Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Terragrunt setup, DNS delegation for az.vedenemo.dev #320

Merged
merged 5 commits into from
Dec 5, 2024
Merged

Terragrunt setup, DNS delegation for az.vedenemo.dev #320

merged 5 commits into from
Dec 5, 2024

Conversation

flokli
Copy link
Collaborator

@flokli flokli commented Dec 4, 2024

This sets up a DNS zone for az.vedenemo.dev, and allows different environments to manage their own DNS zones, one subdomain per environment.

@flokli flokli requested a review from henrirosten December 4, 2024 14:41
flokli
flokli commented Dec 4, 2024
View reviewed changes
terraform/prod-eun/README.md Outdated Show resolved Hide resolved
flokli added 5 commits December 5, 2024 10:52
@flokli
terraform/prod-eun: init terragrunt
6236563 
This adds an experiment using Terragrunt for managing Terraform
resources and dependencies.

For now, this is limited to the "prod-eun" environment. reusing an
existing state bucket.

It creates a resource group in one state, and then creates a DNS Zone in
another state (prod-eun.az.vedenemo.dev), passing down the resource
group name as an input.

A followup commit will add another state, holding the az.vedenemo.dev
DNS Zone and manage the delegation of prod-eun.az.vedenemo.dev.

Signed-off-by: Florian Klink <[email protected]>
@flokli
terraform/vedenemo: init
209f2d8 
This manages the DNS Record az.vedenemo.dev.

Signed-off-by: Florian Klink <[email protected]>
@flokli
terraform/vedenemo: do DNS delegations
fc813bc 
This now creates glue records for every environment passed in the
`ns_delegations` variable.
We pass in date from the zone created for the prod-eun/dns state.

Signed-off-by: Florian Klink <[email protected]>
@flokli
terraform/prod-eun: add canary TXT record
a1038df 
This creates a TXT record at test.prod-eun.az.vedenemo.dev that should
resolve once the NS delegation on vedenemo.dev has been completed.

Signed-off-by: Florian Klink <[email protected]>
@flokli
terraform/vedenemo: add README
114388a 
This documents the `vedenemo` Terraform state.

Signed-off-by: Florian Klink <[email protected]>
@flokli flokli marked this pull request as ready for review December 5, 2024 09:01
@henrirosten
Copy link
Collaborator

Thanks @flokli

I agree there are problems with the current workspace-based approach, anything we can do to improve the workflow or make our terraform usage a bit more industry standard is very much welcome.

  • Can you reference a good source of documentation that would help see a bigger picture of how this should be used and how the layout would eventually end-up?
  • Am I reading this correctly, that we could merge this now, and then slowly move other parts of the infra and different deployments to this new layout too?
  • You could try converting your personal ghaf-infra environment to this new layout - then we could probably better see what are all the problems that will arise.

Also, can you reference a good source of documentation that would help others also see the bigger picture of how this should be used and how the layout would eventually end-up?

@flokli
Copy link
Collaborator Author

flokli commented Dec 5, 2024

Thanks @flokli

I agree there are problems with the current workspace-based approach, anything we can do to improve the workflow or make our terraform usage a bit more industry standard is very much welcome.

* Can you reference a good source of documentation that would help see a bigger picture of how this should be used and how the layout would eventually end-up?

The bigger picture would be that the different components would be terraform modules instantiated from the different environment, but explicitly written down for each environment, and things like persistent volumes passed from one Terraform State to another via the inputs mechanism.

I'm not aware of any public repo using terragrunt to showcase this more, but there's some generic documentation describing some of the DRY practices: https://terragrunt.gruntwork.io/docs/features/keep-your-terragrunt-architecture-dry/

* Am I reading this correctly, that we could merge this now, and then slowly move other parts of the infra and different deployments to this new layout too?

Yes. The fact we now have an additional DNS Zone managed this way won't cause any problems with the existing Terraform states, so this can be merged.

* You could try converting your personal ghaf-infra environment to this new layout - then we could probably better see what are all the problems that will arise.

Yes, starting with my personal environment was the next step I had in mind, and this should make this a bit less abstract, and "flesh out some calling conventions"

Also, can you reference a good source of documentation that would help others also see the bigger picture of how this should be used and how the layout would eventually end-up?

I'd assume more directories to appear in the terraform/ directory, in addition to the prod-eun and vedenemo ones, one for each environment. The terraform/*.tf files will go away, once everything is migrated. We might then "factor out" some common calling code, if they're the same across environments to reduce duplication, but that's a second step once the code has been moved to the new layout.

@flokli flokli merged commit 4070ca0 into main Dec 5, 2024
6 checks passed
@flokli flokli deleted the terragrunt branch December 5, 2024 18:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@henrirosten henrirosten henrirosten approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@flokli @henrirosten