define frontend dns record

Signed-off-by: Gerd Oberlechner <goberlec@redhat.com>
Azure · Feb 27, 2025 · d849641 · d849641
1 parent 5fac7e9
commit d849641
Show file tree

Hide file tree

Showing 4 changed files with 41 additions and 3 deletions.
diff --git a/dev-infrastructure/modules/aks-cluster-base.bicep b/dev-infrastructure/modules/aks-cluster-base.bicep
@@ -691,3 +691,4 @@ output aksNodeSubnetId string = aksNodeSubnet.id
 output aksOidcIssuerUrl string = aksCluster.properties.oidcIssuerProfile.issuerURL
 output aksClusterName string = aksClusterName
 output aksClusterKeyVaultSecretsProviderPrincipalId string = aksCluster.properties.addonProfiles.azureKeyvaultSecretsProvider.identity.objectId
+output istioIngressGatewayIPAddress string = istioIngressGatewayIPAddress.outputs.ipAddress
diff --git a/dev-infrastructure/modules/dns/a-record.bicep b/dev-infrastructure/modules/dns/a-record.bicep
@@ -0,0 +1,21 @@
+param zoneName string
+param recordName string
+param ipAddress string
+param ttl int
+
+resource dnsZone 'Microsoft.Network/dnsZones@2018-05-01' existing = {
+  name: zoneName
+}
+
+resource frontendDNSRecord 'Microsoft.Network/dnsZones/A@2023-07-01-preview' = {
+  name: recordName
+  parent: dnsZone
+  properties: {
+    TTL: ttl
+    ARecords: [
+      {
+        ipv4Address: ipAddress
+      }
+    ]
+  }
+}
diff --git a/dev-infrastructure/modules/network/publicipaddress.bicep b/dev-infrastructure/modules/network/publicipaddress.bicep
@@ -39,3 +39,5 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = i
   properties: roleAssignmentProperties
   scope: publicIPAddress
 }
+
+output ipAddress string = publicIPAddress.properties.ipAddress
diff --git a/dev-infrastructure/templates/svc-cluster.bicep b/dev-infrastructure/templates/svc-cluster.bicep
@@ -450,19 +450,22 @@ module eventGrindPrivateEndpoint '../modules/private-endpoint.bicep' = {
 }
 
 //
-//   F R O N T E N D   C E R T I F I C A T E
+//   F R O N T E N D
 //
 
+var frontendDnsName = 'frontend'
+var frontendDnsFQDN = '${frontendDnsName}.${regionalSvcDNSZoneName}'
+
 module frontendIngressCert '../modules/keyvault/key-vault-cert.bicep' = {
   name: 'frontend-cert-${uniqueString(resourceGroup().name)}'
   scope: resourceGroup(serviceKeyVaultResourceGroup)
   params: {
     keyVaultName: serviceKeyVaultName
-    subjectName: 'CN=frontend.${regionalSvcDNSZoneName}'
+    subjectName: 'CN=${frontendDnsFQDN}'
     certName: frontendIngressCertName
     keyVaultManagedIdentityId: aroDevopsMsiId
     dnsNames: [
-      'frontend.${regionalSvcDNSZoneName}'
+      frontendDnsFQDN
     ]
     issuerName: frontendIngressCertIssuer
   }
@@ -478,3 +481,14 @@ module frontendIngressCertCSIAccess '../modules/keyvault/keyvault-secret-access.
     secretName: frontendIngressCertName
   }
 }
+
+module frontendDNS '../modules/dns/a-record.bicep' = {
+  name: 'frontend-dns'
+  scope: resourceGroup(regionalResourceGroup)
+  params: {
+    zoneName: regionalSvcDNSZoneName
+    recordName: frontendDnsName
+    ipAddress: svcCluster.outputs.istioIngressGatewayIPAddress
+    ttl: 300
+  }
+}