support for external-dns as addon for all three cloud providers (#247)

1. The sub-domain `$cluster_name.$external_dns_$cloud_dns_zone` for
example `*.aks-r161rc0p3-eastus-0.azure.sandbox.tetrate.io`
2. The credentials for service account are done under the `external-dns`
module itself
3. Support for all three cloud providers
4. external-dns is implemented as addon

Author: smarunich

Makefile

@@ -169,6 +169,45 @@ monitoring:  ## Deploys the TSB monitoring stack
 		cd "../.."; \
 		'
 
+.PHONY: external-dns
+external-dns: external-dns_gcp external-dns_aws external-dns_azure  ## Deploys external-dns
+external-dns_%:
+	@echo "Deploying external-dns..."
+	@$(MAKE) $*_k8s
+	@/bin/sh -c '\
+		index=0; \
+		jq -r '.$*_k8s_regions[]' terraform.tfvars.json | while read -r region; do \
+		echo "cloud=$* region=$$region cluster_id=$$index"; \
+		cd "addons/$*/external-dns"; \
+		terraform workspace new $*-$$index-$$region; \
+		terraform workspace select $*-$$index-$$region; \
+		terraform init; \
+		terraform apply ${terraform_apply_args} -var-file="../../../terraform.tfvars.json" -var=cloud=$* -var=cluster_id=$$index; \
+		terraform workspace select default; \
+		index=$$((index+1)); \
+		cd "../.."; \
+		done; \
+		'
+
+destroy_external-dns: destroy_external-dns_gcp destroy_external-dns_aws destroy_external-dns_azure ## Destroys external-dns
+destroy_external-dns_%:
+	@echo "Deploying external-dns..."
+	@$(MAKE) $*_k8s
+	@/bin/sh -c '\
+		index=0; \
+		jq -r '.$*_k8s_regions[]' terraform.tfvars.json | while read -r region; do \
+		echo "cloud=$* region=$$region cluster_id=$$index"; \
+		cd "addons/$*/external-dns"; \
+		terraform workspace new $*-$$index-$$region; \
+		terraform workspace select $*-$$index-$$region; \
+		terraform init; \
+		terraform destroy ${terraform_apply_args} -var-file="../../../terraform.tfvars.json" -var=cloud=$* -var=cluster_id=$$index; \
+		terraform workspace select default; \
+		index=$$((index+1)); \
+		cd "../.."; \
+		done; \
+		'
+
 .PHONY: destroy
 destroy: destroy_remote destroy_local
 
@@ -179,12 +218,14 @@ destroy_remote:  ## Destroy the environment
 		fqdn=`jq -r '.tsb_fqdn' terraform.tfvars.json`; \
 		address=`jq -r "if .ingress_ip.value != \"\" then .ingress_ip.value else .ingress_hostname.value end" outputs/terraform_outputs/terraform-tsb-mp.json`; \
 		cd "tsb/fqdn/$$cloud"; \
+		terraform init; \
 		terraform destroy ${terraform_apply_args} -var-file="../../../terraform.tfvars.json" -var=address=$$address -var=fqdn=$$fqdn; \
 		[ $$? -ne 0 ] && exit 1; \
 		rm -rf terraform.tfstate.d/; \
 		rm -rf terraform.tfstate; \
 		cd "../../.."; \
 		'
+	@$(MAKE) destroy_external-dns
 	@$(MAKE) destroy_gcp destroy_aws destroy_azure
 
 .PHONY: destroy_local
@@ -201,7 +242,8 @@ destroy_%:
 		echo "cloud=$* region=$$region cluster_id=$$index"; \
 		cd "infra/$*"; \
 		terraform workspace select $*-$$index-$$region; \
-		terraform destroy ${terraform_destroy_args} -var-file="../../terraform.tfvars.json" -var=$*_k8s_region=$$region -var=cluster_id=$$index; \
+		cluster_name=`terraform output cluster_name | jq . -r`; \
+		terraform destroy ${terraform_destroy_args} -var-file="../../terraform.tfvars.json" -var=$*_k8s_region=$$region -var=cluster_id=$$index -var=cluster_name=$$cluster_name; \
 		[ $$? -eq 0 ] && terraform workspace select default && terraform workspace delete ${terraform_workspace_args} $*-$$index-$$region; \
 		index=$$((index+1)); \
 		cd "../.."; \

README.md

@@ -19,8 +19,11 @@ The `Makefile` in this directory provides ability to fastforward to anypoint of
       B[make k8s] --> CC[make azure_k8s]
       B[make k8s] --> CCC[make gcp_k8s]
       C[make aws_k8s] --> D[make tsb_mp]
+      C[make aws_k8s] --> E[make external-dns_aws]
       CC[make azure_k8s] --> D[make tsb_mp]
+      CC[make azure_k8s] --> EE[make external-dns_azure]
       CCC[make gcp_k8s] --> D[make tsb_mp]
+      CCC[make gcp_k8s] --> EEE[make external-dns_gcp]
       D[make tsb_mp] --> DD[make tsb_cp]
       D[make tsb_mp] --> G[make argocd]
       D[make tsb_mp] --> H[make monitoring]
@@ -118,13 +121,14 @@ The completion of the above steps will result in:
 
 ## Deployment Scenarios
 
-[Infra Staging](./infra/README.md)<br>
-[TSB MP Fastforward](./tsb/README.md#tsb_mp)<br>
-[TSB CP Fastforward](./tsb/README.md#tsb_cp)<br>
+* [Infrastructure Staging](./infra/README.md)<br>
+* [TSB Management Plane Rollout](./tsb/README.md#tsb_mp)<br>
+* [TSB Control Plane Cluster Onboarding](./tsb/README.md#tsb_cp)<br>
 
-## Use Cases
+## Use Cases and Addons
 
-[ArgoCD GitOps](./addons/README.md#argocd)
+* [ArgoCD GitOps](./addons/README.md#argocd)
+* [external-dns](./addons/README.md#external-dns)
 
 ## Destroy
 

addons/README.md

@@ -9,7 +9,7 @@
 
 ## ArgoCD
 
-Deploy Argo CD for gitops demo
+Deploys Argo CD for gitops demo
 
 ```bash
 # Deploys Argocd on all Clusters
@@ -24,7 +24,7 @@ For details about the deployed applications, take a look at the manifests in the
 
 ## TSB monitoring stack
 
-Deploy the TSB monitoring stack to have metrics and dashboards showing the operational status
+Deploys the TSB monitoring stack to have metrics and dashboards showing the operational status
 of the different TSB components.
 
 ```bash
@@ -36,6 +36,81 @@ make monitoring
 in the `tsb-monitoring` namespace. The username is `admin` and the password can be found in the
 `outputs/terraform_outputs/terraform-monitoring.json` file (defaults to the `tsb_password` if set).
 
+## external-dns 
+
+Deploys external-dns per k8s cluster, where the DNS domain equals to `$var.cluster_name`.`$var.external_dns_$cloud_dns_zone`.
+For example, where the cluster name is `gke-r161rc1p1-us-east1-0` and `var.external_dns_gcp_dns_zone` is set to `gcp.sandbox.tetrate.io` - the DNS domain will equal to `gke-r161rc1p1-us-east1-0.gcp.sandbox.tetrate.io`, and the sample DNS record will equal to `test3.gke-r161rc1p1-us-east1-0.gcp.sandbox.tetrate.io`.
+
+### General Defaults 
+
+```hcl
+variable "external_dns_annotation_filter" {
+  default = ""
+}
+
+variable "external_dns_label_filter" {
+  default = ""
+}
+
+variable "external_dns_sources" {
+  default = "service"
+}
+
+variable "external_dns_interval" {
+  default = "5s"
+}
+```
+
+#### GCP Defaults
+
+```hcl
+variable "external_dns_gcp_dns_zone" {
+  default = "gcp.sandbox.tetrate.io"
+}
+```
+
+#### Azure Defaults
+
+```hcl
+variable "external_dns_azure_dns_zone" {
+  default = "azure.sandbox.tetrate.io"
+}
+```
+
+### Deploy
+
+Based on the cloud `external_dns_$cloud_dns_zone` variable have to be set or overwritten in `terraform.tfvars` file.
+> NOTE:  AWS does not have a default external-dns zone set.
+
+terraform.tfvars.json:
+```json
+...
+"external_dns_aws_dns_zone": "aws.sandbox.tetrate.io"
+...
+```
+
+```bash
+make external_dns
+```
+
+or per cloud, for example GCP:
+
+```bash
+make external_dns_gcp
+```
+
+### Destroy
+
+```bash
+make destroy_external_dns
+```
+
+or per cloud, for example GCP:
+
+```bash
+make destroy_external_dns_gcp
+```
+
 ### Module Overview
 
 #### module.argocd (`make argocd`)

addons/aws/external-dns/main.tf

@@ -0,0 +1,26 @@
+data "terraform_remote_state" "infra" {
+  backend = "local"
+  config = {
+    path = "../../../infra/${var.cloud}/terraform.tfstate.d/${var.cloud}-${var.cluster_id}-${local.k8s_regions[var.cluster_id]}/terraform.tfstate"
+  }
+}
+
+module "external_dns" {
+  source                     = "../../../modules/addons/aws/external-dns"
+  name_prefix                = "${var.name_prefix}-${var.cluster_id}"
+  cluster_name               = data.terraform_remote_state.infra.outputs.cluster_name
+  k8s_host                   = data.terraform_remote_state.infra.outputs.host
+  k8s_cluster_ca_certificate = data.terraform_remote_state.infra.outputs.cluster_ca_certificate
+  k8s_client_token           = data.terraform_remote_state.infra.outputs.token
+  oidc_provider_arn          = data.terraform_remote_state.infra.outputs.oidc_provider_arn
+  cluster_oidc_issuer_url    = data.terraform_remote_state.infra.outputs.cluster_oidc_issuer_url
+  vpc_id                     = data.terraform_remote_state.infra.outputs.vpc_id
+  region                     = local.k8s_regions[var.cluster_id]
+  tags                       = local.default_tags
+  dns_zone                   = var.external_dns_aws_dns_zone
+  sources                    = var.external_dns_sources
+  annotation_filter          = var.external_dns_annotation_filter
+  label_filter               = var.external_dns_label_filter
+  interval                   = var.external_dns_interval
+  output_path                = var.output_path
+}

addons/aws/external-dns/variables.tf

@@ -0,0 +1,71 @@
+variable "cloud" {
+  default = null
+}
+
+variable "cluster_id" {
+  default = null
+}
+
+variable "name_prefix" {
+  description = "name prefix"
+}
+
+variable "output_path" {
+  default = "../../../outputs"
+}
+
+variable "tsb_image_sync_username" {
+}
+
+variable "aws_k8s_regions" {
+  default = []
+}
+
+locals {
+  k8s_regions = var.aws_k8s_regions
+}
+
+variable "tetrate_owner" {
+}
+variable "tetrate_team" {
+}
+variable "tetrate_purpose" {
+  default = "demo"
+}
+variable "tetrate_lifespan" {
+  default = "oneoff"
+}
+variable "tetrate_customer" {
+  default = "internal"
+}
+
+locals {
+  default_tags = {
+       "tetrate:owner"    = coalesce(var.tetrate_owner, replace(var.tsb_image_sync_username, "/\\W+/", "-"))
+       "tetrate:team"     = var.tetrate_team
+       "tetrate:purpose"  = var.tetrate_purpose
+       "tetrate:lifespan" = var.tetrate_lifespan
+       "tetrate:customer" = var.tetrate_customer
+       "environment"      = var.name_prefix
+  }
+}
+
+variable "external_dns_annotation_filter" {
+  default = ""
+}
+
+variable "external_dns_label_filter" {
+  default = ""
+}
+
+variable "external_dns_sources" {
+  default = "service"
+}
+
+variable "external_dns_interval" {
+  default = "5s"
+}
+
+variable "external_dns_aws_dns_zone" {
+}
+

addons/azure/external-dns/main.tf

@@ -0,0 +1,34 @@
+data "terraform_remote_state" "infra" {
+  backend = "local"
+  config = {
+    path = "../../../infra/${var.cloud}/terraform.tfstate.d/${var.cloud}-${var.cluster_id}-${local.k8s_regions[var.cluster_id]}/terraform.tfstate"
+  }
+}
+
+provider "azurerm" {
+  features {}
+
+  #https://github.com/hashicorp/terraform-provider-azurerm/issues/13776
+  /* default_tags {
+    tags = local.default_tags
+  } */
+}
+
+module "external_dns" {
+  source                     = "../../../modules/addons/azure/external-dns"
+  name_prefix                = "${var.name_prefix}-${var.cluster_id}"
+  cluster_name               = data.terraform_remote_state.infra.outputs.cluster_name
+  k8s_host                   = data.terraform_remote_state.infra.outputs.host
+  k8s_cluster_ca_certificate = data.terraform_remote_state.infra.outputs.cluster_ca_certificate
+  k8s_client_token           = data.terraform_remote_state.infra.outputs.token
+  kubelet_identity           = data.terraform_remote_state.infra.outputs.kubelet_identity 
+  resource_group_name        = data.terraform_remote_state.infra.outputs.resource_group_name
+  resource_group_id          = data.terraform_remote_state.infra.outputs.resource_group_id
+  tags                       = local.default_tags
+  dns_zone                   = var.external_dns_azure_dns_zone
+  sources                    = var.external_dns_sources
+  annotation_filter          = var.external_dns_annotation_filter
+  label_filter               = var.external_dns_label_filter
+  interval                   = var.external_dns_interval
+  output_path                = var.output_path
+}