dns biceps

katherinelc321 · Jan 30, 2025 · 3a71de1 · 3a71de1
1 parent 8d0f6bc
commit 3a71de1
Show file tree

Hide file tree

Showing 3 changed files with 26 additions and 0 deletions.
diff --git a/dev-infrastructure/modules/aks-cluster-base.bicep b/dev-infrastructure/modules/aks-cluster-base.bicep
@@ -608,6 +608,7 @@ resource azuremonitormetrics_dcra_clusterResourceId 'Microsoft.Insights/dataColl
   }
 }
 
+
 // Outputs
 output userAssignedIdentities array = [
   for i in range(0, length(workloadIdentities)): {
@@ -622,3 +623,4 @@ output aksNodeSubnetId string = aksNodeSubnet.id
 output aksOidcIssuerUrl string = aksCluster.properties.oidcIssuerProfile.issuerURL
 output aksClusterName string = aksClusterName
 output aksClusterKeyVaultSecretsProviderPrincipalId string = aksCluster.properties.addonProfiles.azureKeyvaultSecretsProvider.identity.objectId
+output istioIngressGatewayIPAddress string = istioIngressGatewayIPAddress.outputs.ipAddress
diff --git a/dev-infrastructure/modules/network/publicipaddress.bicep b/dev-infrastructure/modules/network/publicipaddress.bicep
@@ -39,3 +39,5 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = i
   properties: roleAssignmentProperties
   scope: publicIPAddress
 }
+
+output ipAddress string = publicIPAddress.properties.ipAddress
diff --git a/dev-infrastructure/templates/svc-cluster.bicep b/dev-infrastructure/templates/svc-cluster.bicep
@@ -187,6 +187,9 @@ resource serviceKeyVault 'Microsoft.KeyVault/vaults@2024-04-01-preview' existing
   scope: resourceGroup(serviceKeyVaultResourceGroup)
 }
 
+@description('The name of the Azure DNS zone for the service')
+param dnsRecordSetName string = 'frontend.${regionalSvcDNSZoneName}'
+
 module svcCluster '../modules/aks-cluster-base.bicep' = {
   name: 'cluster'
   scope: resourceGroup()
@@ -433,3 +436,22 @@ module frontendIngressCertCSIAccess '../modules/keyvault/keyvault-secret-access.
     secretName: frontendIngressCertName
   }
 }
+
+// FRONTEND DNS
+
+resource dnsZone 'Microsoft.Network/dnsZones@2022-09-01' existing = {
+  name: regionalSvcDNSZoneName
+}
+
+resource dnsRecord 'Microsoft.Network/dnsZones/A@2022-09-01' = {
+  name: dnsRecordSetName
+  parent: dnsZone 
+  properties: {
+    TTL: 300
+    ARecords: [
+      {
+        ipv4Address: svcCluster.outputs.istioIngressGatewayIPAddress
+      }
+    ]
+  }
+}