Add private dns

azure/instances-controlplane.tf

@@ -44,6 +44,40 @@ module "controlplane" {
 }
 
 locals {
-  lbv4s    = [for c in local.network_controlplane : c.controlplane_lb]
+  lbv4s    = [for ip in flatten([for c in local.network_controlplane : c.controlplane_lb]) : ip if length(split(".", ip)) > 1]
+  lbv6s    = [for ip in flatten([for c in local.network_controlplane : c.controlplane_lb]) : ip if length(split(":", ip)) > 1]
   endpoint = try(flatten([for c in module.controlplane : c.controlplane_endpoints])[0], "")
 }
+
+resource "azurerm_private_dns_a_record" "controlplane" {
+  for_each            = toset(values({ for zone, name in local.network : zone => name.dns if name.dns != "" }))
+  name                = "controlplane"
+  resource_group_name = local.resource_group
+  zone_name           = each.key
+  ttl                 = 300
+  records             = local.lbv4s
+
+  tags = merge(var.tags, { type = "infra" })
+}
+
+resource "azurerm_private_dns_aaaa_record" "controlplane" {
+  for_each            = toset(values({ for zone, name in local.network : zone => name.dns if name.dns != "" && length(local.lbv6s) > 0 }))
+  name                = "controlplane"
+  resource_group_name = local.resource_group
+  zone_name           = each.key
+  ttl                 = 300
+  records             = local.lbv6s
+
+  tags = merge(var.tags, { type = "infra" })
+}
+
+resource "azurerm_private_dns_a_record" "controlplane_zonal" {
+  for_each            = { for idx, name in local.regions : name => idx if lookup(try(var.controlplane[name], {}), "count", 0) > 1 }
+  name                = "controlplane-${each.key}"
+  resource_group_name = local.resource_group
+  zone_name           = local.network[each.key].dns
+  ttl                 = 300
+  records             = flatten(module.controlplane[each.key].controlplane_endpoints)
+
+  tags = merge(var.tags, { type = "infra" })
+}

azure/prepare/network-dns.tf

@@ -0,0 +1,18 @@
+
+resource "azurerm_private_dns_zone" "main" {
+  count               = try(var.capabilities["all"].network_dns_enable, false) ? 1 : 0
+  name                = var.domain
+  resource_group_name = var.resource_group
+
+  tags = merge(var.tags, { type = "infra" })
+}
+
+resource "azurerm_private_dns_zone_virtual_network_link" "main" {
+  for_each              = { for idx, name in var.regions : name => idx if try(var.capabilities["all"].network_dns_enable, false) }
+  name                  = "dns-${lower(each.key)}"
+  resource_group_name   = var.resource_group
+  private_dns_zone_name = azurerm_private_dns_zone.main[0].name
+  virtual_network_id    = azurerm_virtual_network.main[each.key].id
+
+  tags = merge(var.tags, { type = "infra" })
+}

azure/prepare/outputs.tf

@@ -19,6 +19,7 @@ output "network" {
   value = { for zone, net in azurerm_virtual_network.main : zone => {
     name    = net.name
     nat     = try(azurerm_public_ip.nat[zone].ip_address, "")
+    dns     = try(azurerm_private_dns_zone.main[0].name, "")
     peering = try(azurerm_linux_virtual_machine.router[zone].private_ip_addresses, [])
   } }
 }

azure/prepare/variables.tf

@@ -20,6 +20,12 @@ variable "regions" {
   }
 }
 
+variable "domain" {
+  description = "The cluster domain name"
+  type        = string
+  default     = "cluster.local"
+}
+
 variable "tags" {
   description = "Tags to set on resources"
   type        = map(string)
@@ -61,12 +67,14 @@ variable "whitelist_web" {
 variable "capabilities" {
   type = map(any)
   default = {
+    "all" = {
+      network_dns_enable = false
+    },
     "uksouth" = {
       network_nat_enable = false,
       network_lb_type    = "Basic", # Standard
       network_gw_enable  = false,
       network_gw_type    = "Standard_B1s",
-
     },
     "ukwest" = {
       network_nat_enable = false,