Skip to content
This repository has been archived by the owner on Sep 16, 2020. It is now read-only.

Commit

Permalink
Update dns records to resolve to haproxy ip instead of external ips.
Browse files Browse the repository at this point in the history 
- Add haproxy static ip output for ert product configuration.

[#157561315] Replace vsphere internetless envs with internetless envs on a public IaaS

Signed-off-by: Caitlyn Yu <[email protected]>
  • Loading branch information
@michelleheh
michelleheh authored and Genevieve committed Jun 19, 2018
1 parent eca9572 commit 35ae0a7
Show file tree
Hide file tree
Showing 3 changed files with 18 additions and 8 deletions.
19 changes: 12 additions & 7 deletions dns.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,14 +25,19 @@ resource "google_dns_record_set" "optional-ops-manager-dns" {
rrdatas = ["${google_compute_instance.optional-ops-manager.network_interface.0.access_config.0.assigned_nat_ip}"]
}

// Modify dns records to resolve to the ha proxy when in internetless mode.
locals {
haproxy_static_ip = "${cidrhost(google_compute_subnetwork.pas-subnet.ip_cidr_range, -20)}"
}

resource "google_dns_record_set" "wildcard-sys-dns" {
name = "*.sys.${google_dns_managed_zone.env_dns_zone.dns_name}"
type = "A"
ttl = 300

managed_zone = "${google_dns_managed_zone.env_dns_zone.name}"

rrdatas = ["${google_compute_global_address.cf.address}"]
rrdatas = ["${var.internetless ? local.haproxy_static_ip : google_compute_global_address.cf.address}"]
}

resource "google_dns_record_set" "doppler-sys-dns" {
Expand All @@ -42,7 +47,7 @@ resource "google_dns_record_set" "doppler-sys-dns" {

managed_zone = "${google_dns_managed_zone.env_dns_zone.name}"

rrdatas = ["${google_compute_address.cf-ws.address}"]
rrdatas = ["${var.internetless ? local.haproxy_static_ip : google_compute_address.cf-ws.address}"]
}

resource "google_dns_record_set" "loggregator-sys-dns" {
Expand All @@ -52,7 +57,7 @@ resource "google_dns_record_set" "loggregator-sys-dns" {

managed_zone = "${google_dns_managed_zone.env_dns_zone.name}"

rrdatas = ["${google_compute_address.cf-ws.address}"]
rrdatas = ["${var.internetless ? local.haproxy_static_ip : google_compute_address.cf-ws.address}"]
}

resource "google_dns_record_set" "wildcard-apps-dns" {
Expand All @@ -62,7 +67,7 @@ resource "google_dns_record_set" "wildcard-apps-dns" {

managed_zone = "${google_dns_managed_zone.env_dns_zone.name}"

rrdatas = ["${google_compute_global_address.cf.address}"]
rrdatas = ["${var.internetless ? local.haproxy_static_ip : google_compute_global_address.cf.address}"]
}

resource "google_dns_record_set" "wildcard-ws-dns" {
Expand All @@ -72,7 +77,7 @@ resource "google_dns_record_set" "wildcard-ws-dns" {

managed_zone = "${google_dns_managed_zone.env_dns_zone.name}"

rrdatas = ["${google_compute_address.cf-ws.address}"]
rrdatas = ["${var.internetless ? local.haproxy_static_ip : google_compute_address.cf-ws.address}"]
}

resource "google_dns_record_set" "app-ssh-dns" {
Expand All @@ -82,7 +87,7 @@ resource "google_dns_record_set" "app-ssh-dns" {

managed_zone = "${google_dns_managed_zone.env_dns_zone.name}"

rrdatas = ["${google_compute_address.cf-ssh.address}"]
rrdatas = ["${var.internetless ? local.haproxy_static_ip : google_compute_address.cf-ssh.address}"]
}

resource "google_dns_record_set" "tcp-dns" {
Expand All @@ -92,5 +97,5 @@ resource "google_dns_record_set" "tcp-dns" {

managed_zone = "${google_dns_managed_zone.env_dns_zone.name}"

rrdatas = ["${google_compute_address.cf-tcp.address}"]
rrdatas = ["${var.internetless ? local.haproxy_static_ip : google_compute_address.cf-tcp.address}"]
}
3 changes: 2 additions & 1 deletion internetless.tf
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
// Allow open access between internal VMs for a PCF deployment
// Allow ingress between internal VMs for a PCF deployment
resource "google_compute_firewall" "cf-internal-ingress" {
count = "${var.internetless ? 1 : 0}"

Expand Down Expand Up @@ -28,6 +28,7 @@ resource "google_compute_firewall" "cf-internal-ingress" {
]
}

// Allow egress between internal VMs for a PCF deployment
resource "google_compute_firewall" "cf-internal-egress" {
count = "${var.internetless ? 1 : 0}"

Expand Down
4 changes: 4 additions & 0 deletions outputs.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,10 @@ output "optional_ops_manager_dns" {
value = "${replace(element(concat(google_dns_record_set.optional-ops-manager-dns.*.name, list("")), 0), "/\\.$/", "")}"
}

output "haproxy_static_ip" {
value = "${local.haproxy_static_ip}"
}

output "sys_domain" {
value = "${replace(replace(google_dns_record_set.wildcard-sys-dns.name, "/^\\*\\./", ""), "/\\.$/", "")}"
}
Expand Down

0 comments on commit 35ae0a7

Please sign in to comment.