FACT-1485 Add annotation-filter

.gitignore

@@ -2,6 +2,7 @@
 *.tfstate*
 *.auto.tfvars
 .terraform
+.terraform.lock.hcl
 .terraform/*
 terraform.tfvars
 terraform.tfvars.example

.pre-commit-config.yaml

@@ -1,8 +1,8 @@
 repos:
-- repo: git://github.com/antonbabenko/pre-commit-terraform
-  rev: v1.43.0
-  hooks:
-    - id: terraform_fmt
-    - id: terraform_docs
-    - id: terraform_validate
-    - id: terraform_tflint
+  - repo: git://github.com/antonbabenko/pre-commit-terraform
+    rev: v1.48.0
+    hooks:
+      - id: terraform_fmt
+      - id: terraform_docs
+      - id: terraform_validate
+      - id: terraform_tflint

iam.tf

@@ -1,3 +1,4 @@
+
 data "aws_caller_identity" "current" {}
 
 data "aws_iam_policy_document" "eks_assume_role" {
@@ -12,7 +13,7 @@ data "aws_iam_policy_document" "eks_assume_role" {
 }
 
 resource "aws_iam_role" "external_dns" {
-  name        = "eks-aws-eks-istio-external-dns-viewer-${lower(var.hosted_zone_id)}"
+  name        = local.iam_name
   description = "Permissions required by the Kubernetes AWS EKS External Name controller to do it's job."
   path        = "/"
 
@@ -38,7 +39,7 @@ data "aws_iam_policy_document" "external_dns" {
 }
 
 resource "aws_iam_policy" "external_dns" {
-  name        = "eks-aws-eks-istio-external-dns-viewer-${lower(var.hosted_zone_id)}"
+  name        = local.iam_name
   description = "Allows access to resources needed to run external dns."
   policy      = data.aws_iam_policy_document.external_dns.json
 }

main.tf

@@ -1,27 +1,36 @@
 locals {
   external_dns_docker_image = "k8s.gcr.io/external-dns/external-dns:v${var.external_dns_version}"
   external_dns_version      = var.external_dns_version
+
+  default_name = "aws-eks-istio-external-dns-${lower(var.hosted_zone_id)}-${random_string.suffix.result}"
+
+  iam_name = "eks-istio-external-dns-${lower(var.hosted_zone_id)}-${random_string.suffix.result}"
 }
 
+resource "random_string" "suffix" {
+  length  = 6
+  special = false
+  upper   = false
+}
 
 resource "kubernetes_service_account" "this" {
   automount_service_account_token = true
   metadata {
-    name      = "aws-eks-istio-external-dns-${lower(var.hosted_zone_id)}"
+    name      = local.default_name
     namespace = var.k8s_namespace
     labels = {
-      "app.kubernetes.io/name"       = "aws-eks-istio-external-dns-${lower(var.hosted_zone_id)}"
+      "app.kubernetes.io/name"       = local.default_name
       "app.kubernetes.io/managed-by" = "terraform"
     }
   }
 }
 
 resource "kubernetes_cluster_role" "this" {
   metadata {
-    name = "aws-eks-istio-external-dns-${lower(var.hosted_zone_id)}"
+    name = local.default_name
 
     labels = {
-      "app.kubernetes.io/name"       = "aws-eks-istio-external-dns-${lower(var.hosted_zone_id)}"
+      "app.kubernetes.io/name"       = local.default_name
       "app.kubernetes.io/managed-by" = "terraform"
     }
   }
@@ -150,11 +159,11 @@ resource "kubernetes_deployment" "this" {
   depends_on = [kubernetes_cluster_role_binding.this]
 
   metadata {
-    name      = "aws-eks-istio-external-dns-${lower(var.hosted_zone_id)}"
+    name      = local.default_name
     namespace = var.k8s_namespace
 
     labels = {
-      "app.kubernetes.io/name"       = "aws-eks-istio-external-dns-${lower(var.hosted_zone_id)}"
+      "app.kubernetes.io/name"       = local.default_name
       "app.kubernetes.io/version"    = "v${local.external_dns_version}"
       "app.kubernetes.io/managed-by" = "terraform"
     }
@@ -170,7 +179,7 @@ resource "kubernetes_deployment" "this" {
 
     selector {
       match_labels = {
-        "app.kubernetes.io/name" = "aws-eks-istio-external-dns-${lower(var.hosted_zone_id)}"
+        "app.kubernetes.io/name" = local.default_name
       }
     }
 
@@ -182,7 +191,7 @@ resource "kubernetes_deployment" "this" {
       metadata {
         labels = merge(
           {
-            "app.kubernetes.io/name"    = "aws-eks-istio-external-dns-${lower(var.hosted_zone_id)}"
+            "app.kubernetes.io/name"    = local.default_name
             "app.kubernetes.io/version" = local.external_dns_version
           },
           var.k8s_pod_labels
@@ -199,7 +208,7 @@ resource "kubernetes_deployment" "this" {
                   match_expressions {
                     key      = "app.kubernetes.io/name"
                     operator = "In"
-                    values   = ["aws-eks-istio-external-dns-${lower(var.hosted_zone_id)}"]
+                    values   = [local.default_name]
                   }
                 }
                 topology_key = "kubernetes.io/hostname"
@@ -226,6 +235,7 @@ resource "kubernetes_deployment" "this" {
             "--source=istio-gateway",
             "--source=istio-virtualservice",
             "--domain-filter=${var.domain}",
+            "--annotation-filter=${var.annotation_filter}",
             "--provider=aws",
             "--policy=${var.sync_policy}",
             "--aws-zone-type=${var.aws_zone_type}",

variables.tf

@@ -26,6 +26,11 @@ variable "hosted_zone_id" {
   type        = string
 }
 
+variable "annotation_filter" {
+  description = "A label name which determines which resources are targeted by this instance of external-dns, defaults to all sources"
+  type        = string
+  default     = "all sources"
+}
 
 variable "external_dns_version" {
   description = "The AWS External DNS version to use. See https://github.com/kubernetes-sigs/external-dns/releases for available versions"