # records = [join(",", concat(local.base_heritage_tags, local.heritage_tags))]
- records = local.base_heritage_tags
+ records = [join(",", local.base_heritage_tags)]
+ ttl = 900
+ type = "TXT"
+ zone_id = aws_route53_zone.cluster_domain.zone_id
}
diff --git a/requirements.tf b/requirements.tf
index 94a08f3..2ce3460 100644
--- a/requirements.tf
+++ b/requirements.tf
@@ -6,5 +6,13 @@ terraform {
source = "hashicorp/aws"
version = ">= 5.14.0"
}
+ kubernetes = {
+ source = "hashicorp/kubernetes"
+ version = ">= 2.23.0"
+ }
+ time = {
+ source = "hashicorp/time"
+ version = ">= 0.9"
+ }
}
}
diff --git a/variables.tf b/variables.tf
index 46ed081..fd07e63 100644
--- a/variables.tf
+++ b/variables.tf
@@ -47,10 +47,6 @@ variable "os_username" {
# DNS variables
###################################################################
-variable "istio_ingress_lb" {
- description = "The Istio ingress network load balancer."
- type = string
-}
variable "region_map" {
description = "AWS region map"