Skip to content

add bind config for PowerVS publish==internal IPI #6227

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
openshift-merge-robot merged 1 commit into from
Sep 6, 2022
Merged

add bind config for PowerVS publish==internal IPI #6227

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
27 changes: 26 additions & 1 deletion data/data/powervs/cluster/dns/dns.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -58,6 +58,19 @@ resource "ibm_is_security_group_rule" "dns_vm_sg_ssh_all" {
}
}

# allow all incoming network traffic on port 53
resource "ibm_is_security_group_rule" "dns_vm_sg_dns_all" {
count = local.proxy_count
group = ibm_is_security_group.dns_vm_sg[0].id
direction = "inbound"
remote = "0.0.0.0/0"

udp {
port_min = 53
port_max = 53
}
}

data "ibm_is_image" "dns_vm_image" {
count = local.proxy_count
name = var.dns_vm_image_name
Expand All @@ -69,7 +82,19 @@ locals {
packages:
- bind
- bind-utils
write_files:
- path: /tmp/named-conf-edit.sed
permissions: '0640'
content: |
/^\s*listen-on port 53 /s/127\.0\.0\.1/127\.0\.0\.1; MYIP/
/^\s*allow-query /s/localhost/any/
/^\s*dnssec-validation /s/ yes/ no/
/^\s*type hint;/s/ hint/ forward/
/^\s*file\s"named.ca";/d
/^\s*type forward/a \\tforward only;\n\tforwarders { 161.26.0.7; 161.26.0.8; };
runcmd:
- export MYIP=`hostname -I`; sed -i.bak "s/MYIP/$MYIP/" /tmp/named-conf-edit.sed
- sed -i.orig -f /tmp/named-conf-edit.sed /etc/named.conf
- systemctl enable named.service
- systemctl start named.service
EOF
Expand All @@ -93,5 +118,5 @@ resource "ibm_is_instance" "dns_vm_vsi" {
security_groups = [ibm_is_security_group.dns_vm_sg[0].id]
}

user_data = base64encode(local.user_data_string)
user_data = local.user_data_string
}
7 changes: 7 additions & 0 deletions data/data/powervs/cluster/vpc/vpc.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,12 @@ resource "time_sleep" "wait_for_vpc" {
create_duration = var.wait_for_vpc
}

resource "ibm_is_public_gateway" "dns_vm_gateway" {
name = "${var.cluster_id}-gateway"
vpc = ibm_is_vpc.new_vpc[0].id
zone = var.vpc_zone
}

resource "ibm_is_subnet" "new_vpc_subnet" {
count = var.vpc_subnet_name == "" ? 1 : 0
depends_on = [time_sleep.wait_for_vpc]
Expand All @@ -23,6 +29,7 @@ resource "ibm_is_subnet" "new_vpc_subnet" {
resource_group = data.ibm_resource_group.rg.id
total_ipv4_address_count = 256
zone = var.vpc_zone
public_gateway = ibm_is_public_gateway.dns_vm_gateway.id
tags = [var.cluster_id]
}

Expand Down