Enable re-use of existing private hosted zone in AWS

data/data/aws/main.tf

@@ -89,6 +89,7 @@ module "dns" {
   vpc_id                   = module.vpc.vpc_id
   region                   = var.aws_region
   publish_strategy         = var.aws_publish_strategy
+  zone_id                  = var.aws_private_zone_id
 }
 
 module "vpc" {
@@ -128,4 +129,3 @@ resource "aws_ami_copy" "imported" {
     local.tags,
   )
 }
-

data/data/aws/route53/base.tf

@@ -5,6 +5,8 @@ locals {
   // So publish_strategy serves an coordinated proxy for that decision.
   public_endpoints = var.publish_strategy == "External" ? true : false
 
+  use_existing_private_zone = var.zone_id == "" ? false : true
+
   use_cname = contains(["us-gov-west-1", "us-gov-east-1", "us-iso-east-1"], var.region)
   use_alias = ! local.use_cname
 }
@@ -15,7 +17,15 @@ data "aws_route53_zone" "public" {
   name = var.base_domain
 }
 
+data "aws_route53_zone" "int" {
+  count = local.use_existing_private_zone ? 1 : 0
+
+  zone_id = var.zone_id
+}
+
 resource "aws_route53_zone" "int" {
+  count = local.use_existing_private_zone ? 0 : 1
+
   name          = var.cluster_domain
   force_destroy = true
 
@@ -50,7 +60,7 @@ resource "aws_route53_record" "api_external_alias" {
 resource "aws_route53_record" "api_internal_alias" {
   count = local.use_alias ? 1 : 0
 
-  zone_id = aws_route53_zone.int.zone_id
+  zone_id = local.use_existing_private_zone ? data.aws_route53_zone.int[0].zone_id : aws_route53_zone.int[0].zone_id
   name    = "api-int.${var.cluster_domain}"
   type    = "A"
 
@@ -64,7 +74,7 @@ resource "aws_route53_record" "api_internal_alias" {
 resource "aws_route53_record" "api_external_internal_zone_alias" {
   count = local.use_alias ? 1 : 0
 
-  zone_id = aws_route53_zone.int.zone_id
+  zone_id = local.use_existing_private_zone ? data.aws_route53_zone.int[0].zone_id : aws_route53_zone.int[0].zone_id
   name    = "api.${var.cluster_domain}"
   type    = "A"
 
@@ -89,7 +99,7 @@ resource "aws_route53_record" "api_external_cname" {
 resource "aws_route53_record" "api_internal_cname" {
   count = local.use_cname ? 1 : 0
 
-  zone_id = aws_route53_zone.int.zone_id
+  zone_id = local.use_existing_private_zone ? data.aws_route53_zone.int[0].zone_id : aws_route53_zone.int[0].zone_id
   name    = "api-int.${var.cluster_domain}"
   type    = "CNAME"
   ttl     = 10
@@ -100,7 +110,7 @@ resource "aws_route53_record" "api_internal_cname" {
 resource "aws_route53_record" "api_external_internal_zone_cname" {
   count = local.use_cname ? 1 : 0
 
-  zone_id = aws_route53_zone.int.zone_id
+  zone_id = local.use_existing_private_zone ? data.aws_route53_zone.int[0].zone_id : aws_route53_zone.int[0].zone_id
   name    = "api.${var.cluster_domain}"
   type    = "CNAME"
   ttl     = 10

data/data/aws/route53/variables.tf

@@ -58,3 +58,8 @@ variable "region" {
   type = string
   description = "The target AWS region for the cluster."
 }
+
+variable "zone_id" {
+  type = string
+  description = "The existing private zone ID to use. If left empty, then a new zone will be created (default)."
+}

data/data/aws/variables-aws.tf

@@ -148,3 +148,8 @@ The stub Ignition config that should be used to boot the bootstrap instance. Thi
 specified in aws_ignition_bucket.
 EOF
 }
+
+variable "aws_private_zone_id" {
+  type = string
+  description = "The existing private zone ID to use. If left empty, then a new zone will be created (default)."
+}

pkg/asset/cluster/tfvars.go

@@ -9,6 +9,8 @@ import (
 	"strings"
 
 	igntypes "github.com/coreos/ignition/v2/config/v3_2/types"
+	"github.com/ghodss/yaml"
+	configv1 "github.com/openshift/api/config/v1"
 	gcpprovider "github.com/openshift/cluster-api-provider-gcp/pkg/apis/gcpprovider/v1beta1"
 	kubevirtprovider "github.com/openshift/cluster-api-provider-kubevirt/pkg/apis/kubevirtprovider/v1alpha1"
 	kubevirtutils "github.com/openshift/cluster-api-provider-kubevirt/pkg/utils"
@@ -32,6 +34,7 @@ import (
 	openstackconfig "github.com/openshift/installer/pkg/asset/installconfig/openstack"
 	ovirtconfig "github.com/openshift/installer/pkg/asset/installconfig/ovirt"
 	"github.com/openshift/installer/pkg/asset/machines"
+	"github.com/openshift/installer/pkg/asset/manifests"
 	"github.com/openshift/installer/pkg/asset/openshiftinstall"
 	"github.com/openshift/installer/pkg/asset/rhcos"
 	rhcospkg "github.com/openshift/installer/pkg/rhcos"
@@ -96,6 +99,7 @@ func (t *TerraformVariables) Dependencies() []asset.Asset {
 		&machines.Master{},
 		&machines.Worker{},
 		&baremetalbootstrap.IronicCreds{},
+		&manifests.Manifests{},
 	}
 }
 
@@ -111,7 +115,8 @@ func (t *TerraformVariables) Generate(parents asset.Parents) error {
 	rhcosImage := new(rhcos.Image)
 	rhcosBootstrapImage := new(rhcos.BootstrapImage)
 	ironicCreds := &baremetalbootstrap.IronicCreds{}
-	parents.Get(clusterID, installConfig, bootstrapIgnAsset, masterIgnAsset, mastersAsset, workersAsset, rhcosImage, rhcosBootstrapImage, ironicCreds)
+	manifestsInDirectory := &manifests.Manifests{}
+	parents.Get(clusterID, installConfig, bootstrapIgnAsset, masterIgnAsset, mastersAsset, workersAsset, rhcosImage, rhcosBootstrapImage, ironicCreds, manifestsInDirectory)
 
 	platform := installConfig.Config.Platform.Name()
 	switch platform {
@@ -201,6 +206,18 @@ func (t *TerraformVariables) Generate(parents asset.Parents) error {
 			}
 		}
 
+		privateHostedZoneID := ""
+		for _, manifestFile := range manifestsInDirectory.Files() {
+			if manifestFile.Filename == manifests.GetDNSCfgFilename() {
+				var clusterDNSFileStruct configv1.DNS
+				if err := yaml.Unmarshal(manifestFile.Data, &clusterDNSFileStruct); err != nil {
+					return errors.Wrapf(err, "Unable to parse manifests/cluster-dns-02-config.yml as proper YAML file")
+				}
+				privateHostedZoneID = clusterDNSFileStruct.Spec.PrivateZone.ID
+				break
+			}
+		}
+
 		sess, err := installConfig.AWS.Session(ctx)
 		if err != nil {
 			return err
@@ -246,6 +263,7 @@ func (t *TerraformVariables) Generate(parents asset.Parents) error {
 			IgnitionBucket:        bucket,
 			IgnitionPresignedURL:  url,
 			AdditionalTrustBundle: installConfig.Config.AdditionalTrustBundle,
+			PrivateZoneID:         privateHostedZoneID,
 		})
 		if err != nil {
 			return errors.Wrapf(err, "failed to get %s Terraform variables", platform)

pkg/asset/manifests/dns.go

@@ -45,6 +45,11 @@ func (*DNS) Name() string {
 	return "DNS Config"
 }
 
+// GetDNSCfgFilename returns the dnsCfgFilename variable
+func GetDNSCfgFilename() string {
+	return dnsCfgFilename
+}
+
 // Dependencies returns all of the dependencies directly needed to generate
 // the asset.
 func (*DNS) Dependencies() []asset.Asset {

pkg/tfvars/aws/aws.go

@@ -36,11 +36,13 @@ type config struct {
 	SkipRegionCheck         bool              `json:"aws_skip_region_validation"`
 	IgnitionBucket          string            `json:"aws_ignition_bucket"`
 	BootstrapIgnitionStub   string            `json:"aws_bootstrap_stub_ignition"`
+	PrivateZoneID           string            `json:"aws_private_zone_id"`
 }
 
 // TFVarsSources contains the parameters to be converted into Terraform variables
 type TFVarsSources struct {
 	VPC                           string
+	PrivateZoneID                 string
 	PrivateSubnets, PublicSubnets []string
 	Services                      []typesaws.ServiceEndpoint
 
@@ -123,6 +125,7 @@ func TFVars(sources TFVarsSources) ([]byte, error) {
 		PublishStrategy:         string(sources.Publish),
 		SkipRegionCheck:         !configaws.IsKnownRegion(masterConfig.Placement.Region),
 		IgnitionBucket:          sources.IgnitionBucket,
+		PrivateZoneID:           sources.PrivateZoneID,
 	}
 
 	stubIgn, err := generateIgnitionShim(sources.IgnitionPresignedURL, sources.AdditionalTrustBundle)