amazon-web-servicesterraformamazon-eksexternal-dns

external dns configuration for multiple env

How Can I setup a terraform external-dns config for multiple environments (dev/staging/pre-prod)

module "eks-external-dns" {
  source  = "lablabs/eks-external-dns/aws"
  version = "1.0.0"

  namespace = "kube-system"
  cluster_identity_oidc_issuer = module.eks.cluster_oidc_issuer_url
  cluster_identity_oidc_issuer_arn =  module.eks.oidc_provider_arn

  settings = {
    "policy" = "sync" 
    "source"= "service"
    "source"= "ingress"
    "log-level"= "verbose"
    "log-format"= "text"
    "interval"= "1m"
    "provider" = "aws"
    "aws-zone-type" = "public"
    "registry" = "txt"
    "txt-owner-id" = "XXXXXXXXXXXXXX"
  }

}

---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  annotations:
    alb.ingress.kubernetes.io/healthcheck-interval-seconds: "15"
    alb.ingress.kubernetes.io/healthcheck-path: /health
    alb.ingress.kubernetes.io/healthcheck-port: traffic-port
    alb.ingress.kubernetes.io/healthcheck-protocol: HTTP
    alb.ingress.kubernetes.io/healthcheck-timeout-seconds: "5"
    alb.ingress.kubernetes.io/healthy-threshold-count: "3"
    alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS":443}]'
    alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_301"}}'
    alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:eu-west-1:xxx:certificate/aaaa-bbb-ccc-dd-ffff
    alb.ingress.kubernetes.io/scheme: internet-facing
    alb.ingress.kubernetes.io/success-codes: "200"
    alb.ingress.kubernetes.io/tags: createdBy=aws-controller
    alb.ingress.kubernetes.io/target-type: ip
    alb.ingress.kubernetes.io/unhealthy-threshold-count: "3"
    external-dns.alpha.kubernetes.io/hostname: keycloak-ingress-controller
    kubernetes.io/ingress.class: alb
    alb.ingress.kubernetes.io/load-balancer-name: acme-lb
    alb.ingress.kubernetes.io/group.name: acme-group
  name: keycloak-ingress-controller
spec:
  rules:
    - host: dev.keycloak.acme.com
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: keycloak
                port:
                  number: 8080

In my current situation, only my x.domain is processed by external-dns
I want to be able to let it work with urls like dev.myapp.example.com staging.myapp.example.com ...

Solution

  • I have resolved it by using helm values directly instead of settings.

    module "eks-external-dns" {
  source  = "lablabs/eks-external-dns/aws"
  version = "1.0.0"
  # insert the 2 required variables here
  namespace = "kube-system"
  cluster_identity_oidc_issuer = module.eks.cluster_oidc_issuer_url
  cluster_identity_oidc_issuer_arn =  module.eks.oidc_provider_arn

  values = yamlencode({
    "sources" : ["service", "ingress"]
    "logLevel" : "debug"
    "provider" : "aws"
    "registry" : "txt"
    "txtOwnerId" : "xxxx"
    "txtPrefix" : "external-dns"
    "policy" : "sync"
    "domainFilters" : [
      "acme.com"
    ]
    "publishInternalServices" : "true"
    "triggerLoopOnEvent" : "true"
    "interval" : "15s"
    "podLabels" : {
      "app" : "aws-external-dns-helm"
    }
  })
}