Merge branch 'main' of https://github.com/polyseam/cndi

polyseam · Jan 18, 2024 · 663d025 · 663d025
2 parents a43cbf9 + 2caac65
commit 663d025
Show file tree

Hide file tree

Showing 8 changed files with 173 additions and 24 deletions.
diff --git a/src/actions/overwrite.ts b/src/actions/overwrite.ts
@@ -29,6 +29,8 @@ import getEKSIngressTcpServicesConfigMapManifestPublic from "../outputs/custom-p
 import getEKSIngressServiceManifestPrivate from "../outputs/custom-port-manifests/managed/ingress-service-private.ts";
 import getEKSIngressTcpServicesConfigMapManifestPrivate from "../outputs/custom-port-manifests/managed/ingress-tcp-services-configmap-private.ts";
 
+import getExternalDNSManifest from "../outputs/core-applications/external-dns.application.yaml.ts";
+
 import stageTerraformResourcesForConfig from "src/outputs/terraform/stageTerraformResourcesForConfig.ts";
 
 import {
@@ -257,6 +259,25 @@ export const overwriteAction = async (options: OverwriteActionArgs) => {
     );
   }
 
+  const skipExternalDNS =
+    config?.infrastructure?.cndi?.external_dns?.enabled === false;
+
+  if (!skipExternalDNS) {
+    await stageFile(
+      path.join(
+        "cndi",
+        "cluster_manifests",
+        "applications",
+        "external-dns.application.yaml",
+      ),
+      getExternalDNSManifest(config),
+    );
+    console.log(
+      ccolors.success("staged application manifest:"),
+      ccolors.key_name("external-dns.application.yaml"),
+    );
+  }
+
   const { applications } = config;
 
   // write the `cndi/cluster_manifests/applications/${applicationName}.application.yaml` file for each application

diff --git a/src/constants.ts b/src/constants.ts
@@ -5,6 +5,7 @@ const DEFAULT_K8S_VERSION = "1.28";
 const ARGOCD_VERSION = "2.7.12";
 const RELOADER_VERSION = "1.0.52";
 const LARSTOBI_MULTIPASS_PROVIDER_VERSION = "1.4.2";
+const EXTERNAL_DNS_VERSION = "6.29.1";
 
 const POLYSEAM_TEMPLATE_DIRECTORY =
   "https://raw.githubusercontent.com/polyseam/cndi/main/templates/";
@@ -52,6 +53,7 @@ export {
   DEFAULT_NODE_DISK_SIZE_MANAGED,
   DEFAULT_NODE_DISK_SIZE_UNMANAGED,
   DEFAULT_OPEN_PORTS,
+  EXTERNAL_DNS_VERSION,
   KUBESEAL_VERSION,
   LARSTOBI_MULTIPASS_PROVIDER_VERSION,
   MANAGED_NODE_KINDS,

diff --git a/src/outputs/cndi-run-workflow.ts b/src/outputs/cndi-run-workflow.ts
@@ -60,6 +60,8 @@ const cndiWorkflowObj = {
         {
           name: "cndi run",
           env: {
+            ARM_REGION: "${{ vars.ARM_REGION }}",
+            AWS_REGION: "${{ vars.AWS_REGION }}",
             GIT_USERNAME: "${{ secrets.GIT_USERNAME }}",
             GIT_TOKEN: "${{ secrets.GIT_TOKEN }}",
             GIT_SSH_PRIVATE_KEY: "${{ secrets.GIT_SSH_PRIVATE_KEY }}",
@@ -73,9 +75,7 @@ const cndiWorkflowObj = {
             ARGOCD_ADMIN_PASSWORD: "${{ secrets.ARGOCD_ADMIN_PASSWORD }}",
             AWS_ACCESS_KEY_ID: "${{ secrets.AWS_ACCESS_KEY_ID }}",
             AWS_SECRET_ACCESS_KEY: "${{ secrets.AWS_SECRET_ACCESS_KEY }}",
-            AWS_REGION: "${{ secrets.AWS_REGION }}",
             GOOGLE_CREDENTIALS: "${{ secrets.GOOGLE_CREDENTIALS }}",
-            ARM_REGION: "${{ secrets.ARM_REGION }}",
             ARM_SUBSCRIPTION_ID: "${{ secrets.ARM_SUBSCRIPTION_ID }}",
             ARM_TENANT_ID: "${{ secrets.ARM_TENANT_ID }}",
             ARM_CLIENT_ID: "${{ secrets.ARM_CLIENT_ID }}",
@@ -166,6 +166,8 @@ const getWorkflowYaml = (sourceRef?: string) => {
       name: "cndi run",
       run: "$HOME/.cndi/bin/cndi run",
       env: {
+        ARM_REGION: "${{ vars.ARM_REGION }}",
+        AWS_REGION: "${{ vars.AWS_REGION }}",
         GIT_USERNAME: "${{ secrets.GIT_USERNAME }}",
         GIT_TOKEN: "${{ secrets.GIT_TOKEN }}",
         GIT_SSH_PRIVATE_KEY: "${{ secrets.GIT_SSH_PRIVATE_KEY }}",
@@ -176,9 +178,7 @@ const getWorkflowYaml = (sourceRef?: string) => {
         ARGOCD_ADMIN_PASSWORD: "${{ secrets.ARGOCD_ADMIN_PASSWORD }}",
         AWS_ACCESS_KEY_ID: "${{ secrets.AWS_ACCESS_KEY_ID }}",
         AWS_SECRET_ACCESS_KEY: "${{ secrets.AWS_SECRET_ACCESS_KEY }}",
-        AWS_REGION: "${{ secrets.AWS_REGION }}",
         GOOGLE_CREDENTIALS: "${{ secrets.GOOGLE_CREDENTIALS }}",
-        ARM_REGION: "${{ secrets.ARM_REGION }}",
         ARM_SUBSCRIPTION_ID: "${{ secrets.ARM_SUBSCRIPTION_ID }}",
         ARM_TENANT_ID: "${{ secrets.ARM_TENANT_ID }}",
         ARM_CLIENT_ID: "${{ secrets.ARM_CLIENT_ID }}",

diff --git a/src/outputs/core-applications/external-dns.application.yaml.ts b/src/outputs/core-applications/external-dns.application.yaml.ts
@@ -0,0 +1,111 @@
+import { getYAMLString } from "src/utils.ts";
+import { CNDIConfig } from "src/types.ts";
+import type { CNDIProvider, ExternalDNSProvider } from "src/types.ts";
+import { EXTERNAL_DNS_VERSION } from "consts";
+
+const DEFAULT_DESTINATION_SERVER = "https://kubernetes.default.svc";
+const DEFAULT_ARGOCD_API_VERSION = "argoproj.io/v1alpha1";
+const DEFAULT_HELM_VERSION = "v3";
+const DEFAULT_PROJECT = "default";
+const DEFAULT_FINALIZERS = ["resources-finalizer.argocd.argoproj.io"];
+
+const getDefaultExternalDNSProviderForCNDIProvider = (
+  cndiProvider: CNDIProvider,
+): ExternalDNSProvider => {
+  if (cndiProvider === "gcp") return "google";
+  if (cndiProvider === "dev") return "aws";
+  return cndiProvider;
+};
+
+export default function getExternalDNSApplicationManifest(
+  cndi_config: CNDIConfig,
+): string {
+  const releaseName = "external-dns";
+  const cndiProvider = cndi_config.provider;
+
+  const domain_filters =
+    cndi_config?.infrastructure?.cndi?.external_dns?.domain_filters || [];
+
+  const externalDNSProvider = // aws
+    cndi_config?.infrastructure?.cndi?.external_dns?.provider ||
+    getDefaultExternalDNSProviderForCNDIProvider(cndiProvider);
+
+  const externalDNSCannotUseEnvVars = [
+    "alibaba",
+    "azure",
+    "azure-private-dns",
+    "transip",
+    "oci",
+  ];
+
+  type ExternalDNSValues = {
+    provider: ExternalDNSProvider;
+    domainFilters: Array<string>;
+    [key: string]: unknown;
+    extraEnvVarsSecret?: string;
+  };
+
+  const values: ExternalDNSValues = {
+    ...cndi_config?.infrastructure?.cndi?.external_dns?.values,
+    provider: externalDNSProvider,
+    domainFilters: domain_filters,
+  };
+
+  if (externalDNSCannotUseEnvVars.includes(externalDNSProvider)) {
+    // this dns provider uses another method for authentication, probably volume mounts
+    values[externalDNSProvider] = {
+      secretName: "external-dns",
+    };
+  } else {
+    values.extraEnvVarsSecret = "external-dns";
+  }
+
+  const manifest = {
+    apiVersion: DEFAULT_ARGOCD_API_VERSION,
+    kind: "Application",
+    metadata: {
+      name: releaseName,
+      finalizers: DEFAULT_FINALIZERS,
+      labels: { name: releaseName },
+    },
+    spec: {
+      project: DEFAULT_PROJECT,
+      source: {
+        repoURL: "https://charts.bitnami.com/bitnami",
+        chart: "external-dns",
+        helm: {
+          version: DEFAULT_HELM_VERSION,
+          values: getYAMLString(values),
+        },
+        targetRevision: EXTERNAL_DNS_VERSION,
+      },
+      destination: {
+        server: DEFAULT_DESTINATION_SERVER,
+        namespace: "external-dns",
+      },
+      syncPolicy: {
+        automated: {
+          prune: true,
+          selfHeal: true,
+          allowEmpty: false,
+        },
+        syncOptions: [
+          "Validate=false",
+          "CreateNamespace=true",
+          "PrunePropagationPolicy=foreground",
+          "PruneLast=false",
+        ],
+        retry: {
+          limit: 10,
+          backoff: {
+            duration: "5s",
+            factor: 2,
+            maxDuration: "4m",
+          },
+        },
+      },
+    },
+  };
+
+  return getYAMLString(manifest);
+}
diff --git a/src/outputs/terraform/aws/AWSEKSStack.ts b/src/outputs/terraform/aws/AWSEKSStack.ts
@@ -1215,19 +1215,12 @@ export default class AWSEKSTerraformStack extends AWSCoreTerraformStack {
     );
 
     new TerraformOutput(this, "public_host", {
-      value: Fn.replace(
-        cndiNlb.dnsName,
-        this.locals.aws_region.asString,
-        Fn.upper(this.locals.aws_region.asString),
-      ),
+      value: cndiNlb.dnsName,
     });
 
     new TerraformOutput(this, "resource_group_url", {
-      value: `https://${
-        Fn.upper(
-          this.locals.aws_region.asString,
-        )
-      }.console.aws.amazon.com/resource-groups/group/cndi-rg_${project_name}`,
+      value:
+        `https://${this.locals.aws_region.asString}.console.aws.amazon.com/resource-groups/group/cndi-rg_${project_name}`,
     });
   }
 }

diff --git a/src/outputs/terraform/aws/AWSMicrok8sStack.ts b/src/outputs/terraform/aws/AWSMicrok8sStack.ts
@@ -321,17 +321,12 @@ export class AWSMicrok8sStack extends AWSCoreTerraformStack {
     }
 
     new TerraformOutput(this, "public_host", {
-      value: Fn.replace(
-        cndiNLB.dnsName,
-        this.locals.aws_region.asString,
-        Fn.upper(this.locals.aws_region.asString),
-      ),
+      value: cndiNLB.dnsName,
     });
 
     new TerraformOutput(this, "resource_group_url", {
-      value: `https://${
-        Fn.upper(this.locals.aws_region.asString)
-      }.console.aws.amazon.com/resource-groups/group/cndi-rg_${project_name}`,
+      value:
+        `https://${this.locals.aws_region.asString}.console.aws.amazon.com/resource-groups/group/cndi-rg_${project_name}`,
     });
 
     // @ts-ignore no-use-before-defined

diff --git a/src/tfstate/git/write-state.ts b/src/tfstate/git/write-state.ts
@@ -97,7 +97,7 @@ export default async function pushStateFromRun({
     "terraform.tfstate.encrypted",
   );
 
-  console.log("encrypted state!");
+  // console.log("encrypted state!");
 
   try {
     Deno.writeTextFileSync(pathToNewState, encryptedState);

diff --git a/src/types.ts b/src/types.ts
@@ -209,14 +209,41 @@ interface CNDIPort {
   private?: boolean;
 }
 
+// https://github.com/bitnami/charts/blob/16f3174da9441d2bf6c2355ab0afe94d4a7a9e48/bitnami/external-dns/values.yaml#L112
+export type ExternalDNSProvider =
+  | "akamai"
+  | "alibabacloud"
+  | "aws"
+  | "azure"
+  | "azure-private-dns"
+  | "cloudflare"
+  | "coredns"
+  | "designate"
+  | "digitalocean"
+  | "google"
+  | "hetzner"
+  | "infoblox"
+  | "linode"
+  | "rfc2136"
+  | "transip"
+  | "oci";
+
+export type CNDIProvider = "aws" | "azure" | "gcp" | "dev";
+
 // incomplete type, config will have more options
 interface CNDIConfig {
   project_name?: string;
   cndi_version?: string;
   distribution: "microk8s" | "eks" | "gke" | "aks";
-  provider: "aws" | "azure" | "gcp" | "dev";
+  provider: CNDIProvider;
   infrastructure: {
     cndi: {
+      external_dns: {
+        enabled?: boolean; // default: true
+        provider: ExternalDNSProvider;
+        domain_filters: Array<string>;
+        values: Record<string, unknown>;
+      };
       deployment_target_configuration?: DeploymentTargetConfiguration;
       nodes: Array<BaseNodeItemSpec>;
       cert_manager?: {