FACT-1485 All external-dns resources deploy with a random suffix so that it can be deployed more than once per zone (allows us to utilize annotation filters)

jake-dhcs · jake-dhcs · commit 77d73db0eec5 · 2022-09-26T17:22:10.000-04:00
diff --git a/.gitignore b/.gitignore
@@ -2,6 +2,7 @@
 *.tfstate*
 *.auto.tfvars
 .terraform
+.terraform.lock.hcl
 .terraform/*
 terraform.tfvars
 terraform.tfvars.example
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -1,8 +1,8 @@
 repos:
-- repo: git://github.com/antonbabenko/pre-commit-terraform
-  rev: v1.43.0
-  hooks:
-    - id: terraform_fmt
-    - id: terraform_docs
-    - id: terraform_validate
-    - id: terraform_tflint
+  - repo: git://github.com/antonbabenko/pre-commit-terraform
+    rev: v1.48.0
+    hooks:
+      - id: terraform_fmt
+      - id: terraform_docs
+      - id: terraform_validate
+      - id: terraform_tflint
diff --git a/.terraform.lock.hcl b/.terraform.lock.hcl
diff --git a/iam.tf b/iam.tf
@@ -1,3 +1,4 @@
+
 data "aws_caller_identity" "current" {}
 
 data "aws_iam_policy_document" "eks_assume_role" {
@@ -12,7 +13,7 @@ data "aws_iam_policy_document" "eks_assume_role" {
 }
 
 resource "aws_iam_role" "external_dns" {
-  name        = "eks-aws-eks-istio-external-dns-viewer-${lower(var.hosted_zone_id)}"
+  name        = local.iam_name
   description = "Permissions required by the Kubernetes AWS EKS External Name controller to do it's job."
   path        = "/"
 
@@ -38,7 +39,7 @@ data "aws_iam_policy_document" "external_dns" {
 }
 
 resource "aws_iam_policy" "external_dns" {
-  name        = "eks-aws-eks-istio-external-dns-viewer-${lower(var.hosted_zone_id)}"
+  name        = local.iam_name
   description = "Allows access to resources needed to run external dns."
   policy      = data.aws_iam_policy_document.external_dns.json
 }
diff --git a/main.tf b/main.tf
@@ -1,27 +1,35 @@
 locals {
   external_dns_docker_image = "k8s.gcr.io/external-dns/external-dns:v${var.external_dns_version}"
   external_dns_version      = var.external_dns_version
+
+  default_name = "aws-eks-istio-external-dns-${lower(var.hosted_zone_id)}-${random_string.suffix.result}"
+
+  iam_name = "eks-istio-external-dns-${lower(var.hosted_zone_id)}-${random_string.suffix.result}"
 }
 
+resource "random_string" "suffix" {
+  length  = 8
+  special = false
+}
 
 resource "kubernetes_service_account" "this" {
   automount_service_account_token = true
   metadata {
-    name      = "aws-eks-istio-external-dns-${lower(var.hosted_zone_id)}"
+    name      = local.default_name
     namespace = var.k8s_namespace
     labels = {
-      "app.kubernetes.io/name"       = "aws-eks-istio-external-dns-${lower(var.hosted_zone_id)}"
+      "app.kubernetes.io/name"       = local.default_name
       "app.kubernetes.io/managed-by" = "terraform"
     }
   }
 }
 
 resource "kubernetes_cluster_role" "this" {
   metadata {
-    name = "aws-eks-istio-external-dns-${lower(var.hosted_zone_id)}"
+    name = local.default_name
 
     labels = {
-      "app.kubernetes.io/name"       = "aws-eks-istio-external-dns-${lower(var.hosted_zone_id)}"
+      "app.kubernetes.io/name"       = local.default_name
       "app.kubernetes.io/managed-by" = "terraform"
     }
   }
@@ -150,11 +158,11 @@ resource "kubernetes_deployment" "this" {
   depends_on = [kubernetes_cluster_role_binding.this]
 
   metadata {
-    name      = "aws-eks-istio-external-dns-${lower(var.hosted_zone_id)}"
+    name      = local.default_name
     namespace = var.k8s_namespace
 
     labels = {
-      "app.kubernetes.io/name"       = "aws-eks-istio-external-dns-${lower(var.hosted_zone_id)}"
+      "app.kubernetes.io/name"       = local.default_name
       "app.kubernetes.io/version"    = "v${local.external_dns_version}"
       "app.kubernetes.io/managed-by" = "terraform"
     }
@@ -170,7 +178,7 @@ resource "kubernetes_deployment" "this" {
 
     selector {
       match_labels = {
-        "app.kubernetes.io/name" = "aws-eks-istio-external-dns-${lower(var.hosted_zone_id)}"
+        "app.kubernetes.io/name" = local.default_name
       }
     }
 
@@ -182,7 +190,7 @@ resource "kubernetes_deployment" "this" {
       metadata {
         labels = merge(
           {
-            "app.kubernetes.io/name"    = "aws-eks-istio-external-dns-${lower(var.hosted_zone_id)}"
+            "app.kubernetes.io/name"    = local.default_name
             "app.kubernetes.io/version" = local.external_dns_version
           },
           var.k8s_pod_labels
@@ -199,7 +207,7 @@ resource "kubernetes_deployment" "this" {
                   match_expressions {
                     key      = "app.kubernetes.io/name"
                     operator = "In"
-                    values   = ["aws-eks-istio-external-dns-${lower(var.hosted_zone_id)}"]
+                    values   = [local.default_name]
                   }
                 }
                 topology_key = "kubernetes.io/hostname"

Original file line number	Diff line number	Diff line change
`@@ -1,3 +1,4 @@`
	`1`	`+`
`1`	`2`	`data "aws_caller_identity" "current" {}`
`2`	`3`
`3`	`4`	`data "aws_iam_policy_document" "eks_assume_role" {`
`@@ -12,7 +13,7 @@ data "aws_iam_policy_document" "eks_assume_role" {`
`12`	`13`	`}`
`13`	`14`
`14`	`15`	`resource "aws_iam_role" "external_dns" {`
`15`		`- name = "eks-aws-eks-istio-external-dns-viewer-${lower(var.hosted_zone_id)}"`
	`16`	`+ name = local.iam_name`
`16`	`17`	`description = "Permissions required by the Kubernetes AWS EKS External Name controller to do it's job."`
`17`	`18`	`path = "/"`
`18`	`19`
`@@ -38,7 +39,7 @@ data "aws_iam_policy_document" "external_dns" {`
`38`	`39`	`}`
`39`	`40`
`40`	`41`	`resource "aws_iam_policy" "external_dns" {`
`41`		`- name = "eks-aws-eks-istio-external-dns-viewer-${lower(var.hosted_zone_id)}"`
	`42`	`+ name = local.iam_name`
`42`	`43`	`description = "Allows access to resources needed to run external dns."`
`43`	`44`	`policy = data.aws_iam_policy_document.external_dns.json`
`44`	`45`	`}`