Merge pull request #8 from CodeSparta/jrickard-devkit-route53

jrickard devkit route53

Author: usrbinkat

main.tf

@@ -63,7 +63,7 @@ module "registry-node" {
   depends_on = [module.route-53]
 
   vpc_id = module.vpc.vpc_id
-  master_sg_ids = [module.security-groups.master_sg_id]
+  registry_sg_ids = [module.security-groups.registry_sg_id]
   cluster_name = var.cluster_name
   cluster_domain = var.cluster_domain
   aws_region = var.aws_region

registry-node/registry-node.tf

@@ -33,7 +33,7 @@ resource "aws_instance" "registry-node" {
   user_data = "{\"ignition\":{\"config\":{},\"security\":{\"tls\":{}},\"timeouts\":{},\"version\":\"2.2.0\"},\"networkd\":{},\"passwd\":{\"users\":[{\"name\":\"core\",\"sshAuthorizedKeys\":[\"${var.ssh_public_key}}\"]}]},\"storage\":{},\"systemd\":{}}"
 
   root_block_device { volume_size = var.registry_volume }
-  security_groups = var.master_sg_ids
+  security_groups = var.registry_sg_ids
   associate_public_ip_address = true
 
   tags = merge(

registry-node/variables.tf

@@ -16,6 +16,6 @@ variable "ssh_public_key" {
 variable "rhcos_ami" {default = ""}
 variable "registry_type" {default = "m5.xlarge"}
 variable "registry_volume" {default = ""}
-variable "master_sg_ids" {default = "" }
+variable "registry_sg_ids" {default = "" }
 variable "route53_private_zone_id" {default = ""}
-variable "cluster_domain" { default = "" }
+variable "cluster_domain" { default = "" }

route-53/private-dns.tf

@@ -13,57 +13,3 @@ resource "aws_route53_zone" "private_zone" {
     )
   )
 }
-
-resource "aws_route53_record" "api-int" {
-  name = "api-int.${aws_route53_zone.private_zone.name}"
-  type = "CNAME"
-  zone_id = aws_route53_zone.private_zone.zone_id
-  records = ["replaceme"]
-  ttl = 300
-  }
-
-resource "aws_route53_record" "api" {
-  name = "api.${aws_route53_zone.private_zone.name}"
-  type = "CNAME"
-  zone_id = aws_route53_zone.private_zone.zone_id
-  records = ["replaceme"]
-  ttl = 300
-}
-
-resource "aws_route53_record" "etcd_srv" {
-  allow_overwrite = "true"
-  name = "_etcd-server-ssl._tcp"
-  type = "SRV"
-  zone_id = aws_route53_zone.private_zone.zone_id
-  records = [
-    "0 10 2380 etcd-0.${var.cluster_name}.${var.cluster_domain}",
-    "0 10 2380 etcd-1.${var.cluster_name}.${var.cluster_domain}",
-    "0 10 2380 etcd-2.${var.cluster_name}.${var.cluster_domain}"
-    ]
-  ttl = 300
-}
-
-resource "aws_route53_record" "wildcard-apps" {
-  name = "*.apps.${aws_route53_zone.private_zone.name}"
-  type = "CNAME"
-  zone_id = aws_route53_zone.private_zone.zone_id
-  records = ["replaceme"]
-  ttl = 300
-}
-
-resource "aws_route53_record" "etcd-entries" {
-  count = 3
-  zone_id = aws_route53_zone.private_zone.id
-  name    = "etcd-${count.index}.${aws_route53_zone.private_zone.name}"
-  type    = "A"
-  ttl     = "300"
-  records = ["192.168.1.100"]
-}
-
-resource "aws_route53_record" "registry" {
-zone_id = aws_route53_zone.private_zone.id
-name    = "registry.${aws_route53_zone.private_zone.name}"
-type    = "A"
-ttl     = "300"
-records = ["192.168.1.100"]
-}

security-groups/outputs.tf

@@ -4,4 +4,8 @@ output "master_sg_id" {
 
 output "worker_sg_id" {
   value = aws_security_group.worker-sg.id
-}
+}
+
+output "registry_sg_id" {
+  value = aws_security_group.registry-sg.id
+}

security-groups/registry-sg.tf

@@ -0,0 +1,48 @@
+resource "aws_security_group" "registry-sg" {
+  name =  "${var.cluster_name}-registry-sg"
+  vpc_id =  data.aws_vpc.cluster_vpc.id
+
+  tags =  merge(
+  var.default_tags,
+map(
+"Name",  "${var.cluster_name}-registry-sg",
+"kubernetes.io/cluster/${var.cluster_name}", "owned"
+    )
+  )
+}
+
+resource "aws_security_group_rule" "registry_ingress_8080" {
+  security_group_id = aws_security_group.registry-sg.id
+  type        = "ingress"
+  cidr_blocks = [var.cidr_blocks]
+  protocol    = "tcp"
+  from_port   = 8080
+  to_port     = 8080
+}
+
+resource "aws_security_group_rule" "registry_ingress_5000" {
+  security_group_id = aws_security_group.registry-sg.id
+  type 		= "ingress"
+  cidr_blocks 	= [var.cidr_blocks]
+  protocol 	= "tcp"
+  from_port	= 5000
+  to_port   	= 5000
+}
+
+resource "aws_security_group_rule" "registry_ingress_22" {
+  security_group_id = aws_security_group.registry-sg.id
+  type  	= "ingress"
+  cidr_blocks 	= [var.cidr_blocks]
+  protocol	= "tcp"
+  from_port	= 22
+  to_port	= 22
+}
+
+resource "aws_security_group_rule" "registry_egress_all" {
+  type              = "egress"
+  security_group_id = aws_security_group.registry-sg.id
+  protocol    = "all"
+  cidr_blocks = ["0.0.0.0/0"]
+  from_port   = 0
+  to_port     = 0
+}