add DNS code

.werft/installer-tests.ts

@@ -214,7 +214,7 @@ const INFRA_PHASES: { [name: string]: InfraConfig } = {
     },
     DESTROY: {
         phase: "destroy",
-        makeTarget: "cleanup",
+        makeTarget: `cleanup cloud=${cloud}`,
         description: "Destroy the created infrastucture",
     },
     RESULTS: {
@@ -279,7 +279,10 @@ function cleanup() {
     const phase = "destroy-infrastructure";
     werft.phase(phase, "Destroying all the created resources");
 
-    const response = exec(`make -C ${makefilePath} cleanup`, { slice: "run-terrafrom-destroy", dontCheckRc: true });
+    const response = exec(`make -C ${makefilePath} cleanup cloud=${cloud}`, {
+        slice: "run-terrafrom-destroy",
+        dontCheckRc: true,
+    });
 
     // if the destroy command fail, we check if any resources are pending to be removed
     // if nothing is yet to be cleaned, we return with success

install/infra/terraform/aks/output.tf

@@ -36,14 +36,32 @@ output "external_dns_secrets" {
 }
 
 output "external_dns_settings" {
-  value = {
-    provider                            = "azure"
-    "azure.resourceGroup"               = azurerm_resource_group.gitpod.name
-    "azure.subscriptionId"              = data.azurerm_client_config.current.subscription_id
-    "azure.tenantId"                    = data.azurerm_client_config.current.tenant_id
-    "azure.useManagedIdentityExtension" = true
-    "azure.userAssignedIdentityID"      = azurerm_kubernetes_cluster.k8s.kubelet_identity.0.client_id
-  }
+  value = [
+    {
+      "name": "provider",
+      "value": "azure"
+    },
+    {
+      "name": "azure.resourceGroup",
+      "value": azurerm_resource_group.gitpod.name,
+    },
+    {
+      "name": "azure.subscriptionId",
+      "value": data.azurerm_client_config.current.subscription_id,
+    },
+    {
+      "name": "azure.tenantId",
+      "value": data.azurerm_client_config.current.tenant_id,
+    },
+    {
+      "name": "azure.useManagedIdentityExtension",
+      "value": true
+    },
+    {
+      "name": "azure.userAssignedIdentityID",
+      "value": azurerm_kubernetes_cluster.k8s.kubelet_identity.0.client_id
+    },
+  ]
 }
 
 output "k8s_connection" {

install/infra/terraform/eks/dns.tf

@@ -0,0 +1,76 @@
+variable "domain_name" {}
+variable "cluster_name" {}
+
+terraform {
+  required_providers {
+    aws = {
+        version = " ~> 3.0"
+        source = "registry.terraform.io/hashicorp/aws"
+    }
+  }
+}
+
+provider "aws" {
+  region  = "eu-west-1"
+}
+
+resource "aws_route53_zone" "gitpod" {
+  name = var.domain_name
+
+  tags = {
+    Environment = "test"
+  }
+}
+
+resource "aws_iam_policy" "gitpod" {
+  name = "role-${var.cluster_name}"
+
+  # Terraform's "jsonencode" function converts a
+  # Terraform expression result to valid JSON syntax.
+  policy = jsonencode({
+    Version = "2012-10-17",
+    Statement = [
+        {
+            Effect = "Allow",
+            Action = [
+                "route53:ChangeResourceRecordSets"
+            ],
+            Resource = [
+                "arn:aws:route53:::hostedzone/*"
+            ]
+        },
+        {
+            Effect = "Allow",
+            Action = [
+                "route53:ListHostedZones",
+                "route53:ListResourceRecordSets"
+            ],
+            Resource = [ "*" ]
+        }
+    ],
+  })
+}
+
+resource "aws_iam_role" "gitpod" {
+  name = "iam-route53-${var.cluster_name}"
+
+  assume_role_policy = <<POLICY
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Principal": {
+        "Service": "ec2.amazonaws.com"
+      },
+      "Action": "sts:AssumeRole"
+    }
+  ]
+}
+POLICY
+}
+
+resource "aws_iam_role_policy_attachment" "route53" {
+  policy_arn = resource.aws_iam_policy.gitpod.arn
+  role       = aws_iam_role.gitpod.name
+}