From c6057af0bf05e641f48439846223efe7acf06c70 Mon Sep 17 00:00:00 2001 From: ankitm123 Date: Thu, 3 Dec 2020 10:19:50 -0500 Subject: [PATCH] feat: add flags to control domain management Signed-off-by: ankitm123 --- README.md | 5 ++++- main.tf | 2 ++ modules/dns/main.tf | 6 +++--- modules/dns/outputs.tf | 4 ++++ modules/dns/variables.tf | 12 ++++++++++++ outputs.tf | 7 +++++++ variables.tf | 12 ++++++++++++ 7 files changed, 44 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 0ae6f44..1c5dedd 100644 --- a/README.md +++ b/README.md @@ -190,6 +190,8 @@ The following sections provide a full list of configuration in- and output varia | lt\_desired\_nodes\_per\_subnet | The number of worker nodes in each Subnet (AZ) if using Launch Templates | `number` | `1` | no | | lt\_max\_nodes\_per\_subnet | The maximum number of worker nodes in each Subnet (AZ) if using Launch Templates | `number` | `2` | no | | lt\_min\_nodes\_per\_subnet | The minimum number of worker nodes in each Subnet (AZ) if using Launch Templates | `number` | `1` | no | +| manage\_apex\_domain | Flag to control if apex domain should be managed/updated by this module. Set this to false,if your apex domain is managed in a different AWS account or different provider | `bool` | `true` | no | +| manage\_subdomain | Flag to control subdomain creation/management | `bool` | `true` | no | | map\_accounts | Additional AWS account numbers to add to the aws-auth configmap. | `list(string)` | `[]` | no | | map\_roles | Additional IAM roles to add to the aws-auth configmap. | 
list(object({
    rolearn  = string
    username = string
    groups   = list(string)
  }))
| `[]` | no | | map\_users | Additional IAM users to add to the aws-auth configmap. | 
list(object({
    userarn  = string
    username = string
    groups   = list(string)
  }))
| `[]` | no | @@ -239,12 +241,13 @@ The following sections provide a full list of configuration in- and output varia | lts\_logs\_bucket | The bucket where logs from builds will be stored | | lts\_reports\_bucket | The bucket where test reports will be stored | | lts\_repository\_bucket | The bucket that will serve as artifacts repository | +| subdomain\_nameservers | ---------------------------------------------------------------------------- DNS ---------------------------------------------------------------------------- | | tekton\_bot\_iam\_role | The IAM Role that the build pods will assume to authenticate | | vault\_dynamodb\_table | The Vault DynamoDB table | | vault\_kms\_unseal | The Vault KMS Key for encryption | | vault\_unseal\_bucket | The Vault storage bucket | | vault\_user\_id | The Vault IAM user id | -| vault\_user\_secret | The Vault IAM user secret | +| vault\_user\_secret | The Vault IAM user secret ### Cluster Autoscaling diff --git a/main.tf b/main.tf index 57a6e2c..8a434ec 100644 --- a/main.tf +++ b/main.tf @@ -114,6 +114,8 @@ module "dns" { create_and_configure_subdomain = var.create_and_configure_subdomain enable_tls = var.enable_tls production_letsencrypt = var.production_letsencrypt + manage_apex_domain = var.manage_apex_domain + manage_subdomain = var.manage_subdomain } module "health" { diff --git a/modules/dns/main.tf b/modules/dns/main.tf index 1dc45b0..64f6cae 100644 --- a/modules/dns/main.tf +++ b/modules/dns/main.tf @@ -5,17 +5,17 @@ // zone // ---------------------------------------------------------------------------- data "aws_route53_zone" "apex_domain_zone" { - count = var.create_and_configure_subdomain ? 1 : 0 + count = var.create_and_configure_subdomain && var.manage_apex_domain ? 1 : 0 name = "${var.apex_domain}." } resource "aws_route53_zone" "subdomain_zone" { - count = var.create_and_configure_subdomain ? 1 : 0 + count = var.create_and_configure_subdomain && var.manage_subdomain ? 1 : 0 name = join(".", [var.subdomain, var.apex_domain]) } resource "aws_route53_record" "subdomain_ns_delegation" { - count = var.create_and_configure_subdomain ? 1 : 0 + count = var.create_and_configure_subdomain && var.manage_apex_domain ? 1 : 0 zone_id = data.aws_route53_zone.apex_domain_zone[0].zone_id name = join(".", [var.subdomain, var.apex_domain]) type = "NS" diff --git a/modules/dns/outputs.tf b/modules/dns/outputs.tf index 0dec407..69cec55 100644 --- a/modules/dns/outputs.tf +++ b/modules/dns/outputs.tf @@ -1,3 +1,7 @@ output "domain" { value = trimprefix(join(".", [var.subdomain, var.apex_domain]), ".") } + +output "subdomain_nameservers" { + value = var.manage_subdomain && length(aws_route53_zone.subdomain_zone) > 0 ? aws_route53_zone.subdomain_zone[0].name_servers : [] +} diff --git a/modules/dns/variables.tf b/modules/dns/variables.tf index a7249f1..b3d1982 100644 --- a/modules/dns/variables.tf +++ b/modules/dns/variables.tf @@ -43,3 +43,15 @@ variable "is_jx2" { default = true type = bool } + +variable "manage_apex_domain" { + description = "Flag to control if apex domain should be managed/updated by this module. Set this to false,if your apex domain is managed in a different AWS account or different provider" + default = true + type = bool +} + +variable "manage_subdomain" { + description = "Flag to control subdomain creation/management" + default = true + type = bool +} diff --git a/outputs.tf b/outputs.tf index e95bd14..e4a3a3f 100644 --- a/outputs.tf +++ b/outputs.tf @@ -104,6 +104,13 @@ output "vault_user_secret" { description = "The Vault IAM user secret" } +// ---------------------------------------------------------------------------- +// DNS +// ---------------------------------------------------------------------------- +output "subdomain_nameservers" { + value = module.dns.subdomain_nameservers +} + // ---------------------------------------------------------------------------- // Connection string // ---------------------------------------------------------------------------- diff --git a/variables.tf b/variables.tf index 9f8cd8c..3d65039 100644 --- a/variables.tf +++ b/variables.tf @@ -493,3 +493,15 @@ variable "create_velero_role" { type = bool default = true } + +variable "manage_apex_domain" { + description = "Flag to control if apex domain should be managed/updated by this module. Set this to false,if your apex domain is managed in a different AWS account or different provider" + default = true + type = bool +} + +variable "manage_subdomain" { + description = "Flag to control subdomain creation/management" + default = true + type = bool +}