Skip to content

Latest commit

 

History

History
159 lines (138 loc) · 7.24 KB

README.md

File metadata and controls

159 lines (138 loc) · 7.24 KB

Google Cloud DNS Module

This module allows simple management of Google Cloud DNS zones and records. It supports creating public, private, forwarding, peering, service directory and reverse-managed based zones. To create inbound/outbound server policies, please have a look at the net-vpc module.

For DNSSEC configuration, refer to the dns_managed_zone documentation.

Examples

Private Zone

module "private-dns" {
  source          = "./fabric/modules/dns"
  project_id      = "myproject"
  type            = "private"
  name            = "test-example"
  domain          = "test.example."
  client_networks = [var.vpc.self_link]
  recordsets = {
    "A localhost" = { records = ["127.0.0.1"] }
    "A myhost"    = { ttl = 600, records = ["10.0.0.120"] }
  }
  iam = {
    "roles/dns.admin" = ["group:[email protected]"]
  }
}
# tftest modules=1 resources=4 inventory=private-zone.yaml

Forwarding Zone

module "private-dns" {
  source          = "./fabric/modules/dns"
  project_id      = "myproject"
  type            = "forwarding"
  name            = "test-example"
  domain          = "test.example."
  client_networks = [var.vpc.self_link]
  forwarders      = { "10.0.1.1" = null, "1.2.3.4" = "private" }
}
# tftest modules=1 resources=1 inventory=forwarding-zone.yaml

Peering Zone

module "private-dns" {
  source          = "./fabric/modules/dns"
  project_id      = "myproject"
  type            = "peering"
  name            = "test-example"
  domain          = "."
  description     = "Forwarding zone for ."
  client_networks = [var.vpc.self_link]
  peer_network    = var.vpc2.self_link
}
# tftest modules=1 resources=1 inventory=peering-zone.yaml

Routing Policies

module "private-dns" {
  source          = "./fabric/modules/dns"
  project_id      = "myproject"
  type            = "private"
  name            = "test-example"
  domain          = "test.example."
  client_networks = [var.vpc.self_link]
  recordsets = {
    "A regular" = { records = ["10.20.0.1"] }
    "A geo" = {
      geo_routing = [
        { location = "europe-west1", records = ["10.0.0.1"] },
        { location = "europe-west2", records = ["10.0.0.2"] },
        { location = "europe-west3", records = ["10.0.0.3"] }
      ]
    }

    "A wrr" = {
      ttl = 600
      wrr_routing = [
        { weight = 0.6, records = ["10.10.0.1"] },
        { weight = 0.2, records = ["10.10.0.2"] },
        { weight = 0.2, records = ["10.10.0.3"] }
      ]
    }
  }
}
# tftest modules=1 resources=4 inventory=routing-policies.yaml

Reverse Lookup Zone

module "private-dns" {
  source          = "./fabric/modules/dns"
  project_id      = "myproject"
  type            = "reverse-managed"
  name            = "test-example"
  domain          = "0.0.10.in-addr.arpa."
  client_networks = [var.vpc.self_link]
}
# tftest modules=1 resources=1 inventory=reverse-zone.yaml

Public Zone

module "public-dns" {
  source     = "./fabric/modules/dns"
  project_id = "myproject"
  type       = "public"
  name       = "example"
  domain     = "example.com."
  recordsets = {
    "A myhost" = { ttl = 300, records = ["127.0.0.1"] }
  }
  iam = {
    "roles/dns.admin" = ["group:[email protected]"]
  }
}
# tftest modules=1 resources=4 inventory=public-zone.yaml

Variables

name description type required default
domain Zone domain, must end with a period. string
name Zone name, must be unique within the project. string
project_id Project id for the zone. string
client_networks List of VPC self links that can see this zone. list(string) []
description Domain description. string "Terraform managed."
dnssec_config DNSSEC configuration for this zone. object({…}) {…}
enable_logging Enable query logging for this zone. bool false
forwarders Map of {IPV4_ADDRESS => FORWARDING_PATH} for 'forwarding' zone types. Path can be 'default', 'private', or null for provider default. map(string) {}
iam IAM bindings in {ROLE => [MEMBERS]} format. map(list(string)) null
peer_network Peering network self link, only valid for 'peering' zone types. string null
recordsets Map of DNS recordsets in "type name" => {ttl, [records]} format. map(object({…})) {}
service_directory_namespace Service directory namespace id (URL), only valid for 'service-directory' zone types. string null
type Type of zone to create, valid values are 'public', 'private', 'forwarding', 'peering', 'service-directory','reverse-managed'. string "private"
zone_create Create zone. When set to false, uses a data source to reference existing zone. bool true

Outputs

name description sensitive
dns_keys DNSKEY and DS records of DNSSEC-signed managed zones.
domain The DNS zone domain.
id Fully qualified zone id.
name The DNS zone name.
name_servers The DNS zone name servers.
type The DNS zone type.
zone DNS zone resource.