Skip to content

Commit

Permalink
feat: backport dns-bucket module to v3
Browse files Browse the repository at this point in the history
  • Loading branch information
maxsxu committed Nov 16, 2024
1 parent 50f5d5c commit 51628ab
Show file tree
Hide file tree
Showing 6 changed files with 292 additions and 0 deletions.
71 changes: 71 additions & 0 deletions modules/dns-bucket/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,71 @@
<!--
~ Copyright 2023 StreamNative, Inc.
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->

# DNS and Bucket Module
A basic module used to create Route53 Zone and S3 Buckets.

<!-- BEGIN_TF_DOCS -->
## Requirements

| Name | Version |
|------|---------|
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >=1.2.0 |

## Providers

| Name | Version |
|------|---------|
| <a name="provider_aws"></a> [aws](#provider\_aws) | 5.76.0 |
| <a name="provider_aws.source"></a> [aws.source](#provider\_aws.source) | 5.76.0 |
| <a name="provider_aws.target"></a> [aws.target](#provider\_aws.target) | 5.76.0 |

## Modules

No modules.

## Resources

| Name | Type |
|------|------|
| [aws_route53_record.delegate](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) | resource |
| [aws_route53_zone.zone](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_zone) | resource |
| [aws_s3_bucket.tiered_storage](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket) | resource |
| [aws_s3_bucket.velero](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket) | resource |
| [aws_s3_bucket_server_side_encryption_configuration.velero](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_server_side_encryption_configuration) | resource |
| [aws_kms_key.s3_default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/kms_key) | data source |
| [aws_route53_zone.sn](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/route53_zone) | data source |

## Inputs

| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| <a name="input_custom_dns_zone_id"></a> [custom\_dns\_zone\_id](#input\_custom\_dns\_zone\_id) | if specified, then a streamnative zone will not be created, and this zone will be used instead. Otherwise, we will provision a new zone and delegate access | `string` | `""` | no |
| <a name="input_custom_dns_zone_name"></a> [custom\_dns\_zone\_name](#input\_custom\_dns\_zone\_name) | must be passed if custom\_dns\_zone\_id is passed, this is the zone name to use | `string` | `""` | no |
| <a name="input_extra_aws_tags"></a> [extra\_aws\_tags](#input\_extra\_aws\_tags) | Additional to apply to the resources. Note that this module sets the tags Name, Type, and Vendor by default. They can be overwritten, but it is not recommended. | `map(string)` | `{}` | no |
| <a name="input_parent_zone_name"></a> [parent\_zone\_name](#input\_parent\_zone\_name) | The parent zone in which we create the delegation records | `string` | n/a | yes |
| <a name="input_pm_name"></a> [pm\_name](#input\_pm\_name) | The name of the poolmember, for new clusters, this should be like `pm-<xxxxx>` | `string` | n/a | yes |
| <a name="input_s3_encryption_kms_key_arn"></a> [s3\_encryption\_kms\_key\_arn](#input\_s3\_encryption\_kms\_key\_arn) | KMS key ARN to use for S3 encryption. If not set, the default AWS S3 key will be used. | `string` | `""` | no |

## Outputs

| Name | Description |
|------|-------------|
| <a name="output_backup_bucket"></a> [backup\_bucket](#output\_backup\_bucket) | n/a |
| <a name="output_backup_bucket_kms_key_id"></a> [backup\_bucket\_kms\_key\_id](#output\_backup\_bucket\_kms\_key\_id) | n/a |
| <a name="output_tiered_storage_bucket"></a> [tiered\_storage\_bucket](#output\_tiered\_storage\_bucket) | n/a |
| <a name="output_zone_id"></a> [zone\_id](#output\_zone\_id) | n/a |
| <a name="output_zone_name"></a> [zone\_name](#output\_zone\_name) | n/a |
<!-- END_TF_DOCS -->
56 changes: 56 additions & 0 deletions modules/dns-bucket/bucket.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,56 @@
# Copyright 2023 StreamNative, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

resource "aws_s3_bucket" "velero" {
bucket = format("%s-cluster-backup-snc", var.pm_name)
tags = merge({ "Attributes" = "backup", "Name" = "velero-backups" }, local.tags)
force_destroy = true

lifecycle {
ignore_changes = [
bucket,
]
}
}

resource "aws_s3_bucket" "tiered_storage" {
bucket = format("%s-tiered-storage-snc", var.pm_name)
tags = merge({ "Attributes" = "tiered-storage" }, local.tags)
force_destroy = true

lifecycle {
ignore_changes = [
bucket,
]
}
}

data "aws_kms_key" "s3_default" {
key_id = "alias/aws/s3"
}

locals {
s3_kms_key = var.s3_encryption_kms_key_arn == "" ? data.aws_kms_key.s3_default.arn : var.s3_encryption_kms_key_arn
}

resource "aws_s3_bucket_server_side_encryption_configuration" "velero" {
bucket = aws_s3_bucket.velero.bucket

rule {
apply_server_side_encryption_by_default {
kms_master_key_id = local.s3_kms_key
sse_algorithm = "aws:kms"
}
}
}
46 changes: 46 additions & 0 deletions modules/dns-bucket/dns.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,46 @@
# Copyright 2023 StreamNative, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

locals {
new_zone_name = "${var.pm_name}.${var.parent_zone_name}"
zone_name = var.custom_dns_zone_name != "" ? var.custom_dns_zone_name : try(aws_route53_zone.zone[0].name, "")
zone_id = var.custom_dns_zone_id != "" ? var.custom_dns_zone_id : try(aws_route53_zone.zone[0].id, "")
}

resource "aws_route53_zone" "zone" {
count = var.custom_dns_zone_id == "" ? 1 : 0
provider = aws.target

name = local.new_zone_name
tags = local.tags
force_destroy = true
}

data "aws_route53_zone" "sn" {
count = var.custom_dns_zone_id == "" ? 1 : 0
provider = aws.source

name = var.parent_zone_name
}

resource "aws_route53_record" "delegate" {
count = var.custom_dns_zone_id == "" ? 1 : 0
provider = aws.source

zone_id = data.aws_route53_zone.sn[0].zone_id
name = aws_route53_zone.zone[0].name
type = "NS"
ttl = "300"
records = aws_route53_zone.zone[0].name_servers
}
33 changes: 33 additions & 0 deletions modules/dns-bucket/outputs.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
# Copyright 2023 StreamNative, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

output "zone_id" {
value = local.zone_id
}

output "zone_name" {
value = local.zone_name
}

output "backup_bucket" {
value = aws_s3_bucket.velero.bucket
}

output "backup_bucket_kms_key_id" {
value = local.s3_kms_key
}

output "tiered_storage_bucket" {
value = aws_s3_bucket.tiered_storage.bucket
}
53 changes: 53 additions & 0 deletions modules/dns-bucket/variables.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,53 @@
# Copyright 2023 StreamNative, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

variable "pm_name" {
description = "The name of the poolmember, for new clusters, this should be like `pm-<xxxxx>`"
type = string
}

variable "parent_zone_name" {
type = string
description = "The parent zone in which we create the delegation records"
}

variable "custom_dns_zone_id" {
type = string
default = ""
description = "if specified, then a streamnative zone will not be created, and this zone will be used instead. Otherwise, we will provision a new zone and delegate access"
}

variable "custom_dns_zone_name" {
type = string
default = ""
description = "must be passed if custom_dns_zone_id is passed, this is the zone name to use"
}

variable "s3_encryption_kms_key_arn" {
default = ""
description = "KMS key ARN to use for S3 encryption. If not set, the default AWS S3 key will be used."
type = string
}

variable "extra_aws_tags" {
default = {}
description = "Additional to apply to the resources. Note that this module sets the tags Name, Type, and Vendor by default. They can be overwritten, but it is not recommended."
type = map(string)
}

locals {
tags = merge({
"Vendor" = "StreamNative"
}, var.extra_aws_tags)
}
33 changes: 33 additions & 0 deletions modules/dns-bucket/versions.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
# Copyright 2023 StreamNative, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

terraform {
required_version = ">=1.2.0"

required_providers {
aws = {
source = "hashicorp/aws"
# NOTE! we required two different providers in this module this is because we need to create a zone in the target and then create the delegations in the source
configuration_aliases = [aws.target, aws.source]
}
}
}

provider "aws" {
alias = "target"
}

provider "aws" {
alias = "source"
}

0 comments on commit 51628ab

Please sign in to comment.