update based on new cluster

terraform-modules · Apr 7, 2022 · 3157a1e · 3157a1e
1 parent 92e6c05
commit 3157a1e
Show file tree

Hide file tree

Showing 4 changed files with 136 additions and 3 deletions.
diff --git a/examples/full-cluster/common-services/cert.tf b/examples/full-cluster/common-services/cert.tf
@@ -29,7 +29,7 @@ module "cert" {
 
   certificate_cn                = local.ca_dns_name
   certificate_san               = [local.ca_dns_name]
-  certificate_download          = true
+  certificate_download          = local.ca_cert_download
   enable_acm_certificate        = false
   certificate_subject_overrides = { ou = local.ca_ou }
   certificate_csr_message       = <<EOM

diff --git a/examples/full-cluster/common-services/tf-run.data b/examples/full-cluster/common-services/tf-run.data
@@ -1,8 +1,11 @@
-VERSION 1.1.0
+VERSION 1.1.2
 REMOTE-STATE
 COMMAND tf-directory-setup.py -l none -f
 COMMAND setup-new-directory.sh
 COMMAND tf-init -upgrade
+COMMAND ln -sf ../settings.auto.tfvars
+COMMAND ln -sf ../variables.vpc.auto.tfvars .
+COMMAND ln -sf ../variables.vpc.tf
 # tls_private_key.ca tls_cert_request.ca null_resource.ca_root_cert null_resource.ca_files
 # null_resource.ca_cert
 # local_file.ca_bundle_cert

diff --git a/examples/full-cluster/dns-zone.tf.cat b/examples/full-cluster/dns-zone.tf.cat
@@ -0,0 +1,128 @@
+locals {
+  cluster_domain_name        = format("%v.%v", var.cluster_name, var.vpc_domain_name)
+  cluster_domain_description = format("%v EKS Cluster DNS Zone", var.cluster_name)
+# true for gov, fale for cat
+##  aws_dns_infrastructure     = false
+}
+
+resource "aws_route53_zone" "cluster_domain" {
+  name          = local.cluster_domain_name
+  comment       = local.cluster_domain_description
+  force_destroy = false
+
+  vpc {
+    vpc_id     = data.aws_vpc.eks_vpc.id
+    vpc_region = local.region
+  }
+
+  ##   dynamic "vpc" {
+  ##     for_each = true ? var.region_map : {}
+  ##     iterator = r
+  ##     content {
+  ##       vpc_id     = var.main_dns_vpcs[r.value]
+  ##       vpc_region = r.value
+  ##     }
+  ##   }
+
+  lifecycle {
+    ignore_changes = [vpc]
+  }
+
+  tags = merge(
+    local.base_tags,
+    local.common_tags,
+    var.tags,
+    var.application_tags,
+    tomap({ "Name" = local.cluster_domain_name }),
+  )
+
+  #  depends_on = [ aws_route53_vpc_association_authorization.west_cluster_domain, aws_route53_vpc_association_authorization.east_cluster_domain ]
+}
+
+output "cluster_domain_name" {
+  description = "DNS Zone Name"
+  value       = local.cluster_domain_name
+}
+
+output "cluster_domain_id" {
+  description = "DNS Zone ID"
+  value       = aws_route53_zone.cluster_domain.zone_id
+}
+
+output "cluster_domain_ns" {
+  description = "DNS Zone Nameservers"
+  value       = aws_route53_zone.cluster_domain.name_servers
+}
+
+# now we need to add the NS records for the new zone to the parent zone
+data "aws_route53_zone" "parent" {
+  name         = var.vpc_domain_name
+  private_zone = true
+}
+
+resource "aws_route53_record" "cluster_domain" {
+  allow_overwrite = true
+  name            = local.cluster_domain_name
+  type            = "NS"
+  ttl             = 900
+  zone_id         = data.aws_route53_zone.parent.zone_id
+
+  records = aws_route53_zone.cluster_domain.name_servers
+}
+
+## #---
+## # associate to main do2-govcloud vpc1-services east and west for inbound resolution
+## # NOT in cat
+## #---
+## provider "aws" {
+##   alias   = "east_main_dns"
+##   region  = local.aws_dns_infrastructure ? var.region_map["east"] : ""
+##   profile = var.main_dns_profile
+## }
+## 
+## provider "aws" {
+##   alias   = "west_main_dns"
+##   region  = local.aws_dns_infrastructure ? var.region_map["west"] : ""
+##   profile = var.main_dns_profile
+## }
+## 
+## # resource "aws_route53_vpc_association_authorization" "cluster_domain" {
+## #   for_each = var.region_map
+## # 
+## #   zone_id    = aws_route53_zone.cluster_domain.zone_id
+## #   vpc_region = each.value
+## #   vpc_id     = var.main_dns_vpcs[each.value]
+## # }
+## 
+## resource "aws_route53_vpc_association_authorization" "west_cluster_domain" {
+##   for_each   = local.aws_dns_infrastructure ? tomap({ "zone" = aws_route53_zone.cluster_domain }) : {}
+##   zone_id    = each.value.zone_id
+##   vpc_region = "us-gov-west-1"
+##   vpc_id     = var.main_dns_vpcs["us-gov-west-1"]
+## }
+## 
+## resource "aws_route53_vpc_association_authorization" "east_cluster_domain" {
+##   for_each   = local.aws_dns_infrastructure ? tomap({ "zone" = aws_route53_zone.cluster_domain }) : {}
+##   zone_id    = each.value.zone_id
+##   vpc_region = "us-gov-east-1"
+##   vpc_id     = var.main_dns_vpcs["us-gov-east-1"]
+## }
+## 
+## resource "aws_route53_zone_association" "west_cluster_domain" {
+##   provider = aws.west_main_dns
+##   for_each = local.aws_dns_infrastructure ? aws_route53_vpc_association_authorization.west_cluster_domain : {}
+## 
+##   zone_id    = each.value.zone_id
+##   vpc_id     = each.value.vpc_id
+##   vpc_region = each.value.vpc_region
+## }
+## 
+## resource "aws_route53_zone_association" "east_cluster_domain" {
+##   provider = aws.east_main_dns
+##   for_each = local.aws_dns_infrastructure ? aws_route53_vpc_association_authorization.east_cluster_domain : {}
+## 
+##   zone_id    = each.value.zone_id
+##   vpc_id     = each.value.vpc_id
+##   vpc_region = each.value.vpc_region
+## }
+## 
diff --git a/examples/full-cluster/irsa-roles/tf-run.data b/examples/full-cluster/irsa-roles/tf-run.data
@@ -1,8 +1,10 @@
-VERSION 1.1.0
+VERSION 1.1.1
 REMOTE-STATE
 COMMAND tf-directory-setup.py -l none -f
 COMMAND setup-new-directory.sh
 COMMAND tf-init -upgrade
+COMMAND ln -sf ../variables.vpc.tf .
+COMMAND ln -sf ../variables.vpc.auto.tfvars .
 ALL
 COMMAND tf-directory-setup.py -l s3