From 02a55047dedaf2414eb6fc1629e7d18c94214fd2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Karol=20Buja=C4=8Dek?= Date: Wed, 1 Jul 2020 18:19:52 +0200 Subject: [PATCH 1/2] Update readme, pre-commit hooks and github actions workflow --- .github/workflows/main.yml | 93 +++++++++++++++++ .pre-commit-config.yaml | 35 +++++++ .secrets.baseline | 66 ++++++++++++ LICENSE | 201 +++++++++++++++++++++++++++++++++++++ README.md | 76 +++++++++++++- iam.tf | 16 +-- ll-logo.png | Bin 0 -> 12095 bytes main.tf | 20 ++-- variables.tf | 11 +- 9 files changed, 496 insertions(+), 22 deletions(-) create mode 100644 .github/workflows/main.yml create mode 100644 .pre-commit-config.yaml create mode 100644 .secrets.baseline create mode 100644 LICENSE create mode 100644 ll-logo.png diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml new file mode 100644 index 0000000..fbfa584 --- /dev/null +++ b/.github/workflows/main.yml @@ -0,0 +1,93 @@ +name: Terraform validation + +on: + push: + branches: [ master ] + pull_request: + branches: [ master ] + +env: + TERRAFORM_DOCS_VERSION: "v0.9.1" + TFLINT_VERSION: "v0.16.2" + +jobs: + terraform-validation: + runs-on: ubuntu-latest + + steps: + - uses: actions/setup-python@v1 + name: "SETUP: Python" + + - uses: actions/setup-go@v2 + name: "SETUP: Go" + + - uses: pat-s/always-upload-cache@v2.0.0 + id: cache-terraform-docs + name: "CACHE: terraform-docs Go module" + with: + path: | + ~/go/pkg/mod + ~/go/bin/terraform-docs + key: ${{ runner.os }}-terraform_docs-${{ env.TERRAFORM_DOCS_VERSION }} + restore-keys: | + ${{ runner.os}}-terraform_docs- + + - shell: bash + name: "INSTALL: terraform-docs" + if: steps.cache-terraform-docs.output.cache-hit != 'true' + env: + GO111MODULE: "on" + run: | + go get github.com/segmentio/terraform-docs@${{ env.TERRAFORM_DOCS_VERSION }} + + - shell: bash + name: "SETUP: Go path" + run: echo '::add-path::~/go/bin/' + + - uses: actions/checkout@v1 + name: Checkout source code + + - uses: pat-s/always-upload-cache@v2.0.0 + id: cache-pre-commit-dependencies + name: "CACHE: pip and pre-commit dependencies" + with: + path: | + ~/.cache/pre-commit + ~/.cache/pip + key: ${{ runner.os }}-pip-pre-commit-${{ hashFiles('.pre-commit-config.yaml') }} + restore-keys: | + ${{ runner.os }}-pip-pre-commit- + + - uses: pat-s/always-upload-cache@v2.0.0 + id: cache-tflint + name: "CACHE: TFLint" + with: + path: | + ~/tflint/bin/ + key: ${{ runner.os }}-tflint-${{ env.TFLINT_VERSION }} + restore-keys: | + ${{ runner.os }}-tflint- + + - shell: bash + name: "INSTALL: detect-secrets" + run: | + pip install detect-secrets + + - shell: bash + name: "INSTALL: TFLint" + if: steps.cache-tflint.outputs.cache-hit != 'true' + run: | + wget https://github.com/terraform-linters/tflint/releases/download/${{ env.TFLINT_VERSION }}/tflint_linux_amd64.zip + unzip tflint_linux_amd64.zip + mkdir -p ~/tflint/bin/ + install tflint ~/tflint/bin/ + + - shell: bash + name: "SETUP: TFLint path" + run: | + echo '::add-path::~/tflint/bin/' + + - uses: pre-commit/action@v2.0.0 + name: "RUN: pre-commit" + env: + AWS_DEFAULT_REGION: "eu-central-1" diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml new file mode 100644 index 0000000..c38b2a8 --- /dev/null +++ b/.pre-commit-config.yaml @@ -0,0 +1,35 @@ +repos: + - repo: https://github.com/pre-commit/pre-commit-hooks + rev: v3.1.0 + hooks: + - id: trailing-whitespace + - id: check-merge-conflict + - id: detect-aws-credentials + args: ['--allow-missing-credentials'] + - id: detect-private-key + - id: end-of-file-fixer + + - repo: https://github.com/gruntwork-io/pre-commit + rev: v0.1.9 + hooks: + - id: tflint + - id: terraform-validate + + - repo: git://github.com/antonbabenko/pre-commit-terraform + rev: v1.31.0 + hooks: + - id: terraform_fmt + - id: terraform_docs + args: + - '--args=--no-providers --sort-by-required' + + - repo: git://github.com/pecigonzalo/pre-commit-terraform-vars + rev: 8e947e99c45314397a8caacebefab44d74227b6b + hooks: + - id: terraform-vars + + - repo: https://github.com/Yelp/detect-secrets + rev: v0.13.1 + hooks: + - id: detect-secrets + args: ['--baseline', '.secrets.baseline'] diff --git a/.secrets.baseline b/.secrets.baseline new file mode 100644 index 0000000..41133cc --- /dev/null +++ b/.secrets.baseline @@ -0,0 +1,66 @@ +{ + "exclude": { + "files": null, + "lines": null + }, + "generated_at": "2020-06-29T14:54:23Z", + "plugins_used": [ + { + "name": "AWSKeyDetector" + }, + { + "name": "ArtifactoryDetector" + }, + { + "base64_limit": 4.5, + "name": "Base64HighEntropyString" + }, + { + "name": "BasicAuthDetector" + }, + { + "name": "CloudantDetector" + }, + { + "hex_limit": 3, + "name": "HexHighEntropyString" + }, + { + "name": "IbmCloudIamDetector" + }, + { + "name": "IbmCosHmacDetector" + }, + { + "name": "JwtTokenDetector" + }, + { + "keyword_exclude": null, + "name": "KeywordDetector" + }, + { + "name": "MailchimpDetector" + }, + { + "name": "PrivateKeyDetector" + }, + { + "name": "SlackDetector" + }, + { + "name": "SoftlayerDetector" + }, + { + "name": "StripeDetector" + }, + { + "name": "TwilioKeyDetector" + } + ], + "results": {}, + "version": "0.13.1", + "word_list": { + "file": null, + "hash": null + } +} diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..f6f1438 --- /dev/null +++ b/LICENSE @@ -0,0 +1,201 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [2020] [Labyrinth Labs] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/README.md b/README.md index 82bc486..5724c62 100644 --- a/README.md +++ b/README.md @@ -1 +1,75 @@ -# terraform-aws-eks-external-dns \ No newline at end of file +# AWS EKS External DNS Terraform module + +[![Labyrinth Labs logo](ll-logo.png)](https://www.lablabs.io) + +We help companies build, run, deploy and scale software and infrastructure by embracing the right technologies and principles. Check out our website at https://lablabs.io/ + +--- + +![Terraform validation](https://github.com/lablabs/terraform-aws-eks-external-dns/workflows/Terraform%20validation/badge.svg?branch=master) + +## Description + +A terraform module to deploy an ExternalDNS on Amazon EKS cluster. + + +## Requirements + +| Name | Version | +|------|---------| +| terraform | ~> 0.12.0 | +| aws | ~> 2.0 | +| helm | ~> 1.0 | +| local | ~> 1.2 | +| null | ~> 2.0 | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| cluster\_identity\_oidc\_issuer | n/a | `any` | n/a | yes | +| cluster\_identity\_oidc\_issuer\_arn | n/a | `any` | n/a | yes | +| cluster\_name | n/a | `any` | n/a | yes | +| enabled | n/a | `bool` | n/a | yes | +| helm\_chart\_name | n/a | `string` | `"external-dns"` | no | +| helm\_chart\_version | n/a | `string` | `"2.11.0"` | no | +| helm\_release\_name | n/a | `string` | `"external-dns"` | no | +| helm\_repo\_name | n/a | `string` | `"stable"` | no | +| helm\_repo\_url | n/a | `string` | `"https://kubernetes-charts.storage.googleapis.com"` | no | +| k8s\_namespace | The k8s namespace in which the external-dns service account has been created | `string` | `"kube-system"` | no | +| k8s\_service\_account\_name | The k8s external-dns service account name | `string` | `"external-dns"` | no | +| mod\_dependency | Dependence variable binds all AWS resources allocated by this module, dependent modules reference this variable | `any` | `null` | no | +| zone\_tags\_filters | n/a | `list(string)` |
[
"external-dns=true"
]
| no | + +## Outputs + +No output. + + + +## Contributing and reporting issues + +Feel free to create an issue in this repository if you have questions, suggestions or feature requests. + +## License + +[![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://opensource.org/licenses/Apache-2.0) + +See [LICENSE](LICENSE) for full details. + + Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + https://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. diff --git a/iam.tf b/iam.tf index fd5fc66..e2a478e 100644 --- a/iam.tf +++ b/iam.tf @@ -1,6 +1,6 @@ resource "kubernetes_namespace" "external_dns" { - depends_on = [var.mod_dependency] - count = (var.enabled && var.k8s_namespace != "kube-system") ? 1 : 0 + depends_on = [var.mod_dependency] + count = (var.enabled && var.k8s_namespace != "kube-system") ? 1 : 0 metadata { name = var.k8s_namespace @@ -44,7 +44,7 @@ data "aws_iam_policy_document" "external_dns" { } resource "aws_iam_policy" "external_dns" { - depends_on = [var.mod_dependency] + depends_on = [var.mod_dependency] count = var.enabled ? 1 : 0 name = "${var.cluster_name}-external-dns" path = "/" @@ -79,15 +79,15 @@ data "aws_iam_policy_document" "external_dns_assume" { } resource "aws_iam_role" "external_dns" { - depends_on = [var.mod_dependency] + depends_on = [var.mod_dependency] count = var.enabled ? 1 : 0 name = "${var.cluster_name}-external-dns" assume_role_policy = data.aws_iam_policy_document.external_dns_assume[0].json } resource "aws_iam_role_policy_attachment" "external_dns" { - depends_on = [var.mod_dependency] - count = var.enabled ? 1 : 0 - role = aws_iam_role.external_dns[0].name - policy_arn = aws_iam_policy.external_dns[0].arn + depends_on = [var.mod_dependency] + count = var.enabled ? 1 : 0 + role = aws_iam_role.external_dns[0].name + policy_arn = aws_iam_policy.external_dns[0].arn } diff --git a/ll-logo.png b/ll-logo.png new file mode 100644 index 0000000000000000000000000000000000000000..8aa2c6a4997fbdcf7009e089b2d07ad4a89218a6 GIT binary patch literal 12095 zcmbVxWl$YF(C)##xVsmJ;!xbRc#FHcyL)l>!ol6$DeiFK;O_3Ox9^Yp^WOR9o6KgC zooqIf+0E?pBvMIH3I&k>5dZ+7$ViK;000nr|He`9kpKGPNi$Ob04>c+?U##+p*xv_ zlf9XxjVYOnr-Lb(sfVQ*0N}9#&d_eAEOQFm#19PzK%=n|kr^;e_x3;HN~@QgxU~3s zE&Dl?H5cZ{QYSb*vz$46>~7jWaet)D%YIe&CajY9NKuyj(|LS-Yu|Z@HSX>AdGg#X z*F%cx>)VseOVv4c_%kPWk%L$7^E#B&y72z>dZs6L@1twxF_;t=OP}|4$PXoP_u2V- z%4O)#bEjp&X$`RY&2xPdQ~&E`ZpUqh-up((CyAecQZl2aDf#HLbmG&WS6ayDH+etA zX&KnV>tlY3K-`3fn2?Y+H*X<5<2O!`9_r`ej;rZq`}^sn+`~uY=MtS}`&f_L64Jt# z!%=^_4^zWueC3aKsB-5|2Y#VMpQ=r7L3eIB%7XJ%Wwy7Gsqqg^klvne)wPlz{pGy? zY#fRCTJqXXY}BwKrD?g782uX|9doAC#*QofhctHuGFy47 z=^fHjdeOC@2gZ9pRcI&Sl2LEUHPjI;ZA^OGopZvX1oBRFWt@V$bh93KG z84X{h+c(?6X|UK}p3I)6tezSfI5URK*^t9&X04%S(w(Er*?E%b)vz{FRLwGf z-fX1sSCQI_lw3);S&EibRh88_FqSW?5oBepkQKb9Hk+@WRqjU2*Kr53w%7H(ESOFR z4+wN^1Qx`x9ZVS3&+KU>-O@^F=+%#vS1{@N#&B|z;cmbgn?}_G-*Z?LrIZKg!LfoL|+?*hBx!eU&FYoLGYrV!OE$@_iR-ol&kjrK#GD z_R%^k9!@mNaE>KDy+6C3q*6iSv58$#$*5OIrl+8YM`x=^T2(MA(I@u}1x{^QP>$!F z&={(^^MMvMzj>88H#w$hW#A(&5s<}rF|laqyh5%x%VZm!BZDQH)Q^*!LG2aSoP_5l z*1ZarR)2+azhL3d3AN~VUy5-SS;-XL2$krmt{=J~D!wm7N`^Qt-x$!G39c5Ix&wvg zz9{jile*4wKnwmnKBpp$|9%@3iBq)#d#;x5IC;O{aAJ24KdXOWnbINJq*-0O8g^dj zZFby&P$m>r^bMuiTZ=)nie;Wezo-}q*al?dvz_n}BdWs9YKRZiA+JryT-u5jn4)Vb zs^a#hOd9?b<4w!MAYAWu19l>&P9veZ-~=s2mQNV3A~UJBu(a2xAB5cCgbAqvof|4w z!mCn8A$sdFrAvMZBzvMeCe>PVl9t-sr6sOd>$`u?b;9ILA^vr=&Rn7p0H2h`FQt#%+!3Vt@?3S zjaHs!0T4z=EHa?3R;2Km4G!}Sj=jj5^qu&U|tA;3QaC8ST=Yj4l1;9EVZ zYWi4N_o{}SB0^&ndS+*uFTdzeoYWZY&@c4uia09vn z5bJzf-DH6|f5K~LwL-!>-Q{U zxcIl}qy%|itvpNDh?B1q&Ag3fe&dDkFaZ7&XiTq`r2MjZW9XAwo(Y*ho?;FGH#k#; zNPX-eq+7_F%<^$(FX--rkK=JfwiX7sgl$hKRP^{31s)MqvFW5e;R_M9Erq^A)dHHR zF9&(*P!6L*c8iBUlQYbB@~he*IBlR$unV;WrwJ^C?L5yOLdG>UROR%44^r-ZCv_)4Nsi0m&-s>1p=yQ(Qni>6%&a$wBl7oGj^PgJY~hWGo=f z<^6!ip0H){8jT)JDtSRmaS#Q;rgi2VCP2cN1rd3Lj)cH`5mC}`-YpWoE-34=7=*Y| zJaM|kb&e4g^8Jb~%c3~|LGlpgTGQC^QsA;^15-|?ea0RkI&kX~aR1|x-)L$PPmn>L z(4FvjQ#a0;XT><-$S9&uzTS{#9=?y6TgGJAMP7}LjT!Mg@^|BIZ4i<;!WORD91$zK zm^3Xv9I*#V0QSLhIuSfmQxu;gzl4brH?M#e_inrfW3$Mv$1Huw^UZIQB4dj%GB~ni zC`kxc`rgxt`BlOVfow=SVH;{Ij%rl0bkNp!=ZNdJ5anN2-zYc$77|5h2k+IL>%G&U z9L`ZaH4HyTrSR*MwbfQX^t}}u7O|jM3yd)V>}8v%3o9mfMEGN`=htmK{A)r5vNoQ5 z*WU@u&=GIMU+kl!4sGDR~4W4{u^oXe6PSEEdh?s44aR37|^z9tv)3dgx*V?=>_)052fxdzNECs zQluxtF@o(!s{Tuo9Gf^BxJKF49=Q++d&EG+FB#xS<{E+SCB~XxcSUAN>J#cf%epBH z1DYH{jQT6OEw0xKnHM40#l#9f)M(9!$pyh+QGvv=9cCvnoa3ueQh?5Yuzos78746o ztP^&GSB=I!*Q0^^rr~Wgq5bxh&Z_t;Fb1*8LF_%El)5@Y*J1FNHc)_u?oUJ(zY?W2 z@lZ;_sb9m<%?m6>gd{E#GNCRi|1EDmx`X&KL#+e)W$Eo6EXwb2GWKjmZWAwEYy(m# z^gz2cnG5m?+I<(}5%M4_YcXhT7fGLb8U@Eu z0woAJ3SPZYsJE#vb_wY`lh24!N%flU7Xn#Ni4a08^set;CS`iaykj~lXUO!~)QlGy zep3kim3M0ihj_qn<_@Mr_#7PJtgCbLZ%(R9TgdyA#ZMJ5+-L)`&oF&q_=4rzW5sjv!2LwwpavBY7EXE^l&tRa*h{gsrx$kC& z`-3l@#3MVkk(n0>M`5r87F!WtYRQhcmvY5qhux8U zlMx}OJjU;j2xYZEe@(w3qnwrZ>6+er!p+4|;S?)KQ9wWPWB@zBWSGzhtznJOf7m!%6&B-;JYB|_R~>cnHs-p7`@KI5;8kf+ zHsrmAcn{(}x=*wLAm`RF6Ro<5C0+9ou7`^sSL4pa%)lihDKQB-4maSRgg!`~b=Zq2 z4GBYR0bUTDl25ZB4VeBa#NkJT9n8Q)Lb+{iO2p+Xk){0QNOI62kEbI<>T47Yw(DuT z??+B4j*=N%-_wRY6hFsa;)aDksdnMu9O{F39pPzt_$G^VNR$Qzmq!Up#oi!lg!V1W z3uv|Yp4?{8C8wiBj=P3Eg0|%}jx6*NH5&Snkv%LJBPmKko;U(16Eho} zGgY~GUBMNBAtp9q2>Dy-`Q3rlaT226+@Xc?koB5yMAuz{d017>yHg@9%@3( zQSy2cusOilN{rt&;e zTF*NG5sS67n>gx9M8(E^w2=sp4VQUV6PX2eViqje{npE(#PbAovPDGp*I^ROM@$ic z5L^Q2>>y`CcE$&AJ`oEz9yJ~CjiZ1Z?O`NZBA#3cZ83Jl!%;S!yrH2ZYGG{$m1Y^N zp8c@2pT&5nPGJTZQu%B)4MZEbsj3(pPoPZ{uBrtST6Fn#bYNeIzd8NsQelHq=r#4x zPfIJik^yt8#_^2cI3wHSHITYwU+0UBzhg9B{_d{TpGp42;H(1;E^~XrV`w5pnvejf zmT$OxJTnk=eHtKZX*hN#mxP8N33^v;c=AvEts_cB;strXWKdCr01H-s<%J^=5dkP6 z?;lku7H({_n9Ofxtoxgd99EXSpK#bsBFEzF8zNxVv6-MNC+L>%p>N8cV!ws+o#i4x zI0Rc-yQF`Oxfq;D7UG0cRdacxSlZhnjC zHV(BLu7gsYnXyfvZ$8bk-`^$(IXVDOhCK?k+xk4!f5vXAS?%M;gSb!1>TX_(xVc>*tD!wpJ zwez(i25rGbBo!p(M&HB!8Z>Ncrv#pn zf?<43Gfp|A68=)8l8J-_!P1xh6^+)&!NSB}`Qh~>MbsnC9IAuO>cp4_i&DP}_Zhso zo;i3-$4!?G{i0{{YK(le3A3WG`XShS{(!LM4_kd#-Ln9Rkz2^!p>+ojZwrOHsH?CH z#q1uiUD9qd61!JIhZWWPitnpR0>23vY;9+sf`24Tsb(JLj(;zrVYdQk}%#{BLgh!E(+dn0oi;RK< z+#WP08Whz#b=x5TK$IaPE~4hKa-QR^qq_Jy{DX@e8sjgC;U&ri%vZZp;dh)Wt)`}G zt5d6-CcpEV=H{k_m2%tr(^7Bk3fFBt#sq4N-rD{@nkH+Tq)O6uVfo5X-!IerJ*K;| zy`6^+vv0GV|A_UnB0~TGrD7pe|ISeOZx{~?00{uIAZecSZ-cBm;D$Y3o0>w*G_=(U}v&3gL!xREB9bPq; zLG$KbBuD*)ajta_O=i4WtPv{*w2S0w8Z16q>i)pI9my_fYbs8}{cu!gw}%0W>`EXP z0rp(+7habagkyd7@e=1(z9lgdS8vPKTlqXG+#MTDOy3-x+{G|7G^bhvo?oo_0z`<` zgg;DhiE-vFeVz0uF1aBQokJ4M#h;$rHoNaUMMaB6%Um3rqav=tIgT$t@hU29RGj*! zRetg>`AY6T7@}f_Morn%9_~r?b$jmr(VUWX2T;zK9#XK%>%2HhBhhfQQraa5&GBEz zP~gecR9JK}vP&WwH$Uw9M$^qgzLT;PPwfL@nh!$P$1GWInO zl``}*Z@%&~y=VMlESMe9sdn{9cQ*(~(_tQ;P>~ZB(syTPR~1m^< zzrkcp!lPWnqdqn?8&wFVrlim&NUMwe?Qd$?%gAU`v22k2j6owg2uGu5WMrr*wL{`E zo_T-Mn*0qDYTDK&(bR-uCO;Hm=!-5YApt4kslM8;hDc2{P;!1F|n6#^Ym|Y(dFgP)@eoAu>qx5WCM?M zAsKf=RrfrWrlgLgS%3g@z{zm zJ^mii5)L%@MSH5MRS#LEGC??(tpt_GZY_SFn*nkxS?jXheH-&$@I8we0Fa{p`Oq&D&M&ciz z?vI-0aPM$U(zTZI^P8i(C!rrEO}c(fZqO_(N4KuDr&)VES>V=flGB9=i;6lQzvJX( z??zNL^9oIB_9U*;#IXAMa(%aKL3f!d`;NmIW1QQyg-J)Km+-DLembFRP_XwfbL)qd*Mc8v@A9)J6Xrf=qn=nd{UeFPXoN-A1 zo{GvTQ|7aDcQ^X=lhm~~m7wu{h2-AG^rzIkMYUg(@52v;lX{%Fhkz8h_h$FEn1cz4 z$38So&42GcTZE`4xn(mqmb(?$9K1n2k`@MX;3eKj z&MvMjaGoD+;~!W&jSg<;th#o`W^Qj5-4;28I?^OaGio;3*}LiW6MFB~IWP0OfC2n;)tkztYldBrPw@taVhgkOie04_3oNsqcPNUm{DWVW?ui0ea z{d}~AqLGtmQk!0HB8=Tmgelxkd14Q);e~3O=&vqmn6&oV#nZnKC+u8L*ktTU(KjpX zD(|u1RKVJTqztMoRzSof-hGgzRR2b9*SXm^3h}T&)2iKbA>)&rxqkDB-v3&negS)Zg({^>nztc_m^+8O#Avw)35ro}?dsAn2jZhme*q@Oi8Ns{vJj25pZ>4w z3C?M^d<3^Qad7fkeEEYUbuZ4#`wXapx~^LHfx+Rs{i6SpmgGXwINUqCWB%i}FWgQ+ zfz~jREOql~+<3V^9)STq(cb%xK1C}1a%I}u>fa{rcQa!hgFM<$(W!|E?d}smPhl5> z@+K7nBZh~k6D7slGrka+tu;vduYSBK(#x=7M19jfJhb{Ns?OVazzQ16y`!Fs+K+fx zD70Lb8Dt%-9mNH0A+`{e-wZ$YQuV5^ckE^(L)xmj`UQxq@Mye@4CXAOe2Es#aCZ2< z;G2TCC7a<-EWh-K_%gol9z2Q#tup+nVlv+iTP_MBO#+qceP7{a|9d!a2` zEQyL0Nmaq!yoxlfGojm1A2`V+1>eQ*8DGw^CWCe50i&nK3=jP8g_)NHj~x1;iFrYU z>UQ{CnhPHxwWEtAaOieH4q#FBtFMq|)DZKQ)3ksw*wo+cemvCI^WiDs0qW$tJ8Cg-d6pOcie0{hYSp>CPd0i+epk>HhL22H zT6nveO;fGD`hD-NT(EYYQ|2+*rKx6VQo<& z$g!(+GMIVT2qhb$VUBen>r*~+z8NS0@f3iyz ze#pn~>1ciV71n)@*OgPniOJVf+*hh1!yOr zSgul`W`s&osN3-;BuZpD+mtXE7T*jZpsQ;?YXV7?Z+(egc`-T68vAKu@mF=X;|I%V zXZ{ziW9=Jg%^(6@_o~Sw-}I-619ieQj@Gu)A{jG{goR=H3cjs#SXFvL!Y1TllW)%% zNWA6bI0xslhNE2i*L5qM{TE%=oAw>m1mE6;L^2f^x~KDdby~l`%4Bn&y(dXi1aWk_ zoeZe_@$!y9y8+vpj$qAaSKG{Fauo1R{Ib4PQaxwLX(_(OZZ{vwKU;dj1#{r5i!QH} zb4Gi|6{@Rk4So?jy32@F*wXJwD8zp{Qf`*7PSt3YnClO}S2=ww`iV4XmD7r_`y%uR zE-+q;9xJdH3$DFgC}94Ik|N3!C6?_nZJ;~PmBzLj>Fj9|#{vgaMS%A7dKKa8>#NK0 zvKkkXxF(z9X3UMV0UWR5+f9V^7jkdP7pAIwb+XshHP(*MspfIq8T&BCC;shroY~MS z<007N0>+h66Z;Fvm@}_{L2@xw5O$;^gN|;3jkoo@_On6LzCqj0D9BzE17kI*y0f#` z8C<~3#g z7}UD-ed?jB`|$OCO^_ZS(wmLrzrY0h-&f)*XVOGlsur;5%-Qv2JZ>w2i4}$-iyy;1 zMhf8Jmg2mY|x&2|98$D9_uOqpQhs`H_B}u#pO;xIU?AX#0!b zYnYI}rjvJZeo|2l46nvy+*YFFP8lkD-+$rw2pTra`hj=s`C?RUwWXi7>Mpsrj|=nU z?UL#>4+Do~6tipw8(KNc8i<5op8o5&w9AhGHcI=R@8=48BQHD`7j2hYvqp!1&OOcM z(Sb?3;X5+Dy4=o8X>uDW@&dB{ccI^gvX@w_iO)<0<3obs(6|5yG6Tig|$`{ zk&8PUhqZT--Oq#&MW+FEkJim&v0DM%##JL$WTv;gpKwE~95-*8d?k3{5>Aij9|NPx zCG068P)+gzUpxbOq>7ojmFB7R4?dr;p{ z;m>J6Y5uw{!Je$CljHv7kKd$Gh3l+@R@h^{)SR!fRud7^IPI%L9(=V&jdm%J(@)g2 zpBk$sbq0!9@3xnM(3T$Kd+OlN^vuUvWyt5*LN&iE?dEX(y1$#ep!Gk}N6hP%h@n0% zm*M5)e@Ld3NZM;S4Dj5xEoaky{3fSWD@$e&l-nIfw8D|}$a4Qv)Kn9cR8aNj{)_Nq zB5a#z8zr5&za@%Eu!f>K2iC^e($c1W&p7XUVc~a~X&e2Dag%RG!&3NHl=hpR$)A}0zub4PI(IU#r|p*&^YZ#g{r7*oQatn$$PvKNsg;yIxLAbr zU;^@HUO@jsM4Os1%Fz1g-Jv8i@F^*{nLr+4$kUarWj`?L|9<3lZ4vQd zW%Ac(#ZCUX6?2XAvS*a>R)NJNMc6v`b(j)r7_QZAI?@*sLV`#0k_3ZmSu#qjTpx+v znf^4d6H-@`p!y(nPv-i|3gq!Tv2tH^>cRSVp$UuRBHy=v@Hw;PL;BEI$sn+r9>plb z$DDa%I};|dwJxrvhz{ijid>uq9ry7ern&dhu3e91j4^nbC@*S-ATf%8fkUUN5@Cz4 z>+INA7XvY}wXx(erlPFX?k{yW*;Ny-$n-ReqTIBCoPU_1EMh1I-WCSd(ec5-(hM0R zW@(Pz{{C_0Cb710(pO$y2L28uCA}y#C%5J=h%TsKZWb;-Dmy#*m~ztk8LBHQrQkC% zW_>$}eLHo#I$NP3&kB!DKn_jt{^D9Z!CW(wBuze!4&O**3#|0I6h!HFw(=*k=@G7>fL>jRYe3q&I&s~AfuES&D zuyxm!2&XwGHJ@%EYQxAR!|$wa2{BwPUWe~c|KJ<%J-7Y!VF|~7@XHB_U^BPpb7tG$ zf!~slFqA>#0#uCj$wk`|C8e;InwLNGD0surz zn^nN&8hB3bly~LbMw7>K3ygm=pQPK9t1f`o9f~G2K4TCbvX@WW#^MjnkRhJ_6dU)8 zk^l9_ztm>+U%n2%?$*$-35oy3xO}&Z0`AcMu=jCMgAM}{>Gh4dhCdBf<EVk4-b0)^pWyc)VUc&he~2$1`~eRE2y z`W~-8zn$dDRY`!uFW5f#yn|~^@Y!WRyC_)BG=Ak_GZ5?EfQXVz#FoxP!G7N5;4Dd( zMYi4KYdKemH3Zi_7DrojnAD|5;e3=77aw08yEzX9_CJ=C ze=it2xJ2z{FOO?z$jQl3SIT>AQ#}RZx%gTF_>hZvL)g;ydG-@l4C%*l@A`?k!vBkT z?Jg>(xrHniJlYh|`L%8dnxx_`ZZ&lRkGG-UV+4fOaya8_VPX}fcAMXw?&Ke4*_YwT zF(O$lqkl-(YFk94rKKTF=yxBR9iMj#_J|;R=D|(wy6GIlX0H)woK}E2lMWyjM1j!c;zcUmzn)_kO0f{nj+W2BgeJT@*?F-BV2SI)CDVr6n5~6Ay-aD*qErTp36K$NG!mZ z5%!zZodygnc+AYYmJ|Jl2mbgj>VKaKnIDUe)|tG5L!EOZXG~qu;Pd9M7)>&2{=AdX z0JSVm)hx9*51mjeS1Vc(%6u$+qRC1uCc_eB+*J$sjgDQceT$Tb;02DB5xt3$;Y1!8 zwN9298d}kM3HYhJu3nm(erqddws}9caPk^%^j9yFEO`XC@ChYqF(v0tqRph-zNY*{@QxhXY z#fJZthODHkRKX;J#czW9bMq*;P-yQFlN&hH+_SZ;5O1@IBSEImHb-{L?fL@H!9#Oj zU*KHJ5BPueIBT?iUUTTc3dX~Mo315%{h`O~)A#$PiGL`}kLXrOieV%U$4UakDf4~u z%Hk(KRClN-uu==1|2|ltJn%6Q`Y}Mp`yY5Gqv5r*@F*yx+`6QOATw>*TN{IzK5Z1lYcz74#`i`v}o zj68Ky8XKAj zSECh5l%;ECbHv*7%$AM2twxl%j3rn|`@2I;t@58S3!Nmo3N_~$St_k%>1zb2O6Ts` z&G{V<9`8J%GJ*_$sk`Q=0LhZ*h^8va8>AU+OYOy>2h22Q^gN1ErKv0}EGW>>0)_V+ zeo&#kz&nO)5&kp+34n{xh|#0m85om`bJ}I{XM9Z!6+QqR*UV#OO%Mf{o4)z$a4lX7y$qQ9RL2wK>tJ< r3IHHO`5!C(w|4)z`hWYg&;5k^G7wQ_5aKEP-$EG)Me%A;gP{KdKD|Ap literal 0 HcmV?d00001 diff --git a/main.tf b/main.tf index acb9d5c..055737e 100644 --- a/main.tf +++ b/main.tf @@ -1,19 +1,19 @@ data "helm_repository" "default" { - depends_on = [var.mod_dependency] - name = var.helm_repo_name - url = var.helm_repo_url + depends_on = [var.mod_dependency] + name = var.helm_repo_name + url = var.helm_repo_url } data "aws_region" "current" {} resource "helm_release" "external_dns" { - depends_on = [var.mod_dependency] - count = var.enabled ? 1 : 0 - name = var.helm_release_name - repository = data.helm_repository.default.metadata[0].name - chart = var.helm_chart_name - namespace = var.k8s_namespace - version = var.helm_chart_version + depends_on = [var.mod_dependency] + count = var.enabled ? 1 : 0 + name = var.helm_release_name + repository = data.helm_repository.default.metadata[0].name + chart = var.helm_chart_name + namespace = var.k8s_namespace + version = var.helm_chart_version values = [ "${templatefile("${path.module}/templates/values.yaml.tpl", diff --git a/variables.tf b/variables.tf index 9c08fc4..47bf344 100644 --- a/variables.tf +++ b/variables.tf @@ -1,19 +1,22 @@ # Required module inputs + variable "cluster_name" {} variable "cluster_identity_oidc_issuer" {} variable "cluster_identity_oidc_issuer_arn" {} # external-dns + variable "enabled" { type = bool } variable "zone_tags_filters" { - type = list + type = list(string) default = ["external-dns=true"] } # Helm + variable "helm_chart_name" { default = "external-dns" } @@ -35,6 +38,7 @@ variable "helm_repo_url" { } # K8S + variable "k8s_namespace" { default = "kube-system" description = "The k8s namespace in which the external-dns service account has been created" @@ -46,5 +50,6 @@ variable "k8s_service_account_name" { } variable "mod_dependency" { - default = null -} \ No newline at end of file + default = null + description = "Dependence variable binds all AWS resources allocated by this module, dependent modules reference this variable" +} From d40919837a8c592be39c477a223c8b97ac1030cb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Karol=20Buja=C4=8Dek?= Date: Wed, 1 Jul 2020 18:45:32 +0200 Subject: [PATCH 2/2] Run hooks on code merged from master --- README.md | 1 + iam.tf | 2 +- variables.tf | 2 +- 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 5724c62..4fe78bf 100644 --- a/README.md +++ b/README.md @@ -39,6 +39,7 @@ A terraform module to deploy an ExternalDNS on Amazon EKS cluster. | k8s\_namespace | The k8s namespace in which the external-dns service account has been created | `string` | `"kube-system"` | no | | k8s\_service\_account\_name | The k8s external-dns service account name | `string` | `"external-dns"` | no | | mod\_dependency | Dependence variable binds all AWS resources allocated by this module, dependent modules reference this variable | `any` | `null` | no | +| policy\_allowed\_zone\_ids | n/a | `list(string)` |
[
"*"
]
| no | | zone\_tags\_filters | n/a | `list(string)` |
[
"external-dns=true"
]
| no | ## Outputs diff --git a/iam.tf b/iam.tf index 3fe6357..6a5c99b 100644 --- a/iam.tf +++ b/iam.tf @@ -19,7 +19,7 @@ data "aws_iam_policy_document" "external_dns" { "route53:ChangeResourceRecordSets", ] - resources = [ for id in var.policy_allowed_zone_ids: "arn:aws:route53:::hostedzone/${id}"] + resources = [for id in var.policy_allowed_zone_ids : "arn:aws:route53:::hostedzone/${id}"] effect = "Allow" } diff --git a/variables.tf b/variables.tf index 317c498..9935696 100644 --- a/variables.tf +++ b/variables.tf @@ -5,7 +5,7 @@ variable "cluster_identity_oidc_issuer" {} variable "cluster_identity_oidc_issuer_arn" {} variable "policy_allowed_zone_ids" { - type = list(string) + type = list(string) default = ["*"] }