Merge pull request #7 from Snowflake-Labs/SNOW-780555-public-dns-decommission

sfc-gh-bkou · web-flow · commit 82a2741c6874 · 2023-05-11T16:49:16.000-07:00
SNOW-780555: Add option to use private dns zone for external traffic, i.e for VPN
diff --git a/helm_external_dns.tf b/helm_external_dns.tf
@@ -13,7 +13,7 @@ resource "helm_release" "external_dns" {
       "${path.module}/templates/external_dns_values.yaml",
       {
         aws_region                       = "${var.aws_region}",
-        aws_zone_type                    = "public",
+        aws_zone_type                    = "${var.aws_public_hosted_zone_type}",
         aws_public_hosted_zone           = "${local.public_hosted_zone_id}"
         external_dns_eks_service_account = "${aws_iam_role.external_dns_role[0].name}",
         aws_iam_role_external_dns        = "${aws_iam_role.external_dns_role[0].name}",
diff --git a/helm_external_dns_private.tf b/helm_external_dns_private.tf
@@ -13,6 +13,7 @@ resource "helm_release" "external_dns_private" {
       "${path.module}/templates/external_dns_private_values.yaml",
       {
         aws_region                       = "${var.aws_region}",
+        aws_zone_type                    = "${var.aws_private_hosted_zone_type}",
         aws_private_hosted_zone          = "${local.private_hosted_zone_id}",
         external_dns_eks_service_account = "${aws_iam_role.external_dns_private_role[0].name}",
         aws_iam_role_external_dns        = "${aws_iam_role.external_dns_private_role[0].name}",
diff --git a/templates/external_dns_private_values.yaml b/templates/external_dns_private_values.yaml
@@ -1,7 +1,7 @@
 provider: aws
 aws:
   region: ${aws_region}
-  zoneType: private
+  zoneType: ${aws_zone_type}
 sources:
   - service
   - ingress
diff --git a/templates/external_dns_values.yaml b/templates/external_dns_values.yaml
@@ -1,7 +1,7 @@
 provider: aws
 aws:
   region: ${aws_region}
-  zoneType: public
+  zoneType: ${aws_zone_type}
 sources:
   - service
   - ingress
diff --git a/variables.tf b/variables.tf
@@ -36,12 +36,25 @@ variable "aws_public_hosted_zone" {
   default     = null
 }
 
+variable "aws_public_hosted_zone_type" {
+  description = "Public hosted zone type - public or private."
+  type        = string
+  default     = "public"
+}
+
 variable "aws_private_hosted_zone" {
   description = "Private Hosted zone subdomain."
   type        = string
   default     = null
 }
 
+variable "aws_private_hosted_zone_type" {
+  description = "Private hosted zone type - public or private."
+  type        = string
+  default     = "private"
+}
+
+
 # Optional
 variable "arn_format" {
   type        = string

Original file line number	Diff line number	Diff line change
`@@ -13,7 +13,7 @@ resource "helm_release" "external_dns" {`
`13`	`13`	`"${path.module}/templates/external_dns_values.yaml",`
`14`	`14`	`{`
`15`	`15`	`aws_region = "${var.aws_region}",`
`16`		`- aws_zone_type = "public",`
	`16`	`+ aws_zone_type = "${var.aws_public_hosted_zone_type}",`
`17`	`17`	`aws_public_hosted_zone = "${local.public_hosted_zone_id}"`
`18`	`18`	`external_dns_eks_service_account = "${aws_iam_role.external_dns_role[0].name}",`
`19`	`19`	`aws_iam_role_external_dns = "${aws_iam_role.external_dns_role[0].name}",`
Original file line number	Diff line number	Diff line change
`@@ -13,6 +13,7 @@ resource "helm_release" "external_dns_private" {`
`13`	`13`	`"${path.module}/templates/external_dns_private_values.yaml",`
`14`	`14`	`{`
`15`	`15`	`aws_region = "${var.aws_region}",`
	`16`	`+ aws_zone_type = "${var.aws_private_hosted_zone_type}",`
`16`	`17`	`aws_private_hosted_zone = "${local.private_hosted_zone_id}",`
`17`	`18`	`external_dns_eks_service_account = "${aws_iam_role.external_dns_private_role[0].name}",`
`18`	`19`	`aws_iam_role_external_dns = "${aws_iam_role.external_dns_private_role[0].name}",`