From 2cd95902a58dffeb964fe9c9f1c29925f8e16416 Mon Sep 17 00:00:00 2001 From: shockrah Date: Mon, 19 Feb 2024 16:51:19 -0800 Subject: [PATCH] removing old dns iam things while new testing domain populates ns servers on vultr --- infra/vultr-kubernetes/dns.tf | 68 ++--------------------------- infra/vultr-kubernetes/output.tf | 11 ----- infra/vultr-kubernetes/variables.tf | 6 +++ 3 files changed, 9 insertions(+), 76 deletions(-) diff --git a/infra/vultr-kubernetes/dns.tf b/infra/vultr-kubernetes/dns.tf index 39ec409..63d9a96 100644 --- a/infra/vultr-kubernetes/dns.tf +++ b/infra/vultr-kubernetes/dns.tf @@ -1,66 +1,4 @@ -# Policy to allow VKE to mess with our DNS stuff -################################################ -data aws_iam_policy_document vke { - version = "2012-10-17" - statement { - effect = "Allow" - actions = [ - "route53:ChangeResourceRecordSets" - ] - resources = [ - "arn:aws:route53:::hostedzone/*" - ] - } - statement { - effect = "Allow" - actions = [ - "route53:ListHostedZones", - "route53:ListResourceRecordSets", - "route53:ListTagsForResource" - ] - resources = [ "*" ] - } +resource vultr_dns_domain temprah_lab { + domain = var.lab_domain + ip = vultr_kubernetes.athens.ip } -resource aws_iam_policy vke { - name = "vke-dns-pol" - policy = data.aws_iam_policy_document.vke.json -} - -# Here we have the assume (required) for the role to assume a principal -####################################################################### -data aws_iam_policy_document assume { - statement { - actions = [ "sts:AssumeRole" ] - principals { - type = "Service" - identifiers = [ "ec2.amazonaws.com" ] - } - } -} - -resource aws_iam_role vke { - name = "vke-dns-role" - assume_role_policy = data.aws_iam_policy_document.assume.json -} - -# Finally we attach the role and policy together -resource aws_iam_role_policy_attachment vke { - role = aws_iam_role.vke.name - policy_arn = aws_iam_policy.vke.arn -} - -# Next we create a user with these permissions - -resource aws_iam_user vke { - name = "vke-dns-user" - path = "/" - tags = { - Name = "vke-dns-user" - Description = "For VKE to update DNS records" - } -} - -resource aws_iam_access_key vke { - user = aws_iam_user.vke.name -} - diff --git a/infra/vultr-kubernetes/output.tf b/infra/vultr-kubernetes/output.tf index d45b410..e69de29 100644 --- a/infra/vultr-kubernetes/output.tf +++ b/infra/vultr-kubernetes/output.tf @@ -1,11 +0,0 @@ -# Need to get access to those creds for the vke user - -output vke_secret_id { - value = aws_iam_access_key.vke.id - sensitive = true -} - -output vke_secret_key { - value = aws_iam_access_key.vke.secret - sensitive = true -} diff --git a/infra/vultr-kubernetes/variables.tf b/infra/vultr-kubernetes/variables.tf index 2192f5b..f5ece85 100644 --- a/infra/vultr-kubernetes/variables.tf +++ b/infra/vultr-kubernetes/variables.tf @@ -33,3 +33,9 @@ variable cluster { }) }) } + +variable lab_domain { + type = string +} + +