AWS EKS External DNS Terraform module

Labyrinth Labs logo

We help companies build, run, deploy and scale software and infrastructure by embracing the right technologies and principles. Check out our website at https://lablabs.io/


Terraform validation pre-commit

Description

A terraform module to deploy an ExternalDNS on Amazon EKS cluster.

Related Projects

Check out these related projects.

Examples

See Basic example for further information.

Potential issues with running terraform plan

When deploying with ArgoCD application, Kubernetes terraform provider requires access to Kubernetes cluster API during plan time. This introduces potential issue when you want to deploy the cluster with this addon at the same time, during the same Terraform run.

To overcome this issue, the module deploys the ArgoCD application object using the Helm provider, which does not require API access during plan. If you want to deploy the application using this workaround, you can set the argo_application_use_helm variable to true.

Requirements

Name Version
terraform >= 0.13
aws >= 2.0
helm >= 1.0
utils >= 0.12.0

Modules

No modules.

Resources

Name Type
aws_iam_policy.external_dns resource
aws_iam_role.external_dns resource
aws_iam_role_policy_attachment.external_dns resource
helm_release.argocd_application resource
helm_release.external_dns resource
kubernetes_manifest.self resource
aws_iam_policy_document.external_dns data source
aws_iam_policy_document.external_dns_assume data source
aws_iam_policy_document.external_dns_irsa data source
aws_region.current data source
utils_deep_merge_yaml.argo_application_values data source
utils_deep_merge_yaml.values data source

Inputs

Name Description Type Default Required
cluster_identity_oidc_issuer The OIDC Identity issuer for the cluster string n/a yes
cluster_identity_oidc_issuer_arn The OIDC Identity issuer ARN for the cluster that can be used to associate IAM roles with a service account string n/a yes
cluster_name The name of the cluster string n/a yes
argo_application_enabled If set to true, the module will be deployed as ArgoCD application, otherwise it will be deployed as a Helm release bool false no
argo_application_use_helm If set to true, the ArgoCD Application manifest will be deployed using Kubernetes provider as a Helm release. Otherwise it'll be deployed as a Kubernetes manifest. See Readme for more info bool false no
argo_application_values Value overrides to use when deploying argo application object with helm string "" no
argo_destionation_server Destination server for ArgoCD Application string "https://kubernetes.default.svc" no
argo_info ArgoCD info manifest parameter list
[
{
"name": "terraform",
"value": "true"
}
]
no
argo_namespace Namespace to deploy ArgoCD application CRD to string "argo" no
argo_project ArgoCD Application project string "default" no
argo_sync_policy ArgoCD syncPolicy manifest parameter map {} no
enabled Variable indicating whether deployment is enabled bool true no
helm_chart_name Helm chart name to be installed string "external-dns" no
helm_chart_version Version of the Helm chart string "5.4.4" no
helm_create_namespace Whether to create k8s namespace with name defined by k8s_namespace bool true no
helm_release_name Helm release name string "external-dns" no
helm_repo_url Helm repository string "https://charts.bitnami.com/bitnami" no
k8s_assume_role_arn Whether to create and use default role or assume existing role. Useful for hosted zones in another AWS account. Default (empty string) use default role. string "" no
k8s_irsa_role_create Whether to create IRSA role and annotate service account bool true no
k8s_namespace The K8s namespace in which the external-dns will be installed string "kube-system" no
k8s_rbac_create Whether to create and use RBAC resources bool true no
k8s_service_account_create Whether to create Service Account bool true no
k8s_service_account_name The k8s external-dns service account name string "external-dns" no
policy_allowed_zone_ids List of the Route53 zone ids for service account IAM role access list(string)
[
"*"
]
no
settings Additional settings which will be passed to the Helm chart values, see https://hub.helm.sh/charts/bitnami/external-dns map(any) {} no
values Additional yaml encoded values which will be passed to the Helm chart, see https://hub.helm.sh/charts/bitnami/external-dns string "" no

Outputs

No outputs.

Contributing and reporting issues

Feel free to create an issue in this repository if you have questions, suggestions or feature requests.

Validation, linters and pull-requests

We want to provide high quality code and modules. For this reason we are using several pre-commit hooks and GitHub Actions workflow. A pull-request to the master branch will trigger these validations and lints automatically. Please check your code before you will create pull-requests. See pre-commit documentation and GitHub Actions documentation for further details.

License

License

See LICENSE for full details.

Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements.  See the NOTICE file
distributed with this work for additional information
regarding copyright ownership.  The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License.  You may obtain a copy of the License at

  https://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied.  See the License for the
specific language governing permissions and limitations
under the License.