-
Notifications
You must be signed in to change notification settings - Fork 140
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
3 changed files
with
136 additions
and
0 deletions.
There are no files selected for viewing
11 changes: 11 additions & 0 deletions
11
terraform-modules/aws/helm/external-dns/helm_values.tpl.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,11 @@ | ||
| --- | ||
| serviceAccount: | ||
| # Specifies whether a service account should be created | ||
| create: true | ||
| # Annotations to add to the service account | ||
| annotations: | ||
| # This value should match the ARN of the role created by module.iam_assumable_role_admin in irsa.tf | ||
| eks.amazonaws.com/role-arn: "arn:aws:iam::${awsAccountID}:role/${chartName}-${clusterName}" | ||
| # The name of the service account to use. | ||
| # If not set and create is true, a name is generated using the fullname template | ||
| name: ${serviceAccountName} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,76 @@ | ||
| locals { | ||
| helm_repository = "https://kubernetes-sigs.github.io/external-dns/" | ||
| official_chart_name = "external-dns" | ||
| } | ||
| module "iam_assumable_role_admin" { | ||
| source = "terraform-aws-modules/iam/aws//modules/iam-assumable-role-with-oidc" | ||
| version = "3.6.0" | ||
| create_role = true | ||
| role_name = "${local.official_chart_name}-${var.cluster_name}" | ||
| provider_url = replace(var.eks_cluster_oidc_issuer_url, "https://", "") | ||
| role_policy_arns = [aws_iam_policy.iam_policy.arn] | ||
| oidc_fully_qualified_subjects = ["system:serviceaccount:${var.k8s_namespace}:${local.official_chart_name}"] | ||
| } | ||
|
|
||
| resource "aws_iam_policy" "iam_policy" { | ||
| name_prefix = "${local.official_chart_name}-${var.cluster_name}" | ||
| description = "EKS ${local.official_chart_name} policy for cluster ${var.eks_cluster_id}" | ||
| policy = data.aws_iam_policy_document.iam_policy_document.json | ||
| } | ||
|
|
||
| # IAM Role policy doc: https://github.com/kubernetes-sigs/external-dns/blob/master/docs/tutorials/aws.md | ||
| data "aws_iam_policy_document" "iam_policy_document" { | ||
| statement { | ||
| sid = "k8sExternalDNS" | ||
| effect = "Allow" | ||
|
|
||
| actions = [ | ||
| "route53:ChangeResourceRecordSets", | ||
| ] | ||
|
|
||
| resources = ["arn:aws:route53:::hostedzone/${var.route53_hosted_zones}"] | ||
| } | ||
|
|
||
| statement { | ||
| sid = "k8sExternalDNS2" | ||
| effect = "Allow" | ||
|
|
||
| actions = [ | ||
| "route53:ListHostedZones", | ||
| "route53:ListResourceRecordSets", | ||
| ] | ||
|
|
||
| resources = ["*"] | ||
| } | ||
| } | ||
|
|
||
| data "aws_caller_identity" "current" {} | ||
|
|
||
| # | ||
| # Helm values | ||
| # | ||
| data "template_file" "helm_values" { | ||
| template = file("${path.module}/helm_values.tpl.yaml") | ||
| vars = { | ||
| awsAccountID = data.aws_caller_identity.current.account_id | ||
| clusterName = var.cluster_name | ||
| serviceAccountName = local.official_chart_name | ||
| chartName = local.official_chart_name | ||
| } | ||
| } | ||
|
|
||
| module "external-dns" { | ||
| source = "github.com/ManagedKube/kubernetes-ops//terraform-modules/aws/helm/helm_generic?ref=v1.0.27" | ||
|
|
||
| repository = local.helm_repository | ||
| official_chart_name = local.official_chart_name | ||
| user_chart_name = var.user_chart_name | ||
| helm_version = var.helm_chart_version | ||
| namespace = var.k8s_namespace | ||
| helm_values = data.template_file.helm_values.rendered | ||
| helm_values_2 = var.helm_values_2 | ||
|
|
||
| depends_on = [ | ||
| module.iam_assumable_role_admin | ||
| ] | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,49 @@ | ||
| variable "aws_region" { | ||
| type = string | ||
| default = "us-east-1" | ||
| description = "AWS region" | ||
| } | ||
|
|
||
| variable "cluster_name" { | ||
| type = string | ||
| default = "cluster" | ||
| description = "EKS cluster name" | ||
| } | ||
|
|
||
| variable "eks_cluster_id" { | ||
| type = string | ||
| default = "" | ||
| description = "EKS cluster ID" | ||
| } | ||
|
|
||
| variable "eks_cluster_oidc_issuer_url" { | ||
| type = string | ||
| default = "" | ||
| description = "EKS cluster oidc issuer url" | ||
| } | ||
|
|
||
| variable "user_chart_name" { | ||
| default = "external-dns" | ||
| description = "The Helm name to install this chart under" | ||
| } | ||
|
|
||
| variable "helm_chart_version" { | ||
| default = "1.2.0" | ||
| description = "The version of this helm chart to use" | ||
| } | ||
|
|
||
| variable "k8s_namespace" { | ||
| default = "external-dns" | ||
| } | ||
|
|
||
| variable "helm_values_2" { | ||
| type = string | ||
| default = "" | ||
| description = "Helm values that will overwrite the helm chart defaults and this modules default for further user customization" | ||
| } | ||
|
|
||
| variable "route53_hosted_zones" { | ||
| type = string | ||
| default = "*" | ||
| description = "The hosted zone permissions granted to: arn:aws:route53:::hostedzone/<route53_hosted_zones ID" | ||
| } |