Skip to content

Commit

Permalink
add dns-zone for dmz
Browse files Browse the repository at this point in the history
  • Loading branch information
@badra001
badra001 committed Mar 18, 2024
1 parent f88812f commit df53ebe
Showing 1 changed file with 179 additions and 0 deletions.
179 changes: 179 additions & 0 deletions examples/full-cluster-tf-upgrade/1.29/dns-zone.tf.dmz
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,179 @@
locals {
vpc_domain_name = coalesce(var.domain, var.vpc_domain_name)
cluster_domain_name = format("%v.%v", var.cluster_name, local.vpc_domain_name)
cluster_domain_description = format("%v EKS Cluster DNS Zone", var.cluster_name)
}

#---
# dmz network prod
#---
provider "aws" {
alias = "route53_main_dmz_east"
profile = var.profile
region = var.region_map["east"]
assume_role {
role_arn = format("arn:%v:iam::%v:role/r-inf-terraform-route53", data.aws_arn.current.partition, var.route53_endpoints["route53_main_dmz"].account_id)
session_name = var.os_username
}
}

provider "aws" {
alias = "route53_main_dmz_west"
profile = var.profile
region = var.region_map["west"]
assume_role {
role_arn = format("arn:%v:iam::%v:role/r-inf-terraform-route53", data.aws_arn.current.partition, var.route53_endpoints["route53_main_dmz"].account_id)
session_name = var.os_username
}
}

#---
# dummy vpc, so we can associate the zone to this account
#---
data "aws_vpc" "dummy_vpc" {
count = ! (var.shared_vpc_label == null || var.shared_vpc_label == "") ? 1 : 0
filter {
name = "tag:Name"
values = ["vpc0-dummy"]
}
}

resource "aws_route53_zone" "cluster_domain" {
name = local.cluster_domain_name
comment = local.cluster_domain_description
force_destroy = false

vpc {
vpc_id = ! (var.shared_vpc_label == null || var.shared_vpc_label == "") ? try(data.aws_vpc.dummy_vpc[0].id, null) : data.aws_vpc.eks_vpc.id
vpc_region = local.region
}

lifecycle {
ignore_changes = [vpc]
precondition {
condition = (var.shared_vpc_label == null || var.shared_vpc_label == "") || (! (var.shared_vpc_label == null || var.shared_vpc_label == "") && ! (var.domain == null || var.domain == ""))
error_message = "var.domain must be provided when shared VPCs are in use."
}
}

tags = merge(
local.base_tags,
local.common_tags,
var.tags,
var.application_tags,
{ "Name" = local.cluster_domain_name },
)
}

#---
# need to also associate with network-prod account and this vpc
#---
module "route53_cluster_domain_east" {
count = local.region == "us-gov-east-1" && ! (var.shared_vpc_label == null || var.shared_vpc_label == "") ? 1 : 0
providers = {
aws.self = aws
aws.peer = aws.route53_main_dmz_east
}

source = "git@github.e.it.census.gov:terraform-modules/aws-vpc-setup.git//route53-zone-association/zone?ref=tf-upgrade"
region = "us-gov-east-1"
vpc_id = data.aws_vpc.eks_vpc.id
zone_ids = [aws_route53_zone.cluster_domain.zone_id]

tags = merge(
local.common_tags,
var.application_tags,
)
}

module "route53_cluster_domain_west" {
count = local.region == "us-gov-west-1" && ! (var.shared_vpc_label == null || var.shared_vpc_label == "") ? 1 : 0
providers = {
aws.self = aws
aws.peer = aws.route53_main_dmz_west
}

source = "git@github.e.it.census.gov:terraform-modules/aws-vpc-setup.git//route53-zone-association/zone?ref=tf-upgrade"
region = "us-gov-west-1"
vpc_id = data.aws_vpc.eks_vpc.id
zone_ids = [aws_route53_zone.cluster_domain.zone_id]

tags = merge(
local.common_tags,
var.application_tags,
)
}


## # now we need to add the NS records for the new zone to the parent zone
## data "aws_route53_zone" "parent" {
## name = var.vpc_domain_name
## private_zone = true
## }
##
## resource "aws_route53_record" "cluster_domain" {
## allow_overwrite = true
## name = local.cluster_domain_name
## type = "NS"
## ttl = 900
## zone_id = data.aws_route53_zone.parent.zone_id
##
## records = aws_route53_zone.cluster_domain.name_servers
## }

output "cluster_domain_name" {
description = "DNS Zone Name"
value = local.cluster_domain_name
}

output "cluster_domain_id" {
description = "DNS Zone ID"
value = aws_route53_zone.cluster_domain.zone_id
}

output "cluster_domain_ns" {
description = "DNS Zone Nameservers"
value = aws_route53_zone.cluster_domain.name_servers
}

#---
# associate to main do2-govcloud vpc1-services east and west for inbound resolution
# and to vpc7-endpoints in network prod
#---

#---
# dmz network prod
#---
module "route53_main_east" {
providers = {
aws.self = aws
aws.peer = aws.route53_main_dmz_east
}

source = "git@github.e.it.census.gov:terraform-modules/aws-vpc-setup.git//route53-zone-association/zone?ref=tf-upgrade"
region = "us-gov-east-1"
vpc_id = var.route53_endpoints["route53_main_dmz"]["us-gov-east-1"]
zone_ids = [aws_route53_zone.cluster_domain.zone_id]

tags = merge(
local.common_tags,
var.application_tags,
)
}

module "route53_main_west" {
providers = {
aws.self = aws
aws.peer = aws.route53_main_dmz_west
}

source = "git@github.e.it.census.gov:terraform-modules/aws-vpc-setup.git//route53-zone-association/zone?ref=tf-upgrade"
region = "us-gov-west-1"
vpc_id = var.route53_endpoints["route53_main_dmz"]["us-gov-west-1"]
zone_ids = [aws_route53_zone.cluster_domain.zone_id]

tags = merge(
local.common_tags,
var.application_tags,
)
}

0 comments on commit df53ebe

Please sign in to comment.