Skip to content

Instantly share code, notes, and snippets.

@MarkArts
Created January 26, 2022 22:11
Show Gist options
  • Save MarkArts/7727c55a029baebab7d3b7d0c9e7f406 to your computer and use it in GitHub Desktop.
Save MarkArts/7727c55a029baebab7d3b7d0c9e7f406 to your computer and use it in GitHub Desktop.
import * as aws from "@pulumi/aws";
import * as k8s from "@pulumi/kubernetes";
import * as pulumi from "@pulumi/pulumi";
export type SetupRoute53ZoneArgs = {
zone: aws.route53.Zone;
zoneUserKey: aws.iam.AccessKey;
namespace: string;
domain: string;
};
export const SetupDNSController = (
prefix: string,
args: SetupRoute53ZoneArgs,
opts?: pulumi.ComponentResourceOptions
) => {
const dnsSecret = new k8s.core.v1.Secret(
`${prefix}-secret`,
{
metadata: {
name: `${prefix}-secret`,
namespace: args.namespace,
},
stringData: {
AWS_ACCESS_KEY_ID: args.zoneUserKey.id,
AWS_SECRET_ACCESS_KEY: args.zoneUserKey.secret,
},
},
opts
);
const dnsController = new k8s.helm.v3.Chart(
`${prefix}-dns-controller`,
{
fetchOpts: {
repo: "https://kubernetes-sigs.github.io/external-dns/",
},
chart: "external-dns",
namespace: args.namespace,
values: {
provider: "aws",
sources: ["ingress", "service"],
logLevel: "debug",
domainFilters: [args.domain],
env: [
{
name: "AWS_ACCESS_KEY_ID",
valueFrom: {
secretKeyRef: {
name: dnsSecret.metadata.name,
key: "AWS_ACCESS_KEY_ID",
},
},
},
{
name: "AWS_SECRET_ACCESS_KEY",
valueFrom: {
secretKeyRef: {
name: dnsSecret.metadata.name,
key: "AWS_SECRET_ACCESS_KEY",
},
},
},
],
},
},
opts
);
return {
dnsSecret,
dnsController,
};
};
export const SetupRoute53Zone = (
prefix: string,
domain: string,
opts?: pulumi.CustomResourceOptions
) => {
const zone = new aws.route53.Zone(
`${prefix}-zone`,
{
name: domain,
},
opts
);
const zoneUser = new aws.iam.User(`${prefix}-zone-user`, {}, opts);
const zoneUserKey = new aws.iam.AccessKey(
`${prefix}-zone-key`,
{ user: zoneUser.name },
opts
);
const zonePolicy = new aws.iam.UserPolicy(
`${prefix}-zone-policy`,
{
user: zoneUser.name,
policy: {
Version: "2012-10-17",
Statement: [
{
Effect: "Allow",
Action: ["route53:ChangeResourceRecordSets"],
Resource: [
pulumi.interpolate`arn:aws:route53:::hostedzone/${zone.zoneId}`,
],
},
{
Effect: "Allow",
Action: [
"route53:ListHostedZones",
"route53:ListResourceRecordSets",
],
Resource: ["*"],
},
],
},
},
opts
);
return {
zone,
zoneUser,
zoneUserKey,
zonePolicy,
};
};
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment