feat: add flags to control domain management

Signed-off-by: ankitm123 <[email protected]>
jenkins-x · Dec 3, 2020 · c6057af · c6057af
1 parent 2971380
commit c6057af
Show file tree

Hide file tree

Showing 7 changed files with 44 additions and 4 deletions.
diff --git a/README.md b/README.md
@@ -190,6 +190,8 @@ The following sections provide a full list of configuration in- and output varia
 | lt\_desired\_nodes\_per\_subnet | The number of worker nodes in each Subnet (AZ) if using Launch Templates | `number` | `1` | no |
 | lt\_max\_nodes\_per\_subnet | The maximum number of worker nodes in each Subnet (AZ) if using Launch Templates | `number` | `2` | no |
 | lt\_min\_nodes\_per\_subnet | The minimum number of worker nodes in each Subnet (AZ) if using Launch Templates | `number` | `1` | no |
+| manage\_apex\_domain | Flag to control if apex domain should be managed/updated by this module. Set this to false,if your apex domain is managed in a different AWS account or different provider | `bool` | `true` | no |
+| manage\_subdomain | Flag to control subdomain creation/management | `bool` | `true` | no |
 | map\_accounts | Additional AWS account numbers to add to the aws-auth configmap. | `list(string)` | `[]` | no |
 | map\_roles | Additional IAM roles to add to the aws-auth configmap. | <pre>list(object({<br>    rolearn  = string<br>    username = string<br>    groups   = list(string)<br>  }))</pre> | `[]` | no |
 | map\_users | Additional IAM users to add to the aws-auth configmap. | <pre>list(object({<br>    userarn  = string<br>    username = string<br>    groups   = list(string)<br>  }))</pre> | `[]` | no |
@@ -239,12 +241,13 @@ The following sections provide a full list of configuration in- and output varia
 | lts\_logs\_bucket | The bucket where logs from builds will be stored |
 | lts\_reports\_bucket | The bucket where test reports will be stored |
 | lts\_repository\_bucket | The bucket that will serve as artifacts repository |
+| subdomain\_nameservers | ---------------------------------------------------------------------------- DNS ---------------------------------------------------------------------------- |
 | tekton\_bot\_iam\_role | The IAM Role that the build pods will assume to authenticate |
 | vault\_dynamodb\_table | The Vault DynamoDB table |
 | vault\_kms\_unseal | The Vault KMS Key for encryption |
 | vault\_unseal\_bucket | The Vault storage bucket |
 | vault\_user\_id | The Vault IAM user id |
-| vault\_user\_secret | The Vault IAM user secret |
+| vault\_user\_secret | The Vault IAM user secret 
 
 ### Cluster Autoscaling
 

diff --git a/main.tf b/main.tf
@@ -114,6 +114,8 @@ module "dns" {
   create_and_configure_subdomain = var.create_and_configure_subdomain
   enable_tls                     = var.enable_tls
   production_letsencrypt         = var.production_letsencrypt
+  manage_apex_domain             = var.manage_apex_domain
+  manage_subdomain               = var.manage_subdomain
 }
 
 module "health" {

diff --git a/modules/dns/main.tf b/modules/dns/main.tf
@@ -5,17 +5,17 @@
 // zone
 // ----------------------------------------------------------------------------
 data "aws_route53_zone" "apex_domain_zone" {
-  count = var.create_and_configure_subdomain ? 1 : 0
+  count = var.create_and_configure_subdomain && var.manage_apex_domain ? 1 : 0
   name  = "${var.apex_domain}."
 }
 
 resource "aws_route53_zone" "subdomain_zone" {
-  count = var.create_and_configure_subdomain ? 1 : 0
+  count = var.create_and_configure_subdomain && var.manage_subdomain ? 1 : 0
   name  = join(".", [var.subdomain, var.apex_domain])
 }
 
 resource "aws_route53_record" "subdomain_ns_delegation" {
-  count   = var.create_and_configure_subdomain ? 1 : 0
+  count   = var.create_and_configure_subdomain && var.manage_apex_domain ? 1 : 0
   zone_id = data.aws_route53_zone.apex_domain_zone[0].zone_id
   name    = join(".", [var.subdomain, var.apex_domain])
   type    = "NS"

diff --git a/modules/dns/outputs.tf b/modules/dns/outputs.tf
@@ -1,3 +1,7 @@
 output "domain" {
   value = trimprefix(join(".", [var.subdomain, var.apex_domain]), ".")
 }
+
+output "subdomain_nameservers" {
+  value = var.manage_subdomain && length(aws_route53_zone.subdomain_zone) > 0 ? aws_route53_zone.subdomain_zone[0].name_servers : []
+}
diff --git a/modules/dns/variables.tf b/modules/dns/variables.tf
@@ -43,3 +43,15 @@ variable "is_jx2" {
   default = true
   type    = bool
 }
+
+variable "manage_apex_domain" {
+  description = "Flag to control if apex domain should be managed/updated by this module. Set this to false,if your apex domain is managed in a different AWS account or different provider"
+  default     = true
+  type        = bool
+}
+
+variable "manage_subdomain" {
+  description = "Flag to control subdomain creation/management"
+  default     = true
+  type        = bool
+}
diff --git a/outputs.tf b/outputs.tf
@@ -104,6 +104,13 @@ output "vault_user_secret" {
   description = "The Vault IAM user secret"
 }
 
+// ----------------------------------------------------------------------------
+// DNS
+// ----------------------------------------------------------------------------
+output "subdomain_nameservers" {
+  value = module.dns.subdomain_nameservers
+}
+
 // ----------------------------------------------------------------------------
 // Connection string
 // ----------------------------------------------------------------------------

diff --git a/variables.tf b/variables.tf
@@ -493,3 +493,15 @@ variable "create_velero_role" {
   type        = bool
   default     = true
 }
+
+variable "manage_apex_domain" {
+  description = "Flag to control if apex domain should be managed/updated by this module. Set this to false,if your apex domain is managed in a different AWS account or different provider"
+  default     = true
+  type        = bool
+}
+
+variable "manage_subdomain" {
+  description = "Flag to control subdomain creation/management"
+  default     = true
+  type        = bool
+}