refactor DNS settings (#1077)

* collect dns settings under `dns` in config
* proper name for CX DNS zone `cxParentZoneName` (previously `baseDnsZoneName`)
* regional svc zone

cluster-service/Makefile

@@ -2,7 +2,7 @@
 -include ../helm-cmd.mk
 HELM_CMD ?= helm upgrade --install
 
-ZONE_NAME ?= "${REGIONAL_DNS_SUBDOMAIN}.${BASE_DNS_ZONE_NAME}"
+ZONE_NAME ?= "${REGIONAL_DNS_SUBDOMAIN}.${CX_PARENT_DNS_ZONE_NAME}"
 
 
 deploy:

cluster-service/pipeline.yaml

@@ -48,10 +48,10 @@ resourceGroups:
       value: msiMockCert
     - name: ARM_HELPER_CERT_NAME
       value: armHelperCert
-    - name: BASE_DNS_ZONE_NAME
-      configRef: baseDnsZoneName
+    - name: CX_PARENT_DNS_ZONE_NAME
+      configRef: dns.cxParentZoneName
     - name: REGIONAL_DNS_SUBDOMAIN
-      configRef: regionalDNSSubdomain
+      configRef: dns.regionalSubdomain
     - name: USE_AZURE_DB
       configRef: clusterService.postgres.deploy
     - name: DATABASE_SERVER_NAME

config/config.msft.yaml

@@ -130,8 +130,9 @@ defaults:
     private: false
 
   # DNS
-  baseDnsZoneRG: global-shared-resources
-  regionalDNSSubdomain: '{{ .ctx.region }}'
+  dns:
+    baseDnsZoneRG: global-shared-resources
+    regionalSubdomain: '{{ .ctx.region }}'
 
   # Metrics
   monitoring:
@@ -202,10 +203,11 @@ clouds:
               vmSize: 'Standard_D16s_v3'
               osDiskSizeGB: 128
               azCount: 3
+
           # DNS
-          baseDnsZoneName: aroapp-hcp.azure-test.net
-          regionalDNSSubdomain: '{{ .ctx.region }}'
-          svcParentZoneName: "aro-hcp.azure-test.net"
+          dns:
+            cxParentZoneName: aroapp-hcp.azure-test.net
+            svcParentZoneName: aro-hcp.azure-test.net
 
           # ACR
           svcAcrName: arohcpsvcint

config/config.schema.json

@@ -23,15 +23,33 @@
       "aroDevopsMsiId": {
         "type": "string"
       },
-      "baseDnsZoneName": {
-        "type": "string"
-      },
-      "svcParentZoneName": {
-        "type": "string",
-        "description": "The service cluster component domain name"
-      },
-      "baseDnsZoneRG": {
-        "type": "string"
+      "dns": {
+        "type": "object",
+        "properties": {
+          "baseDnsZoneRG": {
+            "type": "string",
+            "description": "The Azure RG that holds the parent DNS zones"
+          },
+          "cxParentZoneName": {
+            "type": "string",
+            "description": "The parent DNS zone name for regional HCP cluster DNS zones"
+          },
+          "svcParentZoneName": {
+            "type": "string",
+            "description": "The parent DNS zone name for regional ARO-HCP infrastructure, e.g. the RP"
+          },
+          "regionalSubdomain": {
+            "type": "string",
+            "description": "The regional subdomain to be used to construct the regional hcp and svc zones under their respective parents, e.g. regionalSubdomain.svcParentZoneName"
+          }
+        },
+        "additionalProperties": false,
+        "required": [
+          "baseDnsZoneRG",
+          "cxParentZoneName",
+          "svcParentZoneName",
+          "regionalSubdomain"
+        ]
       },
       "clusterService": {
         "type": "object",
@@ -676,9 +694,6 @@
       "regionRG": {
         "type": "string"
       },
-      "regionalDNSSubdomain": {
-        "type": "string"
-      },
       "serviceKeyVault": {
         "type": "object",
         "properties": {
@@ -806,8 +821,6 @@
     "required": [
       "aksName",
       "aroDevopsMsiId",
-      "baseDnsZoneName",
-      "baseDnsZoneRG",
       "clusterService",
       "cxKeyVault",
       "firstPartyAppClientId",
@@ -828,7 +841,6 @@
       "podSubnetPrefix",
       "region",
       "regionRG",
-      "regionalDNSSubdomain",
       "serviceKeyVault",
       "subnetPrefix",
       "svc",

config/config.yaml

@@ -136,16 +136,16 @@ defaults:
     softDelete: true
     private: true
 
-  # DNS
-  baseDnsZoneRG: 'global'
 clouds:
   public:
     # this configuration serves as a template for for all RH DEV subscription deployments
     # the following vars need approprivate overrides:
     defaults:
       # DNS
-      baseDnsZoneName: 'hcp.osadev.cloud'
-      svcParentZoneName: "hcpsvc.osadev.cloud"
+      dns:
+        baseDnsZoneRG: global
+        cxParentZoneName: hcp.osadev.cloud
+        svcParentZoneName: hcpsvc.osadev.cloud
       # 1P app
       firstPartyAppClientId: 57e54810-3138-4f38-bd3b-29cb33f4c358
       # Mock Managed Identities Service Princiapl
@@ -252,7 +252,8 @@ clouds:
               minCount: 2
               maxCount: 12
           # DNS
-          regionalDNSSubdomain: '{{ .ctx.region }}'
+          dns:
+            regionalSubdomain: '{{ .ctx.region }}'
           # Maestro
           maestro:
             server:
@@ -276,7 +277,8 @@ clouds:
               minCount: 2
               maxCount: 12
           # DNS
-          regionalDNSSubdomain: '{{ .ctx.region }}-cs'
+          dns:
+            regionalSubdomain: '{{ .ctx.region }}-cs'
           # Maestro
           maestro:
             restrictIstioIngress: false
@@ -294,7 +296,8 @@ clouds:
             postgres:
               deploy: false
           # DNS
-          regionalDNSSubdomain: '{{ .ctx.regionShort }}'
+          dns:
+            regionalSubdomain: '{{ .ctx.regionShort }}'
           # Maestro
           maestro:
             postgres:

config/public-cloud-cs-pr.json

@@ -7,8 +7,6 @@
   "backend": {
     "imageTag": ""
   },
-  "baseDnsZoneName": "hcp.osadev.cloud",
-  "baseDnsZoneRG": "global",
   "clusterService": {
     "acrRG": "global",
     "azureOperatorsManagedIdentities": {
@@ -45,6 +43,12 @@
     "private": false,
     "softDelete": false
   },
+  "dns": {
+    "baseDnsZoneRG": "global",
+    "cxParentZoneName": "hcp.osadev.cloud",
+    "regionalSubdomain": "westus3-cs",
+    "svcParentZoneName": "hcpsvc.osadev.cloud"
+  },
   "extraVars": {},
   "firstPartyAppClientId": "57e54810-3138-4f38-bd3b-29cb33f4c358",
   "frontend": {
@@ -177,7 +181,6 @@
   "podSubnetPrefix": "10.128.64.0/18",
   "region": "westus3",
   "regionRG": "hcp-underlay-cspr",
-  "regionalDNSSubdomain": "westus3-cs",
   "serviceKeyVault": {
     "name": "aro-hcp-dev-svc-kv",
     "private": false,
@@ -208,6 +211,5 @@
     }
   },
   "svcAcrName": "arohcpsvcdev",
-  "svcParentZoneName": "hcpsvc.osadev.cloud",
   "vnetAddressPrefix": "10.128.0.0/14"
 }

config/public-cloud-dev.json

@@ -7,8 +7,6 @@
   "backend": {
     "imageTag": ""
   },
-  "baseDnsZoneName": "hcp.osadev.cloud",
-  "baseDnsZoneRG": "global",
   "clusterService": {
     "acrRG": "global",
     "azureOperatorsManagedIdentities": {
@@ -45,6 +43,12 @@
     "private": false,
     "softDelete": false
   },
+  "dns": {
+    "baseDnsZoneRG": "global",
+    "cxParentZoneName": "hcp.osadev.cloud",
+    "regionalSubdomain": "westus3",
+    "svcParentZoneName": "hcpsvc.osadev.cloud"
+  },
   "extraVars": {},
   "firstPartyAppClientId": "57e54810-3138-4f38-bd3b-29cb33f4c358",
   "frontend": {
@@ -177,7 +181,6 @@
   "podSubnetPrefix": "10.128.64.0/18",
   "region": "westus3",
   "regionRG": "hcp-underlay-dev",
-  "regionalDNSSubdomain": "westus3",
   "serviceKeyVault": {
     "name": "aro-hcp-dev-svc-kv",
     "private": false,
@@ -208,6 +211,5 @@
     }
   },
   "svcAcrName": "arohcpsvcdev",
-  "svcParentZoneName": "hcpsvc.osadev.cloud",
   "vnetAddressPrefix": "10.128.0.0/14"
 }

config/public-cloud-msft-int.json

@@ -7,8 +7,6 @@
   "backend": {
     "imageTag": "0b3c08f"
   },
-  "baseDnsZoneName": "aroapp-hcp.azure-test.net",
-  "baseDnsZoneRG": "global-shared-resources",
   "clusterService": {
     "acrRG": "global-shared-resources",
     "azureOperatorsManagedIdentities": {
@@ -45,6 +43,12 @@
     "private": false,
     "softDelete": false
   },
+  "dns": {
+    "baseDnsZoneRG": "global-shared-resources",
+    "cxParentZoneName": "aroapp-hcp.azure-test.net",
+    "regionalSubdomain": "westus3",
+    "svcParentZoneName": "aro-hcp.azure-test.net"
+  },
   "extraVars": {},
   "firstPartyAppClientId": "??? the one used by CS to do first party stuff ???",
   "frontend": {
@@ -172,7 +176,6 @@
   "podSubnetPrefix": "10.128.64.0/18",
   "region": "westus3",
   "regionRG": "westus3-shared-resources",
-  "regionalDNSSubdomain": "westus3",
   "serviceKeyVault": {
     "name": "arohcp-svc-int",
     "private": false,
@@ -203,6 +206,5 @@
     }
   },
   "svcAcrName": "arohcpsvcint",
-  "svcParentZoneName": "aro-hcp.azure-test.net",
   "vnetAddressPrefix": "10.128.0.0/14"
 }

config/public-cloud-personal-dev.json

@@ -7,8 +7,6 @@
   "backend": {
     "imageTag": ""
   },
-  "baseDnsZoneName": "hcp.osadev.cloud",
-  "baseDnsZoneRG": "global",
   "clusterService": {
     "acrRG": "global",
     "azureOperatorsManagedIdentities": {
@@ -45,6 +43,12 @@
     "private": false,
     "softDelete": false
   },
+  "dns": {
+    "baseDnsZoneRG": "global",
+    "cxParentZoneName": "hcp.osadev.cloud",
+    "regionalSubdomain": "usw3tst",
+    "svcParentZoneName": "hcpsvc.osadev.cloud"
+  },
   "extraVars": {},
   "firstPartyAppClientId": "57e54810-3138-4f38-bd3b-29cb33f4c358",
   "frontend": {
@@ -177,7 +181,6 @@
   "podSubnetPrefix": "10.128.64.0/18",
   "region": "westus3",
   "regionRG": "hcp-underlay-usw3tst",
-  "regionalDNSSubdomain": "usw3tst",
   "serviceKeyVault": {
     "name": "aro-hcp-dev-svc-kv",
     "private": false,
@@ -208,6 +211,5 @@
     }
   },
   "svcAcrName": "arohcpsvcdev",
-  "svcParentZoneName": "hcpsvc.osadev.cloud",
   "vnetAddressPrefix": "10.128.0.0/14"
 }

dev-infrastructure/configurations/global-infra.tmpl.bicepparam

@@ -1,5 +1,5 @@
 using '../templates/global-infra.bicep'
 
 param globalMSIName = '{{ .global.globalMSIName }}'
-param cxParentZoneName = '{{ .baseDnsZoneName }}'
-param svcParentZoneName = '{{ .svcParentZoneName }}'
+param cxParentZoneName = '{{ .dns.cxParentZoneName }}'
+param svcParentZoneName = '{{ .dns.svcParentZoneName }}'

dev-infrastructure/configurations/region.tmpl.bicepparam

@@ -10,9 +10,10 @@ param ocpAcrName = '{{ .ocpAcrName }}'
 param svcAcrName = '{{ .svcAcrName }}'
 
 // dns
-param baseDNSZoneName = '{{ .baseDnsZoneName }}'
-param baseDNSZoneResourceGroup = '{{ .baseDnsZoneRG }}'
-param regionalDNSSubdomain = '{{ .regionalDNSSubdomain }}'
+param cxBaseDNSZoneName = '{{ .dns.cxParentZoneName }}'
+param svcBaseDNSZoneName = '{{ .dns.svcParentZoneName }}'
+param baseDNSZoneResourceGroup = '{{ .dns.baseDnsZoneRG }}'
+param regionalDNSSubdomain = '{{ .dns.regionalSubdomain }}'
 
 // maestro
 param maestroEventGridNamespacesName = '{{ .maestro.eventGrid.name }}'

dev-infrastructure/configurations/svc-cluster.tmpl.bicepparam

@@ -49,7 +49,7 @@ param useCustomACRTokenManagementRole = {{ .global.manageTokenCustomRole }}
 param oidcStorageAccountName = '{{ .oidcStorageAccountName }}'
 param aroDevopsMsiId = '{{ .aroDevopsMsiId }}'
 
-param regionalDNSZoneName = '{{ .regionalDNSSubdomain}}.{{ .baseDnsZoneName }}'
+param regionalCXDNSZoneName = '{{ .dns.regionalSubdomain }}.{{ .dns.cxParentZoneName }}'
 
 param regionalResourceGroup = '{{ .regionRG }}'
 

dev-infrastructure/configurations/svc-infra.tmpl.bicepparam

@@ -7,7 +7,7 @@ param serviceKeyVaultLocation = '{{ .serviceKeyVault.region }}'
 param serviceKeyVaultSoftDelete = {{ .serviceKeyVault.softDelete }}
 param serviceKeyVaultPrivate = {{ .serviceKeyVault.private }}
 
-param regionalDNSZoneName = '{{ .regionalDNSSubdomain}}.{{ .svcParentZoneName }}'
+param regionalSvcDNSZoneName = '{{ .dns.regionalSubdomain }}.{{ .dns.svcParentZoneName }}'
 
 
 // MI for deployment scripts

dev-infrastructure/docs/development-setup.md

@@ -120,11 +120,13 @@ defaults: (1)
 clouds:
   public: (2)
     defaults: (3)
-      baseDnsZoneName: "arohcp.azure.com"
+      dns:
+        cxParentZoneName: "arohcp.azure.com"
     environments:
       personal-dev: (4)
         defaults:
-          baseDnsZoneName: "hcp.osadev.cloud" (5)
+          dns:
+            cxParentZoneName: "hcp.osadev.cloud" (5)
       production:
         defaults:
         regions: