user-auth namespace is created by auth db-script (#188)

davidcheung · web-flow · commit 7d922994e012 · 2021-03-19T11:23:59.000-04:00
* user-auth namespace is created by auth db-script

* prometheus exporter to depend_on prometheus

* fix external dns not creating route53 entry
diff --git a/templates/kubernetes/terraform/modules/kubernetes/cert_manager.tf b/templates/kubernetes/terraform/modules/kubernetes/cert_manager.tf
@@ -161,7 +161,7 @@ data "aws_iam_policy_document" "cert_manager_policy_doc" {
       "route53:ListResourceRecordSets"
     ]
 
-    resources = [for domain in var.external_dns_zones : "arn:aws:route53:::hostedzone/${domain}"]
+    resources = [for index, domain in var.external_dns_zones : "arn:aws:route53:::hostedzone/${data.aws_route53_zone.zones[index].zone_id}"]
   }
 
   statement {
diff --git a/templates/kubernetes/terraform/modules/kubernetes/external_dns.tf b/templates/kubernetes/terraform/modules/kubernetes/external_dns.tf
@@ -34,7 +34,8 @@ data "aws_iam_policy_document" "external_dns_policy_doc" {
 
     actions = ["route53:ChangeResourceRecordSets"]
 
-    resources = [for domain in var.external_dns_zones : "arn:aws:route53:::hostedzone/${domain}"]
+    // data.aws_route53_zone.zones declared in ./cert-manager.tf
+    resources = [for index, domain in var.external_dns_zones : "arn:aws:route53:::hostedzone/${data.aws_route53_zone.zones[index].zone_id}"]
   }
 }
 
diff --git a/templates/kubernetes/terraform/modules/kubernetes/metrics/prometheus/main.tf b/templates/kubernetes/terraform/modules/kubernetes/metrics/prometheus/main.tf
@@ -221,4 +221,5 @@ resource "helm_release" "elasticsearch_prometheus_exporter" {
     name  = "serviceMonitor.enabled"
     value = "true"
   }
+  depends_on = [helm_release.prometheus_stack]
 }
diff --git a/templates/kubernetes/terraform/modules/kubernetes/user_auth.tf b/templates/kubernetes/terraform/modules/kubernetes/user_auth.tf
@@ -10,10 +10,11 @@ locals {
 module "user_auth" {
   count = length(var.user_auth)
   source                      = "commitdev/zero/aws//modules/user_auth"
-  version                     = "0.1.18"
+  version                     = "0.1.19"
 
   project                     = var.user_auth[count.index].name
   auth_namespace              = var.user_auth[count.index].auth_namespace
+  create_namespace            = false
   frontend_service_domain     = var.user_auth[count.index].frontend_service_domain
   backend_service_domain      = var.user_auth[count.index].backend_service_domain
   user_auth_mail_from_address = var.user_auth[count.index].user_auth_mail_from_address

Original file line number	Diff line number	Diff line change
`@@ -161,7 +161,7 @@ data "aws_iam_policy_document" "cert_manager_policy_doc" {`
`161`	`161`	`"route53:ListResourceRecordSets"`
`162`	`162`	`]`
`163`	`163`
`164`		`- resources = [for domain in var.external_dns_zones : "arn:aws:route53:::hostedzone/${domain}"]`
	`164`	`+ resources = [for index, domain in var.external_dns_zones : "arn:aws:route53:::hostedzone/${data.aws_route53_zone.zones[index].zone_id}"]`
`165`	`165`	`}`
`166`	`166`
`167`	`167`	`statement {`
Original file line number	Diff line number	Diff line change
`@@ -34,7 +34,8 @@ data "aws_iam_policy_document" "external_dns_policy_doc" {`
`34`	`34`
`35`	`35`	`actions = ["route53:ChangeResourceRecordSets"]`
`36`	`36`
`37`		`- resources = [for domain in var.external_dns_zones : "arn:aws:route53:::hostedzone/${domain}"]`
	`37`	`+ // data.aws_route53_zone.zones declared in ./cert-manager.tf`
	`38`	`+ resources = [for index, domain in var.external_dns_zones : "arn:aws:route53:::hostedzone/${data.aws_route53_zone.zones[index].zone_id}"]`
`38`	`39`	`}`
`39`	`40`	`}`
`40`	`41`
Original file line number	Diff line number	Diff line change
`@@ -221,4 +221,5 @@ resource "helm_release" "elasticsearch_prometheus_exporter" {`
`221`	`221`	`name = "serviceMonitor.enabled"`
`222`	`222`	`value = "true"`
`223`	`223`	`}`
	`224`	`+ depends_on = [helm_release.prometheus_stack]`
`224`	`225`	`}`