From 2e4940771207d3a4a6896922f4567fb178d9c902 Mon Sep 17 00:00:00 2001 From: Thomas Cardin <49320132+ThomasCardin@users.noreply.github.com> Date: Mon, 19 Feb 2024 08:01:32 -0500 Subject: [PATCH] issue #36: Create DNS zone for inspection.alpha.canada.ca (#46) * issue #36: created DNS zone for inspection.alpha.canada.ca * issue #36: removed unused variables * issue #36: fixed terraform linting errors * issue #36: renamed versions.tf to providers.tf * issue #36: renamed versions.tf to providers.tf for every modules * issue #36: renamed wronf file * issue #36: added A records for the DNS zone * issue #36: deployed ingress nginx on the AKS cluster + folder structure * issue #36: fixed yaml linting errors * issue #36: fixed linting yaml error * issue #36: fixed linting yaml error * issue #36: fixed linting yaml error * issue #36: added tags for azurerm_dns_a_record --- .../system/ingress-nginx/ingress-nginx.yaml | 645 ++++++++++++++++++ .../{ => gke}/apps/demo/nginx-deployment.yml | 0 .../finesse-guidance-backend-deployment.yml | 0 .../finesse-guidance-frontend-deployment.yml | 0 .../finesse-guidance-ingress.yml | 0 .../finesse-guidance-namespace.yml | 0 .../finesse/finesse-backend-deployment.yml | 0 .../finesse/finesse-frontend-deployment.yml | 0 .../apps/finesse/finesse-ingress.yml | 0 .../apps/finesse/finesse-namespace.yml | 0 .../apps/nachet/nachet-backend-deployment.yml | 0 .../nachet/nachet-frontend-deployment.yml | 0 .../{ => gke}/apps/nachet/nachet-ingress.yml | 0 .../apps/nachet/nachet-namespace.yml | 0 .../system/cert-manager/cert-manager.yml | 0 .../{ => gke}/system/cert-manager/issuer.yml | 0 .../system/ingress-nginx/ingress-nginx.yml | 0 .../kube-prometheus-stack.yml | 0 .../kube-prometheus-stack/namespace.yml | 0 .../{ => gke}/system/vault/namespace.yml | 0 kubernetes/{ => gke}/system/vault/vault.yml | 0 terraform/modules/azure-dns/dns.tf | 20 + terraform/modules/azure-dns/providers.tf | 11 + terraform/modules/azure-dns/variables.tf | 29 + terraform/staging/main.tf | 12 + terraform/staging/variables.tf | 20 + 26 files changed, 737 insertions(+) create mode 100644 kubernetes/aks/system/ingress-nginx/ingress-nginx.yaml rename kubernetes/{ => gke}/apps/demo/nginx-deployment.yml (100%) rename kubernetes/{ => gke}/apps/finesse-guidance/finesse-guidance-backend-deployment.yml (100%) rename kubernetes/{ => gke}/apps/finesse-guidance/finesse-guidance-frontend-deployment.yml (100%) rename kubernetes/{ => gke}/apps/finesse-guidance/finesse-guidance-ingress.yml (100%) rename kubernetes/{ => gke}/apps/finesse-guidance/finesse-guidance-namespace.yml (100%) rename kubernetes/{ => gke}/apps/finesse/finesse-backend-deployment.yml (100%) rename kubernetes/{ => gke}/apps/finesse/finesse-frontend-deployment.yml (100%) rename kubernetes/{ => gke}/apps/finesse/finesse-ingress.yml (100%) rename kubernetes/{ => gke}/apps/finesse/finesse-namespace.yml (100%) rename kubernetes/{ => gke}/apps/nachet/nachet-backend-deployment.yml (100%) rename kubernetes/{ => gke}/apps/nachet/nachet-frontend-deployment.yml (100%) rename kubernetes/{ => gke}/apps/nachet/nachet-ingress.yml (100%) rename kubernetes/{ => gke}/apps/nachet/nachet-namespace.yml (100%) rename kubernetes/{ => gke}/system/cert-manager/cert-manager.yml (100%) rename kubernetes/{ => gke}/system/cert-manager/issuer.yml (100%) rename kubernetes/{ => gke}/system/ingress-nginx/ingress-nginx.yml (100%) rename kubernetes/{ => gke}/system/kube-prometheus-stack/kube-prometheus-stack.yml (100%) rename kubernetes/{ => gke}/system/kube-prometheus-stack/namespace.yml (100%) rename kubernetes/{ => gke}/system/vault/namespace.yml (100%) rename kubernetes/{ => gke}/system/vault/vault.yml (100%) create mode 100644 terraform/modules/azure-dns/dns.tf create mode 100644 terraform/modules/azure-dns/providers.tf create mode 100644 terraform/modules/azure-dns/variables.tf diff --git a/kubernetes/aks/system/ingress-nginx/ingress-nginx.yaml b/kubernetes/aks/system/ingress-nginx/ingress-nginx.yaml new file mode 100644 index 00000000..6adf633d --- /dev/null +++ b/kubernetes/aks/system/ingress-nginx/ingress-nginx.yaml @@ -0,0 +1,645 @@ +apiVersion: v1 +kind: Namespace +metadata: + labels: + app.kubernetes.io/instance: ingress-nginx + app.kubernetes.io/name: ingress-nginx + name: ingress-nginx +--- +apiVersion: v1 +automountServiceAccountToken: true +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: ingress-nginx + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/version: 1.8.1 + name: ingress-nginx + namespace: ingress-nginx +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: admission-webhook + app.kubernetes.io/instance: ingress-nginx + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/version: 1.8.1 + name: ingress-nginx-admission + namespace: ingress-nginx +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: ingress-nginx + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/version: 1.8.1 + name: ingress-nginx + namespace: ingress-nginx +rules: + - apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - apiGroups: + - "" + resources: + - configmaps + - pods + - secrets + - endpoints + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses/status + verbs: + - update + - apiGroups: + - networking.k8s.io + resources: + - ingressclasses + verbs: + - get + - list + - watch + - apiGroups: + - coordination.k8s.io + resourceNames: + - ingress-nginx-leader + resources: + - leases + verbs: + - get + - update + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - list + - watch + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/component: admission-webhook + app.kubernetes.io/instance: ingress-nginx + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/version: 1.8.1 + name: ingress-nginx-admission + namespace: ingress-nginx +rules: + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - create +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/instance: ingress-nginx + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/version: 1.8.1 + name: ingress-nginx +rules: + - apiGroups: + - "" + resources: + - configmaps + - endpoints + - nodes + - pods + - secrets + - namespaces + verbs: + - list + - watch + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - list + - watch + - apiGroups: + - "" + resources: + - nodes + verbs: + - get + - apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - apiGroups: + - networking.k8s.io + resources: + - ingresses/status + verbs: + - update + - apiGroups: + - networking.k8s.io + resources: + - ingressclasses + verbs: + - get + - list + - watch + - apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - list + - watch + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/component: admission-webhook + app.kubernetes.io/instance: ingress-nginx + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/version: 1.8.1 + name: ingress-nginx-admission +rules: + - apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + verbs: + - get + - update +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: ingress-nginx + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/version: 1.8.1 + name: ingress-nginx + namespace: ingress-nginx +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: ingress-nginx +subjects: + - kind: ServiceAccount + name: ingress-nginx + namespace: ingress-nginx +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/component: admission-webhook + app.kubernetes.io/instance: ingress-nginx + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/version: 1.8.1 + name: ingress-nginx-admission + namespace: ingress-nginx +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: ingress-nginx-admission +subjects: + - kind: ServiceAccount + name: ingress-nginx-admission + namespace: ingress-nginx +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/instance: ingress-nginx + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/version: 1.8.1 + name: ingress-nginx +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: ingress-nginx +subjects: + - kind: ServiceAccount + name: ingress-nginx + namespace: ingress-nginx +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/component: admission-webhook + app.kubernetes.io/instance: ingress-nginx + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/version: 1.8.1 + name: ingress-nginx-admission +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: ingress-nginx-admission +subjects: + - kind: ServiceAccount + name: ingress-nginx-admission + namespace: ingress-nginx +--- +apiVersion: v1 +data: + allow-snippet-annotations: "true" +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: ingress-nginx + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/version: 1.8.1 + name: ingress-nginx-controller + namespace: ingress-nginx +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: ingress-nginx + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/version: 1.8.1 + name: ingress-nginx-controller + namespace: ingress-nginx +spec: + externalTrafficPolicy: Local + ipFamilies: + - IPv4 + ipFamilyPolicy: SingleStack + ports: + - appProtocol: http + name: http + port: 80 + protocol: TCP + targetPort: http + - appProtocol: https + name: https + port: 443 + protocol: TCP + targetPort: https + selector: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: ingress-nginx + app.kubernetes.io/name: ingress-nginx + type: LoadBalancer +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: ingress-nginx + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/version: 1.8.1 + name: ingress-nginx-controller-admission + namespace: ingress-nginx +spec: + ports: + - appProtocol: https + name: https-webhook + port: 443 + targetPort: webhook + selector: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: ingress-nginx + app.kubernetes.io/name: ingress-nginx + type: ClusterIP +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: ingress-nginx + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/version: 1.8.1 + name: ingress-nginx-controller + namespace: ingress-nginx +spec: + minReadySeconds: 0 + revisionHistoryLimit: 10 + selector: + matchLabels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: ingress-nginx + app.kubernetes.io/name: ingress-nginx + template: + metadata: + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: ingress-nginx + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/version: 1.8.1 + spec: + containers: + - args: + - /nginx-ingress-controller + - --publish-service=$(POD_NAMESPACE)/ingress-nginx-controller + - --election-id=ingress-nginx-leader + - --controller-class=k8s.io/ingress-nginx + - --ingress-class=nginx + - --configmap=$(POD_NAMESPACE)/ingress-nginx-controller + - --validating-webhook=:8443 + - --validating-webhook-certificate=/usr/local/certificates/cert + - --validating-webhook-key=/usr/local/certificates/key + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: LD_PRELOAD + value: /usr/local/lib/libmimalloc.so + image: registry.k8s.io/ingress-nginx/controller:v1.8.1@sha256:e5c4824e7375fcf2a393e1c03c293b69759af37a9ca6abdb91b13d78a93da8bd + imagePullPolicy: IfNotPresent + lifecycle: + preStop: + exec: + command: + - /wait-shutdown + livenessProbe: + failureThreshold: 5 + httpGet: + path: /healthz + port: 10254 + scheme: HTTP + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + name: controller + ports: + - containerPort: 80 + name: http + protocol: TCP + - containerPort: 443 + name: https + protocol: TCP + - containerPort: 8443 + name: webhook + protocol: TCP + readinessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: 10254 + scheme: HTTP + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + resources: + requests: + cpu: 100m + memory: 90Mi + securityContext: + allowPrivilegeEscalation: true + capabilities: + add: + - NET_BIND_SERVICE + drop: + - ALL + runAsUser: 101 + volumeMounts: + - mountPath: /usr/local/certificates/ + name: webhook-cert + readOnly: true + dnsPolicy: ClusterFirst + nodeSelector: + kubernetes.io/os: linux + serviceAccountName: ingress-nginx + terminationGracePeriodSeconds: 300 + volumes: + - name: webhook-cert + secret: + secretName: ingress-nginx-admission +--- +apiVersion: batch/v1 +kind: Job +metadata: + labels: + app.kubernetes.io/component: admission-webhook + app.kubernetes.io/instance: ingress-nginx + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/version: 1.8.1 + name: ingress-nginx-admission-create + namespace: ingress-nginx +spec: + template: + metadata: + labels: + app.kubernetes.io/component: admission-webhook + app.kubernetes.io/instance: ingress-nginx + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/version: 1.8.1 + name: ingress-nginx-admission-create + spec: + containers: + - args: + - create + - --host=ingress-nginx-controller-admission,ingress-nginx-controller-admission.$(POD_NAMESPACE).svc + - --namespace=$(POD_NAMESPACE) + - --secret-name=ingress-nginx-admission + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20230407@sha256:543c40fd093964bc9ab509d3e791f9989963021f1e9e4c9c7b6700b02bfb227b + imagePullPolicy: IfNotPresent + name: create + securityContext: + allowPrivilegeEscalation: false + nodeSelector: + kubernetes.io/os: linux + restartPolicy: OnFailure + securityContext: + fsGroup: 2000 + runAsNonRoot: true + runAsUser: 2000 + serviceAccountName: ingress-nginx-admission +--- +apiVersion: batch/v1 +kind: Job +metadata: + labels: + app.kubernetes.io/component: admission-webhook + app.kubernetes.io/instance: ingress-nginx + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/version: 1.8.1 + name: ingress-nginx-admission-patch + namespace: ingress-nginx +spec: + template: + metadata: + labels: + app.kubernetes.io/component: admission-webhook + app.kubernetes.io/instance: ingress-nginx + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/version: 1.8.1 + name: ingress-nginx-admission-patch + spec: + containers: + - args: + - patch + - --webhook-name=ingress-nginx-admission + - --namespace=$(POD_NAMESPACE) + - --patch-mutating=false + - --secret-name=ingress-nginx-admission + - --patch-failure-policy=Fail + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20230407@sha256:543c40fd093964bc9ab509d3e791f9989963021f1e9e4c9c7b6700b02bfb227b + imagePullPolicy: IfNotPresent + name: patch + securityContext: + allowPrivilegeEscalation: false + nodeSelector: + kubernetes.io/os: linux + restartPolicy: OnFailure + securityContext: + fsGroup: 2000 + runAsNonRoot: true + runAsUser: 2000 + serviceAccountName: ingress-nginx-admission +--- +apiVersion: networking.k8s.io/v1 +kind: IngressClass +metadata: + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: ingress-nginx + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/version: 1.8.1 + name: nginx +spec: + controller: k8s.io/ingress-nginx +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + labels: + app.kubernetes.io/component: admission-webhook + app.kubernetes.io/instance: ingress-nginx + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/version: 1.8.1 + name: ingress-nginx-admission +webhooks: + - admissionReviewVersions: + - v1 + clientConfig: + service: + name: ingress-nginx-controller-admission + namespace: ingress-nginx + path: /networking/v1/ingresses + failurePolicy: Fail + matchPolicy: Equivalent + name: validate.nginx.ingress.kubernetes.io + rules: + - apiGroups: + - networking.k8s.io + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - ingresses + sideEffects: None diff --git a/kubernetes/apps/demo/nginx-deployment.yml b/kubernetes/gke/apps/demo/nginx-deployment.yml similarity index 100% rename from kubernetes/apps/demo/nginx-deployment.yml rename to kubernetes/gke/apps/demo/nginx-deployment.yml diff --git a/kubernetes/apps/finesse-guidance/finesse-guidance-backend-deployment.yml b/kubernetes/gke/apps/finesse-guidance/finesse-guidance-backend-deployment.yml similarity index 100% rename from kubernetes/apps/finesse-guidance/finesse-guidance-backend-deployment.yml rename to kubernetes/gke/apps/finesse-guidance/finesse-guidance-backend-deployment.yml diff --git a/kubernetes/apps/finesse-guidance/finesse-guidance-frontend-deployment.yml b/kubernetes/gke/apps/finesse-guidance/finesse-guidance-frontend-deployment.yml similarity index 100% rename from kubernetes/apps/finesse-guidance/finesse-guidance-frontend-deployment.yml rename to kubernetes/gke/apps/finesse-guidance/finesse-guidance-frontend-deployment.yml diff --git a/kubernetes/apps/finesse-guidance/finesse-guidance-ingress.yml b/kubernetes/gke/apps/finesse-guidance/finesse-guidance-ingress.yml similarity index 100% rename from kubernetes/apps/finesse-guidance/finesse-guidance-ingress.yml rename to kubernetes/gke/apps/finesse-guidance/finesse-guidance-ingress.yml diff --git a/kubernetes/apps/finesse-guidance/finesse-guidance-namespace.yml b/kubernetes/gke/apps/finesse-guidance/finesse-guidance-namespace.yml similarity index 100% rename from kubernetes/apps/finesse-guidance/finesse-guidance-namespace.yml rename to kubernetes/gke/apps/finesse-guidance/finesse-guidance-namespace.yml diff --git a/kubernetes/apps/finesse/finesse-backend-deployment.yml b/kubernetes/gke/apps/finesse/finesse-backend-deployment.yml similarity index 100% rename from kubernetes/apps/finesse/finesse-backend-deployment.yml rename to kubernetes/gke/apps/finesse/finesse-backend-deployment.yml diff --git a/kubernetes/apps/finesse/finesse-frontend-deployment.yml b/kubernetes/gke/apps/finesse/finesse-frontend-deployment.yml similarity index 100% rename from kubernetes/apps/finesse/finesse-frontend-deployment.yml rename to kubernetes/gke/apps/finesse/finesse-frontend-deployment.yml diff --git a/kubernetes/apps/finesse/finesse-ingress.yml b/kubernetes/gke/apps/finesse/finesse-ingress.yml similarity index 100% rename from kubernetes/apps/finesse/finesse-ingress.yml rename to kubernetes/gke/apps/finesse/finesse-ingress.yml diff --git a/kubernetes/apps/finesse/finesse-namespace.yml b/kubernetes/gke/apps/finesse/finesse-namespace.yml similarity index 100% rename from kubernetes/apps/finesse/finesse-namespace.yml rename to kubernetes/gke/apps/finesse/finesse-namespace.yml diff --git a/kubernetes/apps/nachet/nachet-backend-deployment.yml b/kubernetes/gke/apps/nachet/nachet-backend-deployment.yml similarity index 100% rename from kubernetes/apps/nachet/nachet-backend-deployment.yml rename to kubernetes/gke/apps/nachet/nachet-backend-deployment.yml diff --git a/kubernetes/apps/nachet/nachet-frontend-deployment.yml b/kubernetes/gke/apps/nachet/nachet-frontend-deployment.yml similarity index 100% rename from kubernetes/apps/nachet/nachet-frontend-deployment.yml rename to kubernetes/gke/apps/nachet/nachet-frontend-deployment.yml diff --git a/kubernetes/apps/nachet/nachet-ingress.yml b/kubernetes/gke/apps/nachet/nachet-ingress.yml similarity index 100% rename from kubernetes/apps/nachet/nachet-ingress.yml rename to kubernetes/gke/apps/nachet/nachet-ingress.yml diff --git a/kubernetes/apps/nachet/nachet-namespace.yml b/kubernetes/gke/apps/nachet/nachet-namespace.yml similarity index 100% rename from kubernetes/apps/nachet/nachet-namespace.yml rename to kubernetes/gke/apps/nachet/nachet-namespace.yml diff --git a/kubernetes/system/cert-manager/cert-manager.yml b/kubernetes/gke/system/cert-manager/cert-manager.yml similarity index 100% rename from kubernetes/system/cert-manager/cert-manager.yml rename to kubernetes/gke/system/cert-manager/cert-manager.yml diff --git a/kubernetes/system/cert-manager/issuer.yml b/kubernetes/gke/system/cert-manager/issuer.yml similarity index 100% rename from kubernetes/system/cert-manager/issuer.yml rename to kubernetes/gke/system/cert-manager/issuer.yml diff --git a/kubernetes/system/ingress-nginx/ingress-nginx.yml b/kubernetes/gke/system/ingress-nginx/ingress-nginx.yml similarity index 100% rename from kubernetes/system/ingress-nginx/ingress-nginx.yml rename to kubernetes/gke/system/ingress-nginx/ingress-nginx.yml diff --git a/kubernetes/system/kube-prometheus-stack/kube-prometheus-stack.yml b/kubernetes/gke/system/kube-prometheus-stack/kube-prometheus-stack.yml similarity index 100% rename from kubernetes/system/kube-prometheus-stack/kube-prometheus-stack.yml rename to kubernetes/gke/system/kube-prometheus-stack/kube-prometheus-stack.yml diff --git a/kubernetes/system/kube-prometheus-stack/namespace.yml b/kubernetes/gke/system/kube-prometheus-stack/namespace.yml similarity index 100% rename from kubernetes/system/kube-prometheus-stack/namespace.yml rename to kubernetes/gke/system/kube-prometheus-stack/namespace.yml diff --git a/kubernetes/system/vault/namespace.yml b/kubernetes/gke/system/vault/namespace.yml similarity index 100% rename from kubernetes/system/vault/namespace.yml rename to kubernetes/gke/system/vault/namespace.yml diff --git a/kubernetes/system/vault/vault.yml b/kubernetes/gke/system/vault/vault.yml similarity index 100% rename from kubernetes/system/vault/vault.yml rename to kubernetes/gke/system/vault/vault.yml diff --git a/terraform/modules/azure-dns/dns.tf b/terraform/modules/azure-dns/dns.tf new file mode 100644 index 00000000..1f36d537 --- /dev/null +++ b/terraform/modules/azure-dns/dns.tf @@ -0,0 +1,20 @@ +resource "azurerm_dns_zone" "dns_zone" { + name = var.dns_zone_name + resource_group_name = var.rg_name + + soa_record { + email = var.soa_record_tech_contact_email + } + + tags = var.tags +} + +resource "azurerm_dns_a_record" "dns_zone_a_record" { + name = var.dns_a_record_name + zone_name = azurerm_dns_zone.dns_zone.name + resource_group_name = var.rg_name + ttl = 300 + records = var.dns_a_records + + tags = var.tags +} diff --git a/terraform/modules/azure-dns/providers.tf b/terraform/modules/azure-dns/providers.tf new file mode 100644 index 00000000..067f2647 --- /dev/null +++ b/terraform/modules/azure-dns/providers.tf @@ -0,0 +1,11 @@ +terraform { + + required_version = ">= 1.7.2" + + required_providers { + azurerm = { + source = "hashicorp/azurerm" + version = "~> 3.25" + } + } +} diff --git a/terraform/modules/azure-dns/variables.tf b/terraform/modules/azure-dns/variables.tf new file mode 100644 index 00000000..a4c637ef --- /dev/null +++ b/terraform/modules/azure-dns/variables.tf @@ -0,0 +1,29 @@ +variable "rg_name" { + description = "Name of the resource group" + type = string +} + +variable "dns_zone_name" { + description = "azurerm_dns_zone name" + type = string +} + +variable "tags" { + description = "(Optional) A mapping of tags to assign to the resource." + type = map(string) +} + +variable "soa_record_tech_contact_email" { + description = "SOA Record tech contact email" + type = string +} + +variable "dns_a_record_name" { + description = "DNS A Record name" + type = string +} + +variable "dns_a_records" { + description = "DNS A records list" + type = list(string) +} diff --git a/terraform/staging/main.tf b/terraform/staging/main.tf index de4247b9..81e3024a 100644 --- a/terraform/staging/main.tf +++ b/terraform/staging/main.tf @@ -60,6 +60,18 @@ module "cluster-network-0" { # # .. # } +module "azure-dns-staging" { + source = "../modules/azure-dns" + + rg_name = azurerm_resource_group.rg.name + + dns_zone_name = var.dns_zone_name + dns_a_record_name = var.dns_a_record_name + dns_a_records = var.dns_a_records + + tags = var.tags + soa_record_tech_contact_email = var.soa_record_tech_contact_email +} module "aks-cluster-0" { diff --git a/terraform/staging/variables.tf b/terraform/staging/variables.tf index 054a1207..4caa38ca 100644 --- a/terraform/staging/variables.tf +++ b/terraform/staging/variables.tf @@ -149,6 +149,26 @@ variable "aks_admin_group_object_ids" { type = list(string) } +variable "soa_record_tech_contact_email" { + description = "SOA Record tech contact email" + type = string +} + +variable "dns_zone_name" { + description = "azurerm_dns_zone name" + type = string +} + +variable "dns_a_record_name" { + description = "DNS A Record name" + type = string +} + +variable "dns_a_records" { + description = "DNS A records list" + type = list(string) +} + # variable "ad_groups" { # description = "ad groups to be used in aks rolebindings" # type = list(string)