From 75cbec8eeb450e7367411398013184084b77b552 Mon Sep 17 00:00:00 2001 From: mcgin314 Date: Tue, 8 Oct 2024 17:38:26 -0400 Subject: [PATCH 1/2] Add istio ingress lb to outputs for use in dns creation --- load_balancer_dns.sh | 15 +++++++++++++++ main.tf | 20 +++++++++++++------- outputs.tf | 5 +++++ 3 files changed, 33 insertions(+), 7 deletions(-) create mode 100755 load_balancer_dns.sh diff --git a/load_balancer_dns.sh b/load_balancer_dns.sh new file mode 100755 index 0000000..744a801 --- /dev/null +++ b/load_balancer_dns.sh @@ -0,0 +1,15 @@ +#!/bin/bash +# Script to get Load Balancer DNS Name based on the tag Name + +LB_NAME=$1 + +lb_arn=$(for i in $(aws elbv2 describe-load-balancers --query 'LoadBalancers[].LoadBalancerArn' --output text); \ +do aws elbv2 describe-tags --resource-arns "$i" --query "TagDescriptions[?Tags[?Key=='Name' &&Value=='$LB_NAME']].ResourceArn" --output text ;done) + +if [ -z "$lb_arn" ]; then + lb_arn="no_arn_exists_for_this_lb_name" +fi + +dns_name=$(aws elbv2 describe-load-balancers --load-balancer-arns $lb_arn --query 'LoadBalancers[].DNSName' --output text) + +jq -n --arg dnsName "$dns_name" '{"dnsName":$dnsName}' \ No newline at end of file diff --git a/main.tf b/main.tf index 8a73964..5d7f8f9 100644 --- a/main.tf +++ b/main.tf @@ -55,12 +55,6 @@ resource "kubernetes_namespace" "ns" { } } -# data "kubernetes_service" "apiserver" { -# metadata { -# name = "kubernetes" -# } -# } - resource "helm_release" "base" { depends_on = [module.images] chart = "base" @@ -111,7 +105,6 @@ resource "helm_release" "istiod" { set { name = "globalproxy.excludeIPRanges" value = "${var.kubernetes_service_apiserver}/32" - # value = "${data.kubernetes_service.apiserver.spec[0].cluster_ip}/32" } } @@ -194,3 +187,16 @@ resource "helm_release" "egress" { timeout = 90 } + +################################################################### +# INGRESS NLB DATA +################################################################### + +# We need to lookup the DNS entry for the istio ingress load balancer +# This value is used to create the CNAME record for cluster app/api addressing in the DNS module +# We use this external data source to avoid issues with running plans +data "external" "load_balancer_dns" { + depends_on = [helm_release.ingress] + + program = ["bash", "${path.module}/load_balancer_dns.sh", format("%v-%v", var.cluster_name, "istio-ingress")] +} \ No newline at end of file diff --git a/outputs.tf b/outputs.tf index b999ac9..ef947c9 100644 --- a/outputs.tf +++ b/outputs.tf @@ -11,3 +11,8 @@ output "module_version" { description = "The version of this module." value = local.module_version } + +output "istio_ingress_lb" { + description = "The Istio ingress network load balancer." + value = data.external.load_balancer_dns.result.dnsName +} \ No newline at end of file From 3979d7dbe64f8564927b0db24c10b3e971ed69d3 Mon Sep 17 00:00:00 2001 From: "Matthew C. Morgan" Date: Thu, 10 Oct 2024 00:20:53 -0400 Subject: [PATCH 2/2] =?UTF-8?q?=E2=99=BB=EF=B8=8F=20=20refactor(dns):=20re?= =?UTF-8?q?factor=20to=20use=20tf=20native?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- README.md | 3 ++- load_balancer_dns.sh | 15 --------------- main.tf | 13 ------------- outputs.tf | 8 ++++---- variables.tf | 2 +- 5 files changed, 7 insertions(+), 34 deletions(-) delete mode 100755 load_balancer_dns.sh diff --git a/README.md b/README.md index 4d78d87..214d6d1 100644 --- a/README.md +++ b/README.md @@ -104,7 +104,6 @@ have a istio proxy configured, prevent communication with that pod.) | [helm_release.ingress](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | | [helm_release.istiod](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | | [kubernetes_namespace.ns](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource | -| [kubernetes_service.apiserver](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/data-sources/service) | data source | ## Inputs @@ -116,6 +115,7 @@ have a istio proxy configured, prevent communication with that pod.) | [extra\_listener\_ports](#input\_extra\_listener\_ports) | A list of additional ports that the ingress load balancer should listen to, 9094 for kafka as an example. | 
list(object({
    name = string
    port = string
  }))
| `[]` | no | | [istio\_chart\_version](#input\_istio\_chart\_version) | The version of istio to install into the cluster. | `string` | `"1.22.3"` | no | | [istio\_version](#input\_istio\_version) | The version of istio to install into the cluster. | `string` | `"1.22.3"` | no | +| [kubernetes\_service\_apiserver](#input\_kubernetes\_service\_apiserver) | Use to exclude internal API service traffic from the service mesh; it should not change but could be necessary to lookup | `string` | `"172.20.0.1"` | no | | [namespace](#input\_namespace) | The namespace to install the istio components. Defaults to 'istio-system' | `string` | `"istio-system"` | no | | [profile](#input\_profile) | AWS\_PROFILE to use to apply the terraform script. | `string` | `""` | no | | [region](#input\_region) | The region in which the cluster is running. | `string` | n/a | yes | @@ -125,6 +125,7 @@ have a istio proxy configured, prevent communication with that pod.) | Name | Description | |------|-------------| +| [istio\_namespace](#output\_istio\_namespace) | The namespace used by istio. | | [module\_name](#output\_module\_name) | The name of this module. | | [module\_version](#output\_module\_version) | The version of this module. | diff --git a/load_balancer_dns.sh b/load_balancer_dns.sh deleted file mode 100755 index 744a801..0000000 --- a/load_balancer_dns.sh +++ /dev/null @@ -1,15 +0,0 @@ -#!/bin/bash -# Script to get Load Balancer DNS Name based on the tag Name - -LB_NAME=$1 - -lb_arn=$(for i in $(aws elbv2 describe-load-balancers --query 'LoadBalancers[].LoadBalancerArn' --output text); \ -do aws elbv2 describe-tags --resource-arns "$i" --query "TagDescriptions[?Tags[?Key=='Name' &&Value=='$LB_NAME']].ResourceArn" --output text ;done) - -if [ -z "$lb_arn" ]; then - lb_arn="no_arn_exists_for_this_lb_name" -fi - -dns_name=$(aws elbv2 describe-load-balancers --load-balancer-arns $lb_arn --query 'LoadBalancers[].DNSName' --output text) - -jq -n --arg dnsName "$dns_name" '{"dnsName":$dnsName}' \ No newline at end of file diff --git a/main.tf b/main.tf index 5d7f8f9..3655bb0 100644 --- a/main.tf +++ b/main.tf @@ -187,16 +187,3 @@ resource "helm_release" "egress" { timeout = 90 } - -################################################################### -# INGRESS NLB DATA -################################################################### - -# We need to lookup the DNS entry for the istio ingress load balancer -# This value is used to create the CNAME record for cluster app/api addressing in the DNS module -# We use this external data source to avoid issues with running plans -data "external" "load_balancer_dns" { - depends_on = [helm_release.ingress] - - program = ["bash", "${path.module}/load_balancer_dns.sh", format("%v-%v", var.cluster_name, "istio-ingress")] -} \ No newline at end of file diff --git a/outputs.tf b/outputs.tf index ef947c9..4b17f45 100644 --- a/outputs.tf +++ b/outputs.tf @@ -12,7 +12,7 @@ output "module_version" { value = local.module_version } -output "istio_ingress_lb" { - description = "The Istio ingress network load balancer." - value = data.external.load_balancer_dns.result.dnsName -} \ No newline at end of file +output "istio_namespace" { + description = "The namespace used by istio." + value = kubernetes_namespace.ns.metadata[0].name +} diff --git a/variables.tf b/variables.tf index 79cf6d2..bd11eb6 100644 --- a/variables.tf +++ b/variables.tf @@ -67,4 +67,4 @@ variable "kubernetes_service_apiserver" { description = "Use to exclude internal API service traffic from the service mesh; it should not change but could be necessary to lookup" type = string default = "172.20.0.1" -} \ No newline at end of file +}