Skip to content

Commit

Permalink
Merge pull request #1988 from apichick/dns-geo-health-checked-targets
Browse files Browse the repository at this point in the history
Added health checked targets for geo routing policy in dns module
  • Loading branch information
apichick authored Jan 18, 2024
2 parents efbd5eb + 4bf394a commit 4a12a33
Show file tree
Hide file tree
Showing 4 changed files with 111 additions and 10 deletions.
35 changes: 29 additions & 6 deletions modules/dns/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -66,7 +66,7 @@ module "private-dns" {
# tftest modules=1 resources=1 inventory=peering-zone.yaml
```

### Routing Policies
### Routing Policies

```hcl
module "private-dns" {
Expand All @@ -81,14 +81,37 @@ module "private-dns" {
}
recordsets = {
"A regular" = { records = ["10.20.0.1"] }
"A geo" = {
"A geo1" = {
geo_routing = [
{ location = "europe-west1", records = ["10.0.0.1"] },
{ location = "europe-west2", records = ["10.0.0.2"] },
{ location = "europe-west3", records = ["10.0.0.3"] }
]
}
"A geo2" = {
geo_routing = [
{ location = "europe-west1", health_checked_targets = [
{
load_balancer_type = "globalL7ilb",
ip_address = "gil7-forwarding-rule-a",
port = "80",
ip_protocol = "tcp",
network_url = var.vpc.self_link
project = var.project_id
}
] },
{ location = "europe-west2", health_checked_targets = [
{
load_balancer_type = "globalL7ilb",
ip_address = "gil7-forwarding-rule-b",
port = "80",
ip_protocol = "tcp",
network_url = var.vpc.self_link
project = var.project_id
}
] },
]
}
"A wrr" = {
ttl = 600
wrr_routing = [
Expand All @@ -99,7 +122,7 @@ module "private-dns" {
}
}
}
# tftest modules=1 resources=4 inventory=routing-policies.yaml e2e
# tftest modules=1 resources=5 inventory=routing-policies.yaml e2e
```

### Reverse Lookup Zone
Expand Down Expand Up @@ -148,8 +171,8 @@ module "public-dns" {
| [project_id](variables.tf#L34) | Project id for the zone. | <code>string</code> || |
| [description](variables.tf#L17) | Domain description. | <code>string</code> | | <code>&#34;Terraform managed.&#34;</code> |
| [iam](variables.tf#L23) | IAM bindings in {ROLE => [MEMBERS]} format. | <code>map&#40;list&#40;string&#41;&#41;</code> | | <code>null</code> |
| [recordsets](variables.tf#L39) | Map of DNS recordsets in \"type name\" => {ttl, [records]} format. | <code title="map&#40;object&#40;&#123;&#10; ttl &#61; optional&#40;number, 300&#41;&#10; records &#61; optional&#40;list&#40;string&#41;&#41;&#10; geo_routing &#61; optional&#40;list&#40;object&#40;&#123;&#10; location &#61; string&#10; records &#61; list&#40;string&#41;&#10; &#125;&#41;&#41;&#41;&#10; wrr_routing &#61; optional&#40;list&#40;object&#40;&#123;&#10; weight &#61; number&#10; records &#61; list&#40;string&#41;&#10; &#125;&#41;&#41;&#41;&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | | <code>&#123;&#125;</code> |
| [zone_config](variables.tf#L74) | DNS zone configuration. | <code title="object&#40;&#123;&#10; domain &#61; string&#10; forwarding &#61; optional&#40;object&#40;&#123;&#10; forwarders &#61; optional&#40;map&#40;string&#41;&#41;&#10; client_networks &#61; list&#40;string&#41;&#10; &#125;&#41;&#41;&#10; peering &#61; optional&#40;object&#40;&#123;&#10; client_networks &#61; list&#40;string&#41;&#10; peer_network &#61; string&#10; &#125;&#41;&#41;&#10; public &#61; optional&#40;object&#40;&#123;&#10; dnssec_config &#61; optional&#40;object&#40;&#123;&#10; non_existence &#61; optional&#40;string, &#34;nsec3&#34;&#41;&#10; state &#61; string&#10; key_signing_key &#61; optional&#40;object&#40;&#10; &#123; algorithm &#61; string, key_length &#61; number &#125;&#41;,&#10; &#123; algorithm &#61; &#34;rsasha256&#34;, key_length &#61; 2048 &#125;&#10; &#41;&#10; zone_signing_key &#61; optional&#40;object&#40;&#10; &#123; algorithm &#61; string, key_length &#61; number &#125;&#41;,&#10; &#123; algorithm &#61; &#34;rsasha256&#34;, key_length &#61; 1024 &#125;&#10; &#41;&#10; &#125;&#41;&#41;&#10; enable_logging &#61; optional&#40;bool, false&#41;&#10; &#125;&#41;&#41;&#10; private &#61; optional&#40;object&#40;&#123;&#10; client_networks &#61; list&#40;string&#41;&#10; service_directory_namespace &#61; optional&#40;string&#41;&#10; &#125;&#41;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> |
| [recordsets](variables.tf#L39) | Map of DNS recordsets in \"type name\" => {ttl, [records]} format. | <code title="map&#40;object&#40;&#123;&#10; ttl &#61; optional&#40;number, 300&#41;&#10; records &#61; optional&#40;list&#40;string&#41;&#41;&#10; geo_routing &#61; optional&#40;list&#40;object&#40;&#123;&#10; location &#61; string&#10; records &#61; optional&#40;list&#40;string&#41;&#41;&#10; health_checked_targets &#61; optional&#40;list&#40;object&#40;&#123;&#10; load_balancer_type &#61; string&#10; ip_address &#61; string&#10; port &#61; string&#10; ip_protocol &#61; string&#10; network_url &#61; string&#10; project &#61; string&#10; region &#61; optional&#40;string&#41;&#10; &#125;&#41;&#41;&#41;&#10; &#125;&#41;&#41;&#41;&#10; wrr_routing &#61; optional&#40;list&#40;object&#40;&#123;&#10; weight &#61; number&#10; records &#61; list&#40;string&#41;&#10; &#125;&#41;&#41;&#41;&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | | <code>&#123;&#125;</code> |
| [zone_config](variables.tf#L83) | DNS zone configuration. | <code title="object&#40;&#123;&#10; domain &#61; string&#10; forwarding &#61; optional&#40;object&#40;&#123;&#10; forwarders &#61; optional&#40;map&#40;string&#41;&#41;&#10; client_networks &#61; list&#40;string&#41;&#10; &#125;&#41;&#41;&#10; peering &#61; optional&#40;object&#40;&#123;&#10; client_networks &#61; list&#40;string&#41;&#10; peer_network &#61; string&#10; &#125;&#41;&#41;&#10; public &#61; optional&#40;object&#40;&#123;&#10; dnssec_config &#61; optional&#40;object&#40;&#123;&#10; non_existence &#61; optional&#40;string, &#34;nsec3&#34;&#41;&#10; state &#61; string&#10; key_signing_key &#61; optional&#40;object&#40;&#10; &#123; algorithm &#61; string, key_length &#61; number &#125;&#41;,&#10; &#123; algorithm &#61; &#34;rsasha256&#34;, key_length &#61; 2048 &#125;&#10; &#41;&#10; zone_signing_key &#61; optional&#40;object&#40;&#10; &#123; algorithm &#61; string, key_length &#61; number &#125;&#41;,&#10; &#123; algorithm &#61; &#34;rsasha256&#34;, key_length &#61; 1024 &#125;&#10; &#41;&#10; &#125;&#41;&#41;&#10; enable_logging &#61; optional&#40;bool, false&#41;&#10; &#125;&#41;&#41;&#10; private &#61; optional&#40;object&#40;&#123;&#10; client_networks &#61; list&#40;string&#41;&#10; service_directory_namespace &#61; optional&#40;string&#41;&#10; &#125;&#41;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> |

## Outputs

Expand Down
17 changes: 17 additions & 0 deletions modules/dns/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -180,6 +180,23 @@ resource "google_dns_record_set" "dns_record_set" {
content {
location = geo.value.location
rrdatas = geo.value.records
dynamic "health_checked_targets" {
for_each = try(geo.value.health_checked_targets, null) == null ? [] : [""]
content {
dynamic "internal_load_balancers" {
for_each = geo.value.health_checked_targets
content {
load_balancer_type = internal_load_balancers.value.load_balancer_type
ip_address = internal_load_balancers.value.ip_address
port = internal_load_balancers.value.port
ip_protocol = internal_load_balancers.value.ip_protocol
network_url = internal_load_balancers.value.network_url
project = internal_load_balancers.value.project
region = internal_load_balancers.value.region
}
}
}
}
}
}
dynamic "wrr" {
Expand Down
11 changes: 10 additions & 1 deletion modules/dns/variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -43,7 +43,16 @@ variable "recordsets" {
records = optional(list(string))
geo_routing = optional(list(object({
location = string
records = list(string)
records = optional(list(string))
health_checked_targets = optional(list(object({
load_balancer_type = string
ip_address = string
port = string
ip_protocol = string
network_url = string
project = string
region = optional(string)
})))
})))
wrr_routing = optional(list(object({
weight = number
Expand Down
58 changes: 55 additions & 3 deletions tests/modules/dns/examples/routing-policies.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -14,12 +14,28 @@

values:
module.private-dns.google_dns_managed_zone.dns_managed_zone[0]:
cloud_logging_config:
- enable_logging: false
description: Terraform managed.
dns_name: test.example.
dnssec_config: []
force_destroy: false
forwarding_config: []
labels: null
name: test-example
peering_config: []
private_visibility_config:
- gke_clusters: []
networks:
- network_url: projects/xxx/global/networks/aaa
project: project-id
module.private-dns.google_dns_record_set.dns_record_set["A geo"]:
reverse_lookup: false
service_directory_config: []
timeouts: null
visibility: private
module.private-dns.google_dns_record_set.dns_record_set["A geo1"]:
managed_zone: test-example
name: geo.test.example.
name: geo1.test.example.
project: project-id
routing_policy:
- enable_geo_fencing: null
Expand All @@ -41,6 +57,40 @@ values:
rrdatas: null
ttl: 300
type: A
module.private-dns.google_dns_record_set.dns_record_set["A geo2"]:
managed_zone: test-example
name: geo2.test.example.
project: project-id
routing_policy:
- enable_geo_fencing: null
geo:
- health_checked_targets:
- internal_load_balancers:
- ip_address: gil7-forwarding-rule-a
ip_protocol: tcp
load_balancer_type: globalL7ilb
network_url: projects/xxx/global/networks/aaa
port: '80'
project: project-id
region: null
location: europe-west1
rrdatas: null
- health_checked_targets:
- internal_load_balancers:
- ip_address: gil7-forwarding-rule-b
ip_protocol: tcp
load_balancer_type: globalL7ilb
network_url: projects/xxx/global/networks/aaa
port: '80'
project: project-id
region: null
location: europe-west2
rrdatas: null
primary_backup: []
wrr: []
rrdatas: null
ttl: 300
type: A
module.private-dns.google_dns_record_set.dns_record_set["A regular"]:
managed_zone: test-example
name: regular.test.example.
Expand Down Expand Up @@ -77,4 +127,6 @@ values:

counts:
google_dns_managed_zone: 1
google_dns_record_set: 3
google_dns_record_set: 4
modules: 1
resources: 5

0 comments on commit 4a12a33

Please sign in to comment.